Solved Trying to clear out remnants of XP *** 2012 infection

rubydreamer

Posts: 41   +0
About a month ago, I somehow managed to get both the Antivirus AND Internet Security infections. At that time I had AVG.

I spent about a week or so getting rid of those issues with help given to others and my system was working well enough except for some minor annoying issues.

Occasionally, Firefox would pop up this unwanted spam page in a new tab, which was always one of a small set of URLs (obviously crap I didn't want that would likely lead to infections)

After getting rid of those two nasties I upped my defenses with Process Guard, PrivateFirewall and ThreatFire. Spyboy SD and MBAM were both showing nothing.

However, in looking to find the root of these continuing annoyances I stumbled upon several things over the next few weeks.

1. Ports 34354 and 18504 open via svchost (and nothing to explain why)
2. Occasionally a tiny rogue setup.exe being launched by svchost from a random temp directory. (I managed to snatch one before it was summarily deleted by itself)
3. Random reboots (usually late at night)
4. the application or dll 80000032.@ is not a valid windows image please check this against your installation. Messages (after I did a scandisk including a surface scan from a clean boot environment. Thank you HIREN boot CD)



Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.11.04

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
HP_Administrator :: ELENGIL [administrator]

2/11/2012 10:29:32 AM
mbam-log-2012-02-11 (10-29-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 260106
Time elapsed: 34 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\WINDOWS\system32\rtl8185.dll (RootKit.0Access.H) -> Delete on reboot.

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NETWORKLOG (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\NetworkLog|ImagePath (Trojan.Downloader) -> Data: C:\WINDOWS\svcs.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 48
C:\WINDOWS\system32\rtl8185.dll (RootKit.0Access.H) -> Delete on reboot.
C:\WINDOWS\system32\alcxsens.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\apphostsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ASLDRService.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avgarcln.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\axinstsv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DELTA.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ec2007service.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eectrl.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\epsonstatusagent2.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fsma.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Hardlock.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hidusb.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\icepack.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iPassP.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbdclass.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcafeeantispyware.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcvsrte.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetMsmqActivator.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NICSer_WPC54G.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmindexingservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NWSNS.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pavatscheduler.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\s716mgmt.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serenum.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\server.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\siswlsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssmdrv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ss_bus.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\StkScan.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\symdns.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tangoservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdimsys.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\transbaseservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tvichw32.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wencrservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wg3n.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WIBUKEY.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winachsf.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GENERICDRV.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lcs.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rpcnet.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zpjobq.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_NWFILTER.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\X10UIF.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prfldsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lvuvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\magictuneengine.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-11 16:19:54
Windows 5.1.2600 Service Pack 2 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-e ST3320833AS rev.3.AHH
Running: 9kovs3ji.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kxldapog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_30
Run by HP_Administrator at 16:22:17 on 2012-02-11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.1923 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Privatefirewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\arservice.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
C:\Program Files\ThreatFire\TFService.exe
c:\Program Files\tbh\base\bin\tbhDaemon.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
C:\Program Files\ProcessGuard\pgaccount.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Vtune\TBPanel.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\ProcessGuard\procguard.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\SplitCam\SplitCam.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Internet\BitComet\BitComet.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\FreeCommander\FreeCommander.exe
C:\Program Files\Internet\Mozilla Firefox 3\firefox.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.atcomet.com/b/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
{1e7837cb-ad5f-48be-b10e-b617da4d3343}
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\internet\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - hpWebHelper Class
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{fbd95266-b665-4e3e-aba8-ea06b7dea609}
TB: NetXfer: {c16cbaac-a75c-4db5-a0dd-cdf5cafcdd3a} - c:\program files\internet\netxfer\NXToolBar.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [TBPanel] c:\program files\vtune\TBPanel.exe /A
uRun: [SuperCopier2.exe] c:\program files\supercopier2\SuperCopier2.exe
uRun: [!1_ProcessGuard_Startup] "c:\program files\processguard\procguard.exe" -minimize
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DriverMax] "c:\program files\innovative solutions\drivermax\drivermax.exe" -agent
uRun: [DriverMax_RESTART] "c:\program files\innovative solutions\drivermax\drivermax.exe" -RESTART
uRun: [SplitCam] c:\program files\splitcam\SplitCam.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [Six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -b
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Privatefirewall] c:\program files\privacyware\privatefirewall 7.0\PFGUI.exe
mRun: [!1_pgaccount] "c:\program files\processguard\pgaccount.exe"
mRun: [StartupDelayer] "c:\program files\startup delayer\Startup Launcher GUI.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
mPolicies-explorer: NoStartMenuMorePrograms = 1 (0x1)
IE: &D&ownload &with BitComet - c:\program files\internet\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\internet\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download all by NetXfer - c:\program files\internet\netxfer\NXAddList.html
IE: Download by NetXfer - c:\program files\internet\netxfer\NXAddLink.html
IE: Free YouTube Download - c:\documents and settings\hp_administrator\application data\dvdvideosoftiehelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\hp_administrator\application data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\internet\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {A3A0268C-3146-431d-84EE-2789B750ABD2} - {4E2E9E0B-6C23-45e9-A8A3-6A5581779451} - c:\program files\bubbles\BubblesHBO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: trymedia.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1287561639000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1594FE92-FEC5-43E7-902C-E92A362EBDCF} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{9B743EA3-719A-4C2C-A274-07437BDFF65F} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {AC519E4E-EDF0-48C7-8ADA-2A4A5B1C81C9} - No File
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\wvUOebBS
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\o17z89r9.firefox3\
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\o17z89r9.firefox3\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\o17z89r9.firefox3\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension3.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\internet\mozilla firefox 3\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\o17z89r9.firefox3\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\internet\mozilla firefox 3\plugins\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\internet\mozilla firefox 3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\internet\mozilla firefox 3\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\internet\mozilla firefox 3\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\internet\mozilla firefox 3\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Link Alert: linkalert.conlan@addons.mozilla.com - %profile%\extensions\linkalert.conlan@addons.mozilla.com
FF - Ext: VacuumPlaces Extension: VacuumPlaces@revertron.com - %profile%\extensions\VacuumPlaces@revertron.com
FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
FF - Ext: Clear Cache Button: {563e4790-7e70-11da-a72b-0800200c9a66} - %profile%\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
FF - Ext: Walnut for Firefox: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} - %profile%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Ext: View Cookies: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21} - %profile%\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
FF - Ext: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
FF - Ext: AvantGarde Rosepetal: {9f94fab0-58a2-11dd-ae16-0800200c9a66} - %profile%\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Lazarus: Form Recovery: lazarus@interclue.com - %profile%\extensions\lazarus@interclue.com
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Show my Password: {cd617372-6743-4ee4-bac4-fbf60f35719e} - %profile%\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: Better Facebook!: betterfacebook@mattkruse.com - %profile%\extensions\betterfacebook@mattkruse.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: XULRunner: {2AD94B75-6B3B-4902-885C-DF4193ED7271} - c:\documents and settings\hp_administrator\local settings\application data\{2AD94B75-6B3B-4902-885C-DF4193ED7271}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-6-30 64512]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-2-4 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-2-4 69392]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-1-24 242240]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-4-22 123856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-4-22 41680]
R2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\lsoft technologies inc\active@ hard disk monitor\DiskMonitorService.exe [2009-10-24 1127944]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-9 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2011-1-19 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2011-1-19 49152]
R2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [2010-10-31 16976]
R2 DCSPGSRV;DiamondCS Process Guard Service v3.000;c:\program files\processguard\DCSUserProt.exe [2011-12-20 69632]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\logitech\solarapp\L4301_Solar.exe [2010-10-26 319568]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-7-16 12184]
R2 PFNet;Privacyware network service;c:\program files\privacyware\privatefirewall 7.0\pfsvc.exe [2011-10-21 379328]
R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [2011-12-20 24911]
R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [2010-12-5 354176]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\SXUPTP.SYS [2011-1-19 16976]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2010-1-24 70952]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-1-22 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-1-22 139648]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2012-1-21 100456]
R3 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2011-12-18 130360]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-2-4 33552]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-12-3 2127728]
S0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [2009-10-5 3712]
S1 PDIDRV;PDIDRV; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-29 136176]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 NFService;Fastream IQ Web/FTP Server;c:\progra~1\fastre~2\iqwebftpserverengine.exe --> c:\progra~1\fastre~2\IQWebFTPServerEngine.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-8-19 30312]
S3 cpuz135;cpuz135;\??\c:\docume~1\hp_adm~1\locals~1\temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\hp_adm~1\locals~1\temp\cpuz135\cpuz135_x32.sys [?]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-29 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-7-17 24576]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-6-20 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-6-20 15232]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-4-30 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-4-30 12184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-28 42512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 npkycryp;npkycryp; [x]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2011-8-4 86016]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2011-1-19 590080]
S3 SjyPkt;SjyPkt; [x]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-8-19 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\SSADMDFL.SYS [2011-8-19 16976]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\SSADMDM.SYS [2011-8-19 16976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [2006-11-11 805808]
S4 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
.
=============== Created Last 30 ================
.
2012-02-11 21:14:13 54016 ----a-w- c:\windows\system32\drivers\icdvgd.sys
2012-02-09 11:22:28 -------- d-sh--w- C:\found.001
2012-02-07 21:24:12 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-04 21:25:16 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
2012-02-04 21:25:02 -------- d-----w- c:\program files\Security Task Manager
2012-02-04 20:16:59 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2012-02-04 20:16:59 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2012-02-04 20:16:59 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2012-02-04 20:16:56 -------- d-----w- c:\program files\ThreatFire
2012-02-04 20:16:56 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-02-02 17:40:07 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
2012-01-29 20:26:24 -------- d-----w- c:\program files\Argente - Uninstall Manager
2012-01-24 22:39:41 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-24 22:38:05 -------- d-----w- c:\documents and settings\hp_administrator\application data\DAEMON Tools Lite
2012-01-24 22:22:37 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
2012-01-21 06:49:18 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-01-21 06:49:02 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2012-01-21 06:49:02 48640 ----a-w- c:\windows\system32\drivers\stream.sys
2012-01-21 06:49:02 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2012-01-21 06:49:02 140928 ----a-w- c:\windows\system32\drivers\ks.sys
2012-01-21 06:49:02 100456 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2012-01-21 06:49:01 4096 ----a-w- c:\windows\system32\ksuser.dll
2012-01-21 06:49:01 23552 ----a-w- c:\windows\system32\wdmaud.drv
2012-01-21 06:49:00 136960 ----a-w- c:\windows\system32\drivers\portcls.sys
2012-01-21 06:49:00 130048 ----a-w- c:\windows\system32\ksproxy.ax
.
==================== Find3M ====================
.
2012-01-27 03:13:01 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-01-27 03:13:01 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-01-26 17:33:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-31 07:33:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-31 07:33:28 472808 ----a-w- c:\windows\system32\REN196.tmp
2011-12-27 08:00:02 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-12-23 23:10:36 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-12-23 20:52:17 16976 ----a-w- c:\windows\system32\drivers\SXUPTP.SYS
2011-12-23 20:52:17 16976 ----a-w- c:\windows\system32\drivers\SSADMDM.SYS
2011-12-23 20:52:17 16976 ----a-w- c:\windows\system32\drivers\SSADMDFL.SYS
2011-12-23 20:52:17 16976 ----a-w- c:\windows\system32\drivers\BT848.SYS
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-14 20:01:50 1618432 ----a-w- c:\program files\Default Programs Editor.exe
2006-05-03 09:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
============= FINISH: 16:25:19.26 ===============
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

I still need Attach.txt part of DDS.

Then....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===========================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 11/5/2006 9:04:38 PM
System Uptime: 2/11/2012 3:01:39 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A77T/USB3
Processor: AMD Phenom(tm) II X6 1055T Processor | AM3 | 2812/200mhz
Processor: AMD Phenom(tm) II X6 1055T Processor | AM3 | 2812/200mhz
Processor: AMD Phenom(tm) II X6 1055T Processor | AM3 | 2812/200mhz
Processor: AMD Phenom(tm) II X6 1055T Processor | AM3 | 2812/200mhz
Processor: AMD Phenom(tm) II X6 1055T Processor | AM3 | 2812/200mhz
Processor: AMD Phenom(tm) II X6 1055T Processor | AM3 | 2812/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 41.936 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.606 GiB free.
E: is FIXED (NTFS) - 293 GiB total, 291.945 GiB free.
F: is CDROM (CDFS)
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 639 GiB total, 352.655 GiB free.
K: is FIXED (NTFS) - 116 GiB total, 23.112 GiB free.
L: is Removable
M: is CDROM (CDFS)
P: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Virtual Machine Network Services Driver
Device ID: ROOT\CNTX_VPCNETS2_MP\0001
Manufacturer: Microsoft
Name: Virtual Machine Network Services Driver #2
PNP Device ID: ROOT\CNTX_VPCNETS2_MP\0001
Service: VPCNetS2
.
==== System Restore Points ===================
.
RP437: 12/19/2011 8:00:09 PM - Ad-Aware Checkpoint
RP438: 12/21/2011 6:26:33 AM - System Checkpoint
RP439: 12/22/2011 8:21:05 AM - System Checkpoint
RP440: 12/24/2011 6:27:30 AM - System Checkpoint
RP441: 12/26/2011 3:20:30 PM - System Checkpoint
RP442: 12/27/2011 4:02:30 PM - System Checkpoint
RP443: 12/30/2011 4:00:37 AM - System Checkpoint
RP444: 12/31/2011 2:31:16 AM - Removed Java(TM) 6 Update 20
RP445: 12/31/2011 2:32:16 AM - Installed Java(TM) 6 Update 30
RP446: 1/1/2012 9:54:06 AM - System Checkpoint
RP447: 1/2/2012 12:36:04 PM - System Checkpoint
RP448: 1/4/2012 3:49:49 AM - System Checkpoint
RP449: 1/5/2012 9:43:15 AM - System Checkpoint
RP450: 1/6/2012 10:40:56 AM - System Checkpoint
RP451: 1/7/2012 11:28:36 AM - System Checkpoint
RP452: 1/8/2012 12:22:17 PM - System Checkpoint
RP453: 1/9/2012 3:30:37 PM - System Checkpoint
RP454: 1/10/2012 4:09:30 PM - System Checkpoint
RP455: 1/11/2012 4:44:10 PM - System Checkpoint
RP456: 1/12/2012 6:11:10 PM - System Checkpoint
RP457: 1/14/2012 12:42:53 AM - System Checkpoint
RP458: 1/15/2012 2:11:43 AM - System Checkpoint
RP459: 1/16/2012 5:06:34 PM - System Checkpoint
RP460: 1/21/2012 1:48:39 AM - DMX_DriverMax Driver Installation
RP461: 1/22/2012 2:07:09 AM - System Checkpoint
RP462: 1/23/2012 2:14:09 AM - System Checkpoint
RP463: 1/24/2012 3:24:18 AM - System Checkpoint
RP464: 1/27/2012 11:10:03 AM - System Checkpoint
RP465: 1/29/2012 12:31:44 AM - System Checkpoint
RP466: 1/31/2012 4:07:39 AM - System Checkpoint
RP467: 2/2/2012 11:32:36 PM - System Checkpoint
RP468: 2/11/2012 4:02:50 PM - System Checkpoint
.
==== Installed Programs ======================
.
.sol Editor 1.1.0.1
1st AutoRun Express 2.0 (Free)
7-Zip 4.42
Active@ Hard Disk Monitor
Ad-Aware
AddOn Studio for World of Warcraft
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 7.1.0
Adobe Shockwave Player 11.5
Agree Free MP3 to M4A AAC Converter 5.0
Aion
Akamai NetSession Interface
Akamai NetSession Interface Service
AMD Processor Driver
AMIP for foobar2000 (remove only)
AnswerBook 2.x
Any FLV Player 2.0.0
AoA Audio Extractor
AptDiff 1.3.0
Aquaria
Argente - Uninstall Manager 2.5.0.7
Aspell English Dictionary-0.50-2
Astral Masters
Asus 802.11n Network Adapter
ATT 1.4 Engine Only (no voices)
Auslogics Disk Defrag
AusLogics Registry Defrag
AutoHotkey 1.0.48.05
AVG 2011
Avi2Dvd 0.4.4 beta
Avid Free DV
Avidemux 2.5 (32-bit)
AviSynth 2.5
AviTricks Classic version 1.65
AVS Audio Converter version 6.2
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
Barnes & Noble Desktop Reader
Battle for Wesnoth 1.8.4
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center
Beneton Movie GIF 1.1.2
BitComet 1.29
BoBaFeTT Diablo Trainer
BOINC
Browser Highlighter - Firefox
Bubbles
BufferChm
Build Your Own Net Dream (remove only)
calibre
Canon MF5550/MF5530 Printers
CanoScan LiDE 600F
CCleaner
CDex extraction audio
Cerberus FTP Server
Cheat Engine 5.3
Cheat Engine 5.5
CIS Smart CD-Menu Creator
ClipMagic 3.2.3
CNET TechTracker
CombiMovie Version 1.31
CometBird 9.0.1 (x86 en-US)
Consolas Font Family
Constellation
Course Vector .minerva
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Creeper World DEMO
Creeper World Map Editor
CueTour
Curse Client
Customer Experience Enhancement
Cute Knight
CutePDF Writer 2.8
DAEMON Tools Lite
Data Fax SoftModem with SmartCP
Deadlock
Deliverance-Online
Desktop Netstat 1.3a
Destinations
DeviceManagementQFolder
deXter's Sakray Updater
Diablo
DiamondCS ProcessGuard v3.150
DirectVobSub (remove only)
DISCover
Disney Pirates of the Caribbean Online
Divinity II - DKS
doPDF 7.2 printer
DoremiSoft AVI to MP4 Converter 1.0
Driver Detective
DriverGuide DriverScan
DriverMax 6
Dropbox
DTweak
DU Meter
Dungeon Siege 2
Dungeon Siege II Tool Kit 1.0
DVD-lab PRO 2.2
DVD Decrypter (Remove Only)
DVD2AVI Ripper v2.7.0.35
DVDx
EA Download Manager
EasyBits GO
eMpTy-V-loader version 2.2
Enhanced Multimedia Keyboard Solution
Envelop
EPU-4 Engine
eReg
ESET Online Scanner v3
EssenceRO 2.0
EvilLyrics
Evrsoft First Page 2006
Extension Changer
Eyeball Chat 2.2
F.lux
FaceFilter Studio 2 Trial Edition
Fake Webcam 6.1.3
Fallout 3
FAST Defrag Freeware 2.3
Fastream IQ Web/FTP Server Engine
Fastream IQ Web/FTP Server GUI
File Splitter and Joiner (FFSJ v3.1)
FileHippo.com Update Checker
FileMenu Tools
FileZilla (remove only)
FileZilla Server (remove only)
FinalBurner Free v1.10.0.73
FLAC 1.2.1b (remove only)
FlashDigger Plus
Flv Audio Extractor 1.04
Flv Audio Video Extractor 2.0
FLV Player 1.3.3
foobar2000 v0.9.4.2
foobar2000 v1.0
Fortop SWF Resources Extractor 1.2
FoxyTunes for Firefox
Free Mouse Auto Clicker 2.8.2
Free Music Zilla
Free Studio version 4.8
Free WMV to AVI MPEG Converter v1.2
Freeciv 2.3.0 (GTK+ client)
FreeOrion 0.3.17
FreeSpace 2
FreeUndelete
FS2 OPEN SCP
FullDPAppQFolder
Futuremark SystemInfo
G-Force
Geeks3D.com FurMark 1.9.1
Gem Shop Deluxe
GemMaster Mystic
GNU Aspell 0.50-3
Google Chrome
Google Desktop
Google Talk (remove only)
Google Update Helper
Google Web Accelerator
GrabIt 1.6.2 Beta (build 940)
Grand Fantasia
GTK+ 2.8.18 runtime environment
GTK+ Runtime 2.14.7 rev a (remove only)
GX::Transcoder.net
HashCalc 2.02
Hauppauge WinTV NT4/Win2000 Drivers
Hauppauge WinTV2000
HDD Observer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hirc
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2008 Shell (isolated mode) - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2008 Shell (isolated mode) - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2008 Shell (isolated mode) - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2008 Shell (isolated mode) - ENU (KB946581)
Hotfix for Microsoft Visual Studio 2008 Shell (isolated mode) - ENU (KB947173)
Hotfix for Microsoft Visual Studio 2008 Shell (isolated mode) - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2008 Shell (isolated mode) - ENU (KB947789)
Hotfix for Office (KB950278)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Hotkeycontrol XP 4.2.1
HP Boot Optimizer
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Update
HP Web Helper
HPI Replace
HPPhotoSmartExpress
HpSdpAppCoreApp
HSLAB Force Down Lite
HTC Driver Installer
HTC Sync
ICQ6
Impossible Creatures
InstantShareDevices
ISO Recorder
IZArc 4.1
J2SE Runtime Environment 5.0 Update 6
Jasc Animation Shop 3
Java Auto Updater
Java(TM) 6 Update 30
K-Lite Codec Pack 6.3.0 (Full)
KaraFun 1.01a
Karaoke Anything!
KC Softwares VideoInspector
LaceLevel2 GDS plugin
Last.fm 1.4.2.58376
LibreOffice 3.3
LightScribe Diagnostic Utility
LightScribe System Software
LimitRO Small Client Installer v20090805
Logitech SetPoint 6.30
Logitech Solar App 1.0
Logitech Webcam Software
Logitech Webcam Software Driver Package
Loquendo TTS: Amalia (Portuguese)
Loquendo TTS: Dave (American English)
Loquendo TTS: Elizabeth (British English)
Loquendo TTS: Juliette (French)
Loquendo TTS: Simon (British English)
Loquendo TTS: Susan (American English)
Lost Empire - Immortals
Magic ISO Maker v5.3 (build 0221)
MagicDisc 2.5.74
Malwarebytes Anti-Malware version 1.60.1.1000
Maniac Mansion Deluxe
MapleStory
MechWars
MediaJoin
Meebo Notifier
Mega Manager
MegaTrainer eXperience V1.0.4.7
Metal Assault
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Away Mode
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Money 2006
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2008 Management Objects
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio Shell 2008 Service Pack 1 - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Works
Microsoft WorldWide Telescope
Microsoft XNA Framework Redistributable 1.0 Refresh
Microsoft XNA Framework Redistributable 4.0
Minecraft crafting guide version 1.7
mIRC
Mmm
MobiOne 1.0 Milestone-6
MobMap 3.43
Movies
Mozilla Firefox (2.0.0.16)
Mozilla Firefox (3.5.5)
Mozilla Thunderbird (1.5.0.12)
Mp3 Tag Tools v1.2
Mp3Decode
MSD Organizer Freeware 8.30
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MUSHclient (remove only)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
My HP Games
MyMouse 4.3
MySQL Server 5.0
NCsoft Launcher
NEC Electronics USB 3.0 Host Controller Driver
Netscape Browser (remove only)
NetStorm Islands at War
Network Measurement Agent
NetXfer 2.02.307
NewsProxy
Nexon Game Manager
NextUp-Acapela Brightspeech Heather22 US English Voice
No-IP.com DUC (remove only)
NoteWorthy Composer
Npust text editor -- bulk eMail address Creator 1.0
NTFS Undelete 3.0.2.830
NVIDIA Control Panel 266.58
NVIDIA Drivers
NVIDIA Graphics Driver 266.58
NVIDIA HD Audio Driver 1.1.13.1
NVIDIA Install Application
NVIDIA nView 135.50
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
ooVoo
OpenAL
OptionalContentQFolder
Orbit Downloader
Otto
Paint Shop Pro 7 Evaluation
Painter
PaltalkScene
Pan
Pan 0.14.2
Pando Media Booster
Panopreter
PartitionMagic
PatchWise Free 3.29
Pax Imperia
PC-Doctor 5 for Windows
PC Fixer
PC Pitstop DiskMD 3
PC Pitstop Optimize 1.5
PC Pitstop Optimize3 3.0
PeerGuardian 2.0
PhotoGallery
Pidgin
PopBit Video to MP3 Converter Free 1.6.1
Potaro 1.1.0.9 Beta
Power CD+G Burner
PowerQuest PartitionMagic 8.0
Privatefirewall 7.0
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Python 2.5
Quicken 2006
QuickPar 0.9
RadarSync
RAGNAROK BATTLE OFFLINE 1.0
RandMap
Rappelz_US
RBO Extra Scenario Vol.1
RBO Extra Scenario Vol.2
RBO Extra Scenario Vol.3
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Registry Mechanic 8.0
RegScrubXP 3.25
Remove WeatherBug Installer
Replay Media Catcher 3.02
RIFT
Robokill 2 - Leviathan Five
RoE Time v0.2
RoughDraft 3.0
Rubies of Eventide
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
SAPI51forSayPad
SayPad
Scan2PDF 1.6
SeaMonkey (2.0.4)
Security Task Manager 1.8d
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
SimCity 2000® Special Edition
Simple Sudoku 4.2
SimpleOCR 3.1
Singles
SIW version 2011.10.29
SkinsHP1
Skype™ 5.5
SlideShow
SlideShowMusic
Smart Defrag
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Sothink SWF Quicker
SoulMaster
SoundTap Streaming Audio Recorder
SpeedFan (remove only)
Split and Tile Trial
SplitCam
SPORE™
Spotmau 5.1.1.4846
Spring 0.79.1.2
Spybot - Search & Destroy
SQL Server System CLR Types
StarCraft Fusion
Stellar Frontier
StreamTransport version: 1.0.2.2171
Subtitle Workshop 2.51
Sun VirtualBox
SUPER © Version 2010.bld.38 (May 2, 2010)
SuperCopier2
Swiff Player 1.1
Switch Sound File Converter
System Requirements Lab
System Requirements Lab BETA
System Requirements Lab CYRI
TA Conflict Crusher
TeamSpeak 2 RC2
Terrafirma
The Babylon Project v3.4b
ThreatExpert Memory Scanner 1.0
ThreatFire
thriXXX 3DSexVilla2-058.002
thriXXX WebLaunch
TMPGEnc 3.0 XPress
TomTom HOME
Torchlight
TortoiseSVN 1.4.0.7501 (32 bit)
Tower of the Sorcerer Ver1.2
UBCD4Win 3.50
UFO Extraterrestrials
UltimateDefrag V1 FREE Public Domain Version
Unified Remote
Uninstall 1.0.0.1
Unity Web Player
Universal Extractor 1.5
Unload
UnrealIRCd3.2.8.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Office 2007 (KB946691)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
Utherverse 3D Client
v1.20
VDMSound
Ventrilo Client
Verbose Uninstall
Verizon Wireless Software Utility Application for Android - Samsung
Video Mover
VideoMach 5.0.0
Virtools 3D Life Player
Virtual Villagers (remove only)
VisualSubSync (remove only)
VLC media player 1.1.5
Vtune 7.13
Warcraft II BNE
WavePad Uninstall
WBFS Manager 3.0
WebFldrs XP
Wild Tangent - Fate
WinCleaner Memory Optimizer Version 5.2
Windows Defender
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Live Sync
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
WinPcap 4.0.1
World of Warcraft
WoW Realm Launcher
WoW UI Designer
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.3 final uninstall
Yahoo! Messenger
Yawcam 0.3.3
YouTube Downloader 2.5.3
.
==== Event Viewer Messages From Past Week ========
.
2/9/2012 3:00:11 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'ProcCache.sbc' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.
2/9/2012 2:58:52 AM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
2/8/2012 9:30:00 AM, error: Schedule [7901] - The At20.job command failed to start due to the following error: General access denied error
2/8/2012 9:30:00 AM, error: Schedule [7901] - The At19.job command failed to start due to the following error: General access denied error
2/8/2012 8:30:00 AM, error: Schedule [7901] - The At18.job command failed to start due to the following error: General access denied error
2/8/2012 8:30:00 AM, error: Schedule [7901] - The At17.job command failed to start due to the following error: General access denied error
2/8/2012 7:30:00 AM, error: Schedule [7901] - The At16.job command failed to start due to the following error: General access denied error
2/8/2012 7:30:00 AM, error: Schedule [7901] - The At15.job command failed to start due to the following error: General access denied error
2/8/2012 6:30:00 AM, error: Schedule [7901] - The At14.job command failed to start due to the following error: General access denied error
2/8/2012 6:30:00 AM, error: Schedule [7901] - The At13.job command failed to start due to the following error: General access denied error
2/8/2012 5:30:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: General access denied error
2/8/2012 5:30:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: General access denied error
2/8/2012 4:30:00 PM, error: Schedule [7901] - The At33.job command failed to start due to the following error: General access denied error
2/8/2012 4:30:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: General access denied error
2/8/2012 4:30:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: General access denied error
2/8/2012 3:49:01 PM, error: Service Control Manager [7000] - The Media Center Scheduler Service service failed to start due to the following error: The handle is invalid.
2/8/2012 3:49:01 PM, error: DCOM [10005] - DCOM got error "%6" attempting to start the service ehSched with arguments "-Service" in order to run the server: {4B635ECB-0887-4015-8CA6-D621362F98D1}
2/8/2012 3:30:00 PM, error: Schedule [7901] - The At32.job command failed to start due to the following error: General access denied error
2/8/2012 3:30:00 PM, error: Schedule [7901] - The At31.job command failed to start due to the following error: General access denied error
2/8/2012 3:30:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: General access denied error
2/8/2012 3:30:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: General access denied error
2/8/2012 2:30:00 PM, error: Schedule [7901] - The At30.job command failed to start due to the following error: General access denied error
2/8/2012 2:30:00 PM, error: Schedule [7901] - The At29.job command failed to start due to the following error: General access denied error
2/8/2012 2:30:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: General access denied error
2/8/2012 2:30:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: General access denied error
2/8/2012 12:30:00 PM, error: Schedule [7901] - The At26.job command failed to start due to the following error: General access denied error
2/8/2012 12:30:00 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: General access denied error
2/8/2012 12:30:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error
2/8/2012 12:30:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error
2/8/2012 11:30:00 AM, error: Schedule [7901] - The At24.job command failed to start due to the following error: General access denied error
2/8/2012 11:30:00 AM, error: Schedule [7901] - The At23.job command failed to start due to the following error: General access denied error
2/8/2012 10:30:00 AM, error: Schedule [7901] - The At22.job command failed to start due to the following error: General access denied error
2/8/2012 10:30:00 AM, error: Schedule [7901] - The At21.job command failed to start due to the following error: General access denied error
2/8/2012 1:30:00 PM, error: Schedule [7901] - The At28.job command failed to start due to the following error: General access denied error
2/8/2012 1:30:00 PM, error: Schedule [7901] - The At27.job command failed to start due to the following error: General access denied error
2/8/2012 1:30:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error
2/8/2012 1:30:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error
2/7/2012 9:30:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: General access denied error
2/7/2012 9:30:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: General access denied error
2/7/2012 8:30:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: General access denied error
2/7/2012 8:30:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: General access denied error
2/7/2012 8:22:16 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
2/7/2012 7:30:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: General access denied error
2/7/2012 7:30:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: General access denied error
2/7/2012 6:30:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: General access denied error
2/7/2012 6:30:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: General access denied error
2/7/2012 5:30:00 PM, error: Schedule [7901] - The At36.job command failed to start due to the following error: General access denied error
2/7/2012 5:30:00 PM, error: Schedule [7901] - The At35.job command failed to start due to the following error: General access denied error
2/7/2012 4:30:00 PM, error: Schedule [7901] - The At34.job command failed to start due to the following error: General access denied error
2/7/2012 4:12:05 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
2/7/2012 4:09:13 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
2/7/2012 4:08:40 PM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
2/7/2012 4:08:38 PM, error: Service Control Manager [7001] - The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/7/2012 4:08:38 PM, error: Service Control Manager [7000] - The Fastream IQ Web/FTP Server service failed to start due to the following error: The system cannot find the file specified.
2/7/2012 4:06:30 PM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 485B39953844 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
2/7/2012 11:30:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: General access denied error
2/7/2012 11:30:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: General access denied error
2/7/2012 10:30:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: General access denied error
2/7/2012 10:30:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: General access denied error
2/4/2012 3:56:24 PM, error: Service Control Manager [7001] - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/11/2012 3:06:21 PM, error: RemoteAccess [20151] - The Control Protocol IPCP in the Point to Point Protocol module (unknown) returned an error while initializing. A device attached to the system is not functioning.
2/11/2012 3:06:09 PM, error: PlugPlayManager [12] - The device 'WAN Miniport (Network Monitor) - Privacyware Filter Miniport' (Root\PWIPF6MP\0002) disappeared from the system without first being prepared for removal.
2/11/2012 3:06:09 PM, error: PlugPlayManager [12] - The device 'WAN Miniport (IP) - Privacyware Filter Miniport' (Root\PWIPF6MP\0004) disappeared from the system without first being prepared for removal.
2/11/2012 3:06:09 PM, error: PlugPlayManager [12] - The device 'Realtek PCIe GBE Family Controller - Privacyware Filter Miniport' (Root\PWIPF6MP\0001) disappeared from the system without first being prepared for removal.
2/11/2012 3:06:09 PM, error: PlugPlayManager [12] - The device 'NVIDIA nForce Networking Controller - Privacyware Filter Miniport' (Root\PWIPF6MP\0003) disappeared from the system without first being prepared for removal.
2/11/2012 3:06:09 PM, error: PlugPlayManager [12] - The device 'HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter - Privacyware Filter Miniport' (Root\PWIPF6MP\0005) disappeared from the system without first being prepared for removal.
2/11/2012 3:06:05 PM, error: PlugPlayManager [12] - The device 'ASUS EZ N 802.11b/g/n Wireless USB Adapter - Privacyware Filter Miniport' (Root\PWIPF6MP\0000) disappeared from the system without first being prepared for removal.
2/11/2012 3:04:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cfadisk IntelIde ViaIde
2/11/2012 3:04:27 PM, error: Service Control Manager [7023] - The Atimtag service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================

Will post rest when its done (15 mins download, and still scanning)
 
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-11 18:39:07
-----------------------------
18:39:07.015 OS Version: Windows 5.1.2600 Service Pack 2
18:39:07.015 Number of processors: 6 586 0xA00
18:39:07.015 ComputerName: ELENGIL UserName:
18:39:11.000 Initialize success
18:51:17.906 AVAST engine defs: 12021101
18:52:51.640 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-6
18:52:51.640 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA3EA Size: 953869MB BusType: 3
18:52:51.640 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-e
18:52:51.640 Disk 1 Vendor: ST3320833AS 3.AHH Size: 305245MB BusType: 3
18:52:51.640 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-1c
18:52:51.640 Disk 2 Vendor: HDS722516VLAT80 V34OA63A Size: 157066MB BusType: 3
18:52:51.656 Disk 1 MBR read successfully
18:52:51.656 Disk 1 MBR scan
18:52:51.718 Disk 1 unknown MBR code
18:52:51.718 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 296174 MB offset 63
18:52:51.734 Disk 1 Partition 2 00 0C FAT32 LBA RECOVERY 9060 MB offset 606582270
18:52:51.734 Disk 1 scanning sectors +625137345
18:52:51.781 Disk 1 scanning C:\WINDOWS\system32\drivers
18:53:00.000 File: C:\WINDOWS\system32\drivers\serial.sys **INFECTED** Win32:Aluroot [Rtk]
18:53:02.843 Disk 1 trace - called modules:
18:53:02.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8b6ebf10]<<
18:53:02.875 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8ba93ab8]
18:53:02.890 3 CLASSPNP.SYS[b811905b] -> nt!IofCallDriver -> [0x8b7a1668]
18:53:02.890 \Driver\00000474[0x8b79b698] -> IRP_MJ_CREATE -> 0x8b6ebf10
18:53:04.078 AVAST engine scan C:\WINDOWS
18:53:12.890 AVAST engine scan C:\WINDOWS\system32
18:57:13.265 AVAST engine scan C:\WINDOWS\system32\drivers
18:57:22.765 File: C:\WINDOWS\system32\drivers\serial.sys **INFECTED** Win32:Aluroot [Rtk]
18:57:29.562 AVAST engine scan C:\Documents and Settings\HP_Administrator
19:38:39.078 AVAST engine scan C:\Documents and Settings\All Users
19:47:19.812 Scan finished successfully
19:52:11.750 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat"
19:52:11.781 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.txt"



Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive1 at offset 0x00000000`00007e00
Boot sector MD5 is: 74c9b8a519aa05c22f46e134715d1f6f

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive1 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
 
ListParts by Farbar
Ran by HP_Administrator on 11-02-2012 at 20:14:33
Windows XP (X86)
Running From: C:\Downloads\Temp
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 76%
Total physical RAM: 3326.1 MB
Available physical RAM: 794.37 MB
Total Pagefile: 7255.64 MB
Available Pagefile: 4550.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 2005.73 MB

======================= Partitions =========================

1 Drive c: (HP_PAVILION) (Fixed) (Total:289.23 GB) (Free:41.8 GB) NTFS ==>[Drive with boot components (Windows XP)]
2 Drive d: (HP_RECOVERY) (Fixed) (Total:8.83 GB) (Free:0.61 GB) FAT32 ==>[Drive with boot components (Windows XP)]
3 Drive e: (OS XP) (Fixed) (Total:292.96 GB) (Free:291.94 GB) NTFS
4 Drive f: (HBCD 15.1) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS
8 Drive j: (Storage) (Fixed) (Total:638.55 GB) (Free:352.65 GB) NTFS
9 Drive k: (Storage 2) (Fixed) (Total:115.83 GB) (Free:23.11 GB) NTFS
11 Drive m: (PAX_IMPERIA) (CDROM) (Total:0.27 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 932 GB 0 B
Disk 1 Online 298 GB 0 B
Disk 2 Online 153 GB 31 MB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 293 GB 32 KB
Partition 2 Extended 639 GB 293 GB
Partition 3 Logical 639 GB 293 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E OS XP NTFS Partition 293 GB Healthy

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 J Storage NTFS Partition 639 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 289 GB 32 KB
Partition 2 Primary 9 GB 289 GB

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 C HP_PAVILION NTFS Partition 289 GB Healthy System (partition with boot components)

Disk: 1
Partition 2
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 D HP_RECOVERY FAT32 Partition 9 GB Healthy

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Unknown 34 GB 32 KB
Partition 2 Extended 120 GB 34 GB
Partition 3 Logical 3977 MB 34 GB
Partition 4 Logical 116 GB 38 GB

Disk: 2
Partition 1
Type : 83
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

Disk: 2
Partition 3
Type : 82
Hidden: Yes
Active: No

There is no volume associated with this partition.

Disk: 2
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 K Storage 2 NTFS Partition 116 GB Healthy


****** End Of Log ******
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-02-11.03 - HP_Administrator 02/11/2012 21:29:38.1.6 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2633 [GMT -5:00]
Running from: c:\downloads\Temp\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Privatefirewall *Disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\magic
c:\data\magic.mgc
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator\Application Data\Adobe\plugs
c:\documents and settings\HP_Administrator\Application Data\Adobe\shed
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{2AD94B75-6B3B-4902-885C-DF4193ED7271}
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{2AD94B75-6B3B-4902-885C-DF4193ED7271}\chrome.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{2AD94B75-6B3B-4902-885C-DF4193ED7271}\chrome\content\_cfg.js
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{2AD94B75-6B3B-4902-885C-DF4193ED7271}\chrome\content\overlay.xul
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{2AD94B75-6B3B-4902-885C-DF4193ED7271}\install.rdf
c:\documents and settings\HP_Administrator\Local Settings\Application Data\assembly\tmp
c:\documents and settings\HP_Administrator\WINDOWS
c:\documents and settings\LocalService\NTUSER.DAT.tmp
C:\index.htm
C:\install.exe
c:\program files\Extension Changer\extmain.exe
c:\windows\$NtUninstallKB62280$\1431381802
c:\windows\$NtUninstallKB62280$\485945278\@
c:\windows\$NtUninstallKB62280$\485945278\bckfg.tmp
c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
c:\windows\$NtUninstallKB62280$\485945278\keywords
c:\windows\$NtUninstallKB62280$\485945278\kwrd.dll
c:\windows\$NtUninstallKB62280$\485945278\L\aqaeidou
c:\windows\$NtUninstallKB62280$\485945278\lsflt7.ver
c:\windows\$NtUninstallKB62280$\485945278\oemid
c:\windows\$NtUninstallKB62280$\485945278\U\00000001.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000002.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000000.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000032.@
c:\windows\$NtUninstallKB62280$\485945278\version
c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe
c:\windows\IsUn0411.exe
c:\windows\iun6002.exe
c:\windows\kb913800.exe
c:\windows\ST6UNST.000
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\muzapp.exe
c:\windows\system32\REN196.tmp
c:\windows\system32\SET1967.tmp
c:\windows\system32\SET196A.tmp
c:\windows\system32\SET1975.tmp
c:\windows\system32\SET1978.tmp
c:\windows\system32\SET1981.tmp
c:\windows\system32\SET198E.tmp
c:\windows\wpe pro.INI
D:\Autorun.inf
c:\windows\$NtUninstallKB62280$ . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
.
c:\windows\system32\drivers\serial.sys . . . is infected!! . . . Failed to find a valid replacement.
c:\windows\system32\drivers\intelppm.sys . . . is missing!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETWORKLOG
-------\Service_NetworkLog
.
.
((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-09 11:22 . 2012-02-09 11:22 -------- d-----w- C:\found.001
2012-02-07 21:24 . 2012-02-11 20:02 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-04 21:25 . 2012-02-04 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-02-04 21:25 . 2012-02-04 21:39 -------- d-----w- c:\program files\Security Task Manager
2012-02-04 20:16 . 2011-02-22 18:57 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2012-02-04 20:16 . 2011-02-22 18:57 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2012-02-04 20:16 . 2011-02-22 18:57 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2012-02-04 20:16 . 2012-02-04 20:17 -------- d-----w- c:\program files\ThreatFire
2012-02-04 20:16 . 2012-02-04 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-02-02 17:40 . 2012-02-02 17:44 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
2012-01-29 20:26 . 2012-01-29 21:46 -------- d-----w- c:\program files\Argente - Uninstall Manager
2012-01-24 22:39 . 2012-01-24 22:43 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-24 22:38 . 2012-01-27 19:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DAEMON Tools Lite
2012-01-24 22:22 . 2012-01-24 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2012-01-21 06:49 . 2011-11-09 11:21 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-01-21 06:49 . 2010-11-11 23:10 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2012-01-21 06:49 . 2010-11-11 23:10 100456 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2012-01-21 06:49 . 2004-08-04 04:15 140928 ----a-w- c:\windows\system32\drivers\ks.sys
2012-01-21 06:49 . 2004-08-04 04:08 48640 ----a-w- c:\windows\system32\drivers\stream.sys
2012-01-21 06:49 . 2004-08-04 04:08 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2012-01-21 06:49 . 2004-08-04 07:56 23552 ----a-w- c:\windows\system32\wdmaud.drv
2012-01-21 06:49 . 2004-08-04 05:56 4096 ----a-w- c:\windows\system32\ksuser.dll
2012-01-21 06:49 . 2004-08-04 05:56 130048 ----a-w- c:\windows\system32\ksproxy.ax
2012-01-21 06:49 . 2004-03-16 17:58 136960 ----a-w- c:\windows\system32\drivers\portcls.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 17:33 . 2011-06-14 01:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-31 07:33 . 2011-12-31 07:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-27 08:00 . 2011-07-16 23:59 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-12-23 20:52 . 2011-08-20 00:43 16976 ----a-w- c:\windows\system32\drivers\SSADMDM.SYS
2011-12-23 20:52 . 2011-08-20 00:43 16976 ----a-w- c:\windows\system32\drivers\SSADMDFL.SYS
2011-12-23 20:52 . 2011-01-19 19:07 16976 ----a-w- c:\windows\system32\drivers\SXUPTP.SYS
2011-12-23 20:52 . 2010-10-31 22:48 16976 ----a-w- c:\windows\system32\drivers\BT848.SYS
2011-12-10 20:24 . 2008-07-30 21:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-14 20:01 . 2010-08-06 09:16 1618432 ----a-w- c:\program files\Default Programs Editor.exe
2006-05-03 09:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sha-r- c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2010-09-02 2158592]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"!1_ProcessGuard_Startup"="c:\program files\ProcessGuard\procguard.exe" [2005-01-20 280064]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-01-19 8563624]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-01-19 8563624]
"SplitCam"="c:\program files\SplitCam\SplitCam.exe" [2011-04-19 2809856]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-04 6497592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2010-02-03 5756544]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
"Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2011-10-22 3065568]
"!1_pgaccount"="c:\program files\ProcessGuard\pgaccount.exe" [2005-01-20 184320]
"StartupDelayer"="c:\program files\Startup Delayer\Startup Launcher GUI.exe" [2009-03-08 147456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-08-15 659200]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-19 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-19 27136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Internet\\Cerberus FTP\\Cerberus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
"c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Internet\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23327:TCP"= 23327:TCP:BitComet 23327 TCP
"23327:UDP"= 23327:UDP:BitComet 23327 UDP
"85:TCP"= 85:TCP:BroadWave Web Server
"5191:TCP"= 5191:TCP:The Browser Highlighter XCOM
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"57575:TCP"= 57575:TCP:pando Media Booster
"57575:UDP"= 57575:UDP:pando Media Booster
"56833:TCP"= 56833:TCP:pando Media Booster
"56833:UDP"= 56833:UDP:pando Media Booster
"19540:UDP"= 19540:UDP:SXUPTP
"443:UDP"= 443:UDP:eek:oVoo UDP port 443
"37674:TCP"= 37674:TCP:eek:oVoo TCP port 37674
"37674:UDP"= 37674:UDP:eek:oVoo UDP port 37674
"37675:UDP"= 37675:UDP:eek:oVoo UDP port 37675
"135:TCP"= 135:TCP:DCOM(135)
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [10/5/2009 1:31 PM 3712]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/30/2011 3:45 PM 64512]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2/4/2012 3:16 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2/4/2012 3:16 PM 69392]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 297168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1/24/2012 5:39 PM 242240]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [4/22/2010 12:46 AM 123856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [4/22/2010 12:46 AM 41680]
R2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [10/24/2009 12:53 AM 1127944]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/9/2004 4:00 PM 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/31/2012 3:02 PM 7391072]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [1/19/2011 2:07 PM 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [1/19/2011 2:07 PM 49152]
R2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [10/31/2010 5:48 PM 16976]
R2 DCSPGSRV;DiamondCS Process Guard Service v3.000;c:\program files\ProcessGuard\DCSUserProt.exe [12/20/2011 4:10 PM 69632]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
R2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [10/26/2010 4:25 PM 319568]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/16/2011 6:58 PM 12184]
R2 PFNet;Privacyware network service;c:\program files\Privacyware\Privatefirewall 7.0\pfsvc.exe [10/21/2011 9:57 PM 379328]
R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [12/20/2011 4:10 PM 24911]
R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [12/5/2010 7:13 PM 354176]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\SXUPTP.SYS [1/19/2011 2:07 PM 16976]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [1/24/2010 11:34 PM 70952]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 27216]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [1/22/2010 12:21 PM 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [1/22/2010 12:21 PM 139648]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/21/2012 1:49 AM 100456]
R3 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [12/18/2011 7:10 PM 130360]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2/4/2012 3:16 PM 33552]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [12/3/2010 1:56 PM 2127728]
S1 PDIDRV;PDIDRV; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2010 5:51 PM 136176]
S2 NFService;Fastream IQ Web/FTP Server;c:\progra~1\FASTRE~2\IQWebFTPServerEngine.exe --> c:\progra~1\FASTRE~2\IQWebFTPServerEngine.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [8/19/2011 7:43 PM 30312]
S3 cpuz135;cpuz135;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [?]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2010 5:51 PM 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [7/17/2010 2:02 AM 24576]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [6/20/2011 10:31 AM 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [6/20/2011 10:31 AM 15232]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [4/30/2011 7:00 AM 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [4/30/2011 7:00 AM 12184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/28/2007 7:01 PM 42512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 npkycryp;npkycryp; [x]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [8/4/2011 2:27 AM 86016]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [1/19/2011 12:08 PM 590080]
S3 SjyPkt;SjyPkt; [x]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [8/19/2011 7:43 PM 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\SSADMDFL.SYS [8/19/2011 7:43 PM 16976]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\SSADMDM.SYS [8/19/2011 7:43 PM 16976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys --> c:\windows\system32\DRIVERS\C-itnt.sys [?]
S4 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
S4 sptd;sptd;c:\windows\system32\drivers\SPTD.SYS [11/11/2006 1:54 AM 16976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PGFILTER
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
MRESP50a64
wps
MSFWDrv
point32
MTC0001_ESB
se59mgmt
queuemgr
cmdmon
Nsynas32
mirrorv3
GTPTSER
x10nets
houdinilicenseserver
sfhlp02
mgabgexe
int15
wmconnectcds
issimon
NWFILTER
s116nd5
lusbaudio
clmtomcatstartersvc
foldersize
ikfilesec
centennialclientagent
SaiH040B
imap4d32
nmindexingservice
pclepci
CAM1210
portmapper
lxbx_device
dwusbdnt
mcusrmgr
SQTECH9080
s117mdm
iPassPeriodicUpdateApp
SMCB000
sthda
st330service
icraplus
com0com
lxbt_device
cpqnicmgmt
SaiNtHid
toscosrv
NuidFltr
k56
infrastructure
vwlogger
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-01-19 20:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 07:40]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 22:51]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 22:51]
.
2012-02-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
2012-01-30 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2011-02-09 23:08]
.
2011-02-12 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-05-08 21:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/b/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &D&ownload &with BitComet - c:\program files\Internet\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\Internet\BitComet\BitComet.exe/AddAllLink.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download all by NetXfer - c:\program files\Internet\NetXfer\NXAddList.html
IE: Download by NetXfer - c:\program files\Internet\NetXfer\NXAddLink.html
IE: Free YouTube Download - c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{A3A0268C-3146-431d-84EE-2789B750ABD2} - {4E2E9E0B-6C23-45e9-A8A3-6A5581779451} - c:\program files\Bubbles\BubblesHBO.dll
Trusted Zone: trymedia.com
TCP: DhcpNameServer = 192.168.2.1
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Internet\Mozilla Firefox 3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Link Alert: linkalert.conlan@addons.mozilla.com - %profile%\extensions\linkalert.conlan@addons.mozilla.com
FF - Ext: VacuumPlaces Extension: VacuumPlaces@revertron.com - %profile%\extensions\VacuumPlaces@revertron.com
FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
FF - Ext: Clear Cache Button: {563e4790-7e70-11da-a72b-0800200c9a66} - %profile%\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
FF - Ext: Walnut for Firefox: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} - %profile%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Ext: View Cookies: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21} - %profile%\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
FF - Ext: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
FF - Ext: AvantGarde Rosepetal: {9f94fab0-58a2-11dd-ae16-0800200c9a66} - %profile%\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Lazarus: Form Recovery: lazarus@interclue.com - %profile%\extensions\lazarus@interclue.com
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Show my Password: {cd617372-6743-4ee4-bac4-fbf60f35719e} - %profile%\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: Better Facebook!: betterfacebook@mattkruse.com - %profile%\extensions\betterfacebook@mattkruse.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG10\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1E7837CB-AD5F-48BE-B10E-B617DA4D3343} - (no file)
BHO-{FBD95266-B665-4E3E-ABA8-EA06B7DEA609} - (no file)
SafeBoot-WinDefend
AddRemove-ClipMagic_3.1 - c:\windows\iun6002.exe
AddRemove-Diablo - c:\windows\DiabUnin.exe
AddRemove-Karaoke Anything!1.0 - c:\windows\iun6002.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-26_VIA_driver2 - c:\program files\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe
AddRemove-Akamai - c:\documents and settings\HP_Administrator\Local Settings\Application Data\Akamai\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-11 22:26
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\mc21.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3220704123-1705262036-168104783-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6A5436B3-0D87-5A7E-5E23-69F35B8692EE}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"fainmcmholbc"=hex:68,61,6f,69,69,70,61,6f,70,6c,67,68,63,66,6d,66,00,fb
"fainmcmholac"=hex:68,61,6f,69,69,70,61,6f,70,6c,67,68,63,66,6d,66,00,fb
.
[HKEY_USERS\S-1-5-21-3220704123-1705262036-168104783-1007\Software\SecuROM\License information*]
"datasecu"=hex:56,6a,f9,4a,a2,74,63,e0,5a,b2,45,7b,2d,a8,b5,b1,a5,61,80,30,ec,
fd,11,38,6a,03,80,0d,de,c9,ca,7e,8e,96,76,21,57,e0,db,41,fb,69,67,95,2f,13,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\software\’t*’0 ’ ’X*’p*’ \’0 ’O*’i*’*’N*’o*’g*’9 ’I*’t*’0 ’C*’  Ç*0 Á*’V*’i*’`’I*2*]
"ShortcutName"="ƒ‰ƒOƒiƒƒNƒoƒgƒ‹ƒIƒtƒ‰ƒCƒ“’ljÁƒVƒiƒŠƒI2"
.
[HKEY_LOCAL_MACHINE\software\’t*’0 ’ ’X*’p*’ \’0 ’O*’i*’*’N*’o*’g*’9 ’I*’t*’0 ’C*’  Ç*0 Á*’V*’i*’`’I*3*]
"ShortcutName"="ƒ‰ƒOƒiƒƒNƒoƒgƒ‹ƒIƒtƒ‰ƒCƒ“’ljÁƒVƒiƒŠƒI3"
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(288)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(496)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'Explorer.EXE'(2040)
c:\program files\TortoiseSVN\bin\tortoisesvn.dll
c:\program files\TortoiseSVN\bin\intl3_svn.dll
c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\SuperCopier2\SC2Hook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\windows\arservice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\ThreatFire\TFService.exe
c:\program files\tbh\base\bin\tbhDaemon.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\RUNDLL32.EXE
c:\hp\KBD\KBD.EXE
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\ehome\ehtray.exe
c:\windows\eHome\ehmsas.exe
c:\program files\DU Meter\DUMeter.exe
c:\documents and settings\HP_Administrator\Local Settings\Apps\F.lux\flux.exe
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Completion time: 2012-02-11 22:48:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-12 03:48
.
Pre-Run: 44,731,031,552 bytes free
Post-Run: 45,574,877,184 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /usepmtimer /NoExecute=OptIn
[spybotsd]
timeout.old=0
.
- - End Of File - - 9E2B234A0C8CFA1C91B1690884E06BD1
 
We have one infected and one missing system file.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    Code:
    :filefind
    intelppm.sys
    serial.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
SystemLook 30.07.11 by jpshortstuff
Log created at 23:06 on 11/02/2012 by HP_Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "intelppm.sys"
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\intelppm.sys --a---- 36352 bytes [07:38 22/10/2010] [18:31 13/04/2008] 8C953733D8F36EB2133F5BB58808B66B

Searching for "serial.sys"
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\serial.sys --a---- 64512 bytes [07:48 22/10/2010] [19:15 13/04/2008] CCA207A8896D4C6A0C9CE29A4AE411A7
C:\WINDOWS\system32\drivers\serial.sys --a---- 64896 bytes [21:00 09/08/2004] [21:00 09/08/2004] 3A9167FE85254E2E5EA73CBBE1CD2D14

-= EOF =-
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
FCopy::
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\intelppm.sys | c:\windows\system32\drivers\intelppm.sys
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\serial.sys | c:\windows\system32\drivers\serial.sys

File::
c:\windows\system32\dds_trash_log.cmd

RegNull::
[HKEY_USERS\S-1-5-21-3220704123-1705262036-168104783-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6A5436B3-0D87-5A7E-5E23-69F35B8692EE}*]

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 12-02-11.03 - HP_Administrator 02/11/2012 23:37:53.2.6 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2748 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\cfscript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Privatefirewall *Enabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}
.
FILE ::
"c:\windows\system32\dds_trash_log.cmd"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dds_trash_log.cmd
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
.
c:\windows\system32\drivers\serial.sys . . . is infected!! . . . Failed to find a valid replacement.
.
--------------- FCopy ---------------
.
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\intelppm.sys --> c:\windows\system32\drivers\intelppm.sys
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\serial.sys --> c:\windows\system32\drivers\serial.sys
.
((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-12 04:37 . 2004-08-04 03:59 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
2012-02-12 04:37 . 2004-08-04 03:59 36096 ----a-w- c:\windows\system32\dllcache\intelppm.sys
2012-02-09 11:22 . 2012-02-09 11:22 -------- d-----w- C:\found.001
2012-02-04 21:25 . 2012-02-04 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-02-04 21:25 . 2012-02-04 21:39 -------- d-----w- c:\program files\Security Task Manager
2012-02-04 20:16 . 2011-02-22 18:57 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2012-02-04 20:16 . 2011-02-22 18:57 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2012-02-04 20:16 . 2011-02-22 18:57 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2012-02-04 20:16 . 2012-02-04 20:17 -------- d-----w- c:\program files\ThreatFire
2012-02-04 20:16 . 2012-02-04 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-02-02 17:40 . 2012-02-02 17:44 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
2012-01-29 20:26 . 2012-01-29 21:46 -------- d-----w- c:\program files\Argente - Uninstall Manager
2012-01-24 22:39 . 2012-01-24 22:43 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-24 22:38 . 2012-01-27 19:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DAEMON Tools Lite
2012-01-24 22:22 . 2012-01-24 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2012-01-21 06:49 . 2011-11-09 11:21 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-01-21 06:49 . 2010-11-11 23:10 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2012-01-21 06:49 . 2010-11-11 23:10 100456 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2012-01-21 06:49 . 2004-08-04 04:15 140928 ----a-w- c:\windows\system32\drivers\ks.sys
2012-01-21 06:49 . 2004-08-04 04:08 48640 ----a-w- c:\windows\system32\drivers\stream.sys
2012-01-21 06:49 . 2004-08-04 04:08 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2012-01-21 06:49 . 2004-08-04 07:56 23552 ----a-w- c:\windows\system32\wdmaud.drv
2012-01-21 06:49 . 2004-08-04 05:56 4096 ----a-w- c:\windows\system32\ksuser.dll
2012-01-21 06:49 . 2004-08-04 05:56 130048 ----a-w- c:\windows\system32\ksproxy.ax
2012-01-21 06:49 . 2004-03-16 17:58 136960 ----a-w- c:\windows\system32\drivers\portcls.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 17:33 . 2011-06-14 01:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-31 07:33 . 2011-12-31 07:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-27 08:00 . 2011-07-16 23:59 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-12-23 20:52 . 2011-08-20 00:43 16976 ----a-w- c:\windows\system32\drivers\SSADMDM.SYS
2011-12-23 20:52 . 2011-08-20 00:43 16976 ----a-w- c:\windows\system32\drivers\SSADMDFL.SYS
2011-12-23 20:52 . 2011-01-19 19:07 16976 ----a-w- c:\windows\system32\drivers\SXUPTP.SYS
2011-12-23 20:52 . 2010-10-31 22:48 16976 ----a-w- c:\windows\system32\drivers\BT848.SYS
2011-12-10 20:24 . 2008-07-30 21:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-14 20:01 . 2010-08-06 09:16 1618432 ----a-w- c:\program files\Default Programs Editor.exe
2006-05-03 09:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sha-r- c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-12_03.29.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-12 05:11 . 2012-02-12 05:11 16384 c:\windows\Temp\Perflib_Perfdata_1e0.dat
- 2012-02-12 03:24 . 2012-02-12 03:24 16384 c:\windows\Temp\Perflib_Perfdata_1ac.dat
+ 2012-02-12 05:11 . 2012-02-12 05:11 16384 c:\windows\Temp\Perflib_Perfdata_1ac.dat
+ 2005-08-30 21:07 . 2012-02-12 04:38 88586 c:\windows\system32\perfc009.dat
- 2005-08-30 21:07 . 2012-02-12 02:30 88586 c:\windows\system32\perfc009.dat
+ 2004-08-09 21:00 . 2004-08-04 04:15 64896 c:\windows\system32\dllcache\serial.sys
+ 2012-02-12 05:11 . 2012-02-12 05:12 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2012-02-12 03:24 . 2012-02-12 03:25 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2011-12-21 18:41 . 2012-02-12 05:20 268164 c:\windows\system32\pghash.dat
+ 2005-08-30 21:07 . 2012-02-12 04:38 504792 c:\windows\system32\perfh009.dat
- 2005-08-30 21:07 . 2012-02-12 02:30 504792 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2010-09-02 2158592]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"!1_ProcessGuard_Startup"="c:\program files\ProcessGuard\procguard.exe" [2005-01-20 280064]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-01-19 8563624]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-01-19 8563624]
"SplitCam"="c:\program files\SplitCam\SplitCam.exe" [2011-04-19 2809856]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-04 6497592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2010-02-03 5756544]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
"Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2011-10-22 3065568]
"!1_pgaccount"="c:\program files\ProcessGuard\pgaccount.exe" [2005-01-20 184320]
"StartupDelayer"="c:\program files\Startup Delayer\Startup Launcher GUI.exe" [2009-03-08 147456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-08-15 659200]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-19 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-19 27136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Internet\\Cerberus FTP\\Cerberus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
"c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Internet\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23327:TCP"= 23327:TCP:BitComet 23327 TCP
"23327:UDP"= 23327:UDP:BitComet 23327 UDP
"85:TCP"= 85:TCP:BroadWave Web Server
"5191:TCP"= 5191:TCP:The Browser Highlighter XCOM
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"57575:TCP"= 57575:TCP:pando Media Booster
"57575:UDP"= 57575:UDP:pando Media Booster
"56833:TCP"= 56833:TCP:pando Media Booster
"56833:UDP"= 56833:UDP:pando Media Booster
"19540:UDP"= 19540:UDP:SXUPTP
"443:UDP"= 443:UDP:eek:oVoo UDP port 443
"37674:TCP"= 37674:TCP:eek:oVoo TCP port 37674
"37674:UDP"= 37674:UDP:eek:oVoo UDP port 37674
"37675:UDP"= 37675:UDP:eek:oVoo UDP port 37675
"135:TCP"= 135:TCP:DCOM(135)
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [10/5/2009 1:31 PM 3712]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/30/2011 3:45 PM 64512]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2/4/2012 3:16 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2/4/2012 3:16 PM 69392]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 297168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1/24/2012 5:39 PM 242240]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [4/22/2010 12:46 AM 123856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [4/22/2010 12:46 AM 41680]
R2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [10/24/2009 12:53 AM 1127944]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/9/2004 4:00 PM 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/31/2012 3:02 PM 7391072]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [1/19/2011 2:07 PM 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [1/19/2011 2:07 PM 49152]
R2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [10/31/2010 5:48 PM 16976]
R2 DCSPGSRV;DiamondCS Process Guard Service v3.000;c:\program files\ProcessGuard\DCSUserProt.exe [12/20/2011 4:10 PM 69632]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
R2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [10/26/2010 4:25 PM 319568]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/16/2011 6:58 PM 12184]
R2 PFNet;Privacyware network service;c:\program files\Privacyware\Privatefirewall 7.0\pfsvc.exe [10/21/2011 9:57 PM 379328]
R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [12/20/2011 4:10 PM 24911]
R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [12/5/2010 7:13 PM 354176]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\SXUPTP.SYS [1/19/2011 2:07 PM 16976]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [1/24/2010 11:34 PM 70952]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 27216]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [1/22/2010 12:21 PM 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [1/22/2010 12:21 PM 139648]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/21/2012 1:49 AM 100456]
R3 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [12/18/2011 7:10 PM 130360]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2/4/2012 3:16 PM 33552]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [12/3/2010 1:56 PM 2127728]
S1 PDIDRV;PDIDRV; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2010 5:51 PM 136176]
S2 NFService;Fastream IQ Web/FTP Server;c:\progra~1\FASTRE~2\IQWebFTPServerEngine.exe --> c:\progra~1\FASTRE~2\IQWebFTPServerEngine.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [8/19/2011 7:43 PM 30312]
S3 cpuz135;cpuz135;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [?]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2010 5:51 PM 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [7/17/2010 2:02 AM 24576]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [6/20/2011 10:31 AM 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [6/20/2011 10:31 AM 15232]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [4/30/2011 7:00 AM 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [4/30/2011 7:00 AM 12184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/28/2007 7:01 PM 42512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 npkycryp;npkycryp; [x]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [8/4/2011 2:27 AM 86016]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [1/19/2011 12:08 PM 590080]
S3 SjyPkt;SjyPkt; [x]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [8/19/2011 7:43 PM 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\SSADMDFL.SYS [8/19/2011 7:43 PM 16976]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\SSADMDM.SYS [8/19/2011 7:43 PM 16976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys --> c:\windows\system32\DRIVERS\C-itnt.sys [?]
S4 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
S4 sptd;sptd;c:\windows\system32\drivers\SPTD.SYS [11/11/2006 1:54 AM 16976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PGFILTER
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
MRESP50a64
wps
MSFWDrv
point32
MTC0001_ESB
se59mgmt
queuemgr
cmdmon
Nsynas32
mirrorv3
GTPTSER
x10nets
houdinilicenseserver
sfhlp02
mgabgexe
int15
wmconnectcds
issimon
NWFILTER
s116nd5
lusbaudio
clmtomcatstartersvc
foldersize
ikfilesec
centennialclientagent
SaiH040B
imap4d32
nmindexingservice
pclepci
CAM1210
portmapper
lxbx_device
dwusbdnt
mcusrmgr
SQTECH9080
s117mdm
iPassPeriodicUpdateApp
SMCB000
sthda
st330service
icraplus
com0com
lxbt_device
cpqnicmgmt
SaiNtHid
toscosrv
NuidFltr
k56
infrastructure
vwlogger
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-01-19 20:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 07:40]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 22:51]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 22:51]
.
2012-02-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
2011-02-12 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-05-08 21:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/b/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &D&ownload &with BitComet - c:\program files\Internet\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\Internet\BitComet\BitComet.exe/AddAllLink.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download all by NetXfer - c:\program files\Internet\NetXfer\NXAddList.html
IE: Download by NetXfer - c:\program files\Internet\NetXfer\NXAddLink.html
IE: Free YouTube Download - c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{A3A0268C-3146-431d-84EE-2789B750ABD2} - {4E2E9E0B-6C23-45e9-A8A3-6A5581779451} - c:\program files\Bubbles\BubblesHBO.dll
LSP: mswsock.dll
Trusted Zone: trymedia.com
TCP: DhcpNameServer = 192.168.2.1
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Internet\Mozilla Firefox 3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Link Alert: linkalert.conlan@addons.mozilla.com - %profile%\extensions\linkalert.conlan@addons.mozilla.com
FF - Ext: VacuumPlaces Extension: VacuumPlaces@revertron.com - %profile%\extensions\VacuumPlaces@revertron.com
FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
FF - Ext: Clear Cache Button: {563e4790-7e70-11da-a72b-0800200c9a66} - %profile%\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
FF - Ext: Walnut for Firefox: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} - %profile%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Ext: View Cookies: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21} - %profile%\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
FF - Ext: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
FF - Ext: AvantGarde Rosepetal: {9f94fab0-58a2-11dd-ae16-0800200c9a66} - %profile%\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Lazarus: Form Recovery: lazarus@interclue.com - %profile%\extensions\lazarus@interclue.com
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Show my Password: {cd617372-6743-4ee4-bac4-fbf60f35719e} - %profile%\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: Better Facebook!: betterfacebook@mattkruse.com - %profile%\extensions\betterfacebook@mattkruse.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG10\Firefox
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-12 00:13
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB62280$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\mc21.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3220704123-1705262036-168104783-1007\Software\SecuROM\License information*]
"datasecu"=hex:56,6a,f9,4a,a2,74,63,e0,5a,b2,45,7b,2d,a8,b5,b1,a5,61,80,30,ec,
fd,11,38,6a,03,80,0d,de,c9,ca,7e,8e,96,76,21,57,e0,db,41,fb,69,67,95,2f,13,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\software\’t*’0 ’ ’X*’p*’ \’0 ’O*’i*’*’N*’o*’g*’9 ’I*’t*’0 ’C*’  Ç*0 Á*’V*’i*’`’I*2*]
"ShortcutName"="ƒ‰ƒOƒiƒƒNƒoƒgƒ‹ƒIƒtƒ‰ƒCƒ“’ljÁƒVƒiƒŠƒI2"
.
[HKEY_LOCAL_MACHINE\software\’t*’0 ’ ’X*’p*’ \’0 ’O*’i*’*’N*’o*’g*’9 ’I*’t*’0 ’C*’  Ç*0 Á*’V*’i*’`’I*3*]
"ShortcutName"="ƒ‰ƒOƒiƒƒNƒoƒgƒ‹ƒIƒtƒ‰ƒCƒ“’ljÁƒVƒiƒŠƒI3"
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(364)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(628)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'Explorer.EXE'(1792)
c:\program files\TortoiseSVN\bin\tortoisesvn.dll
c:\windows\system32\MSWSOCK.dll
mswsock.dll 71a50000 258048 \\?\globalroot\systemroot\system32\mswsock.dll
c:\program files\TortoiseSVN\bin\intl3_svn.dll
c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFWAH.dll
c:\program files\SuperCopier2\SC2Hook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\windows\arservice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\tbh\base\bin\tbhDaemon.exe
c:\program files\ThreatFire\TFService.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\hp\KBD\KBD.EXE
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\ehome\ehtray.exe
c:\windows\eHome\ehmsas.exe
c:\program files\DU Meter\DUMeter.exe
c:\documents and settings\HP_Administrator\Local Settings\Apps\F.lux\flux.exe
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Completion time: 2012-02-12 00:26:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-12 05:26
ComboFix2.txt 2012-02-12 03:49
.
Pre-Run: 45,566,722,048 bytes free
Post-Run: 45,534,126,080 bytes free
.
- - End Of File - - 1233420B88EC34D5162C577D803EDDA9
 
Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- c:\windows\system32\drivers\serial.sys
If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.
 
SHA256: d9fc869fa9a6b9574a1fce70e7b919d8f79e02b28967e49f6def83a84520ecdf
SHA1: 32273de2107668e25e500ba3d9c3f18d85c1855c
MD5: cd9404d115a00d249f70a371b46d5a26
File size: 63.4 KB ( 64896 bytes )
File name: serial.sys
File type: Win32 EXE
Detection ratio: 0 / 43
Analysis date: 2012-02-12 15:17:44 UTC ( 0 minutes ago )
0
0
Antivirus Result Update
AhnLab-V3 - 20120212
AntiVir - 20120210
Antiy-AVL - 20120212
Avast - 20120212
AVG - 20120212
BitDefender - 20120212
ByteHero - 20120210
CAT-QuickHeal - 20120212
ClamAV - 20120211
Commtouch - 20120211
Comodo - 20120212
DrWeb - 20120212
Emsisoft - 20120212
eSafe - 20120212
eTrust-Vet - 20120211
F-Prot - 20120211
F-Secure - 20120212
Fortinet - 20120212
GData - 20120212
Ikarus - 20120212
Jiangmin - 20120212
K7AntiVirus - 20120211
Kaspersky - 20120212
McAfee - 20120212
McAfee-GW-Edition - 20120211
Microsoft - 20120212
NOD32 - 20120212
Norman - 20120212
nProtect - 20120212
Panda - 20120212
PCTools - 20120207
Prevx - 20120212
Rising - 20120210
Sophos - 20120212
SUPERAntiSpyware - 20120206
Symantec - 20120212
TheHacker - 20120212
TrendMicro - 20120212
TrendMicro-HouseCall - 20120212
VBA32 - 20120210
VIPRE - 20120212
ViRobot - 20120212
VirusBuster - 20120211

Waiting to see if the few issues I had will still linger, or if this is really over...
 
Nope, just got a popup from
http://113594url.displayadfeed.com/...bookmarks_apps&fb_bmpos=1_0&amp;context=urgen care hours baptist&amp;selectedKeyword=apps.facebook.com/thesimssocial&amp;selectedListingId=7841516&amp;qs=JQwDFAMXaSFTVkVKQ0JZSQ1ORURuXVRGXlQQdV5FBhAdEVReXRMYEWVcXkFVQ1Q8HgZPSEBSCAs6WFFEYSQMAFFVBjcPFxdEQFpZX1oWFAcwG1BAQlUQcF5TVBcSSVlBXhETGWZPBgdRBFA1HU0UGBMRCwABSg9CPARIQgoRSCAdCh8KAxsKBg9NB1MaDVBEClYXIApVRUsVQAhaDxERFWdYXhRUAxdjHQ8dDU1ETxsdUlVANAAJTV5QEHZcU0RKVhMMABpARkg3VF9GXlIZYwMCBhoYEQ0tFxxiBz8ACU1bXRR0W1JEXxMdDVJcFhAXZVlLFB5YEGteU0dJQFIcHQIcSVUnGUhDDUASI0tRFBYWEgwdHVFXDzoHCx9JV0YoGw8GEFVGDwIbTVVIZjYMH0IVSDVLUBQYFBsHSl1FQFEjGkMWDQZFJwEMGVcTGwRKXBQTRycBCAMFCFM2AQAbGBwrWF5dFBgV

Somethings still here, it was just hiding...
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\windows\$NtUninstallKB62280$

Folder::
c:\windows\$NtUninstallKB62280$

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Ok took a while since today was a busy day at court but now there's no internet on my pc. Ping reports "unable to contact ip driver, error code 2"

No idea how to post a log w/o internet...
 
Transfer the log to the computer you're posting from using USB flash drive.

Then....

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
 
Farbar Service Scanner Version: 13-02-2012
Ran by HP_Administrator (administrator) on 13-02-2012 at 19:46:24
Running from "C:\Documents and Settings\HP_Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2004-08-09 16:00] - [2006-05-19 07:59] - 0111616 ____N (Microsoft Corporation) EF545E1A4B043DA4C84E230DD471C55F

C:\WINDOWS\system32\Drivers\afd.sys
[2004-08-09 16:00] - [2008-08-14 04:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\system32\Drivers\netbt.sys
[2012-02-12 20:42] - [2004-08-09 16:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-09 16:00] - [2008-06-20 05:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-09 16:00] - [2004-08-09 16:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-09 16:00] - [2008-02-20 00:32] - 0045568 ____A (Microsoft Corporation) AAC8FFBFD61E784FA3BAC851D4A0BD5F

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0331264 ____N (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2004-08-09 16:00] - [2005-08-22 13:29] - 0197632 ____A (Microsoft Corporation) 36739B39267914BA69AD0610A0299732

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0144896 ____N (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0170496 ____N (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2004-08-09 16:00] - [2004-08-09 16:00] - 0073472 ____N (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0144896 ____N (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0382464 ____N (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2004-08-09 16:00] - [2008-07-07 15:32] - 0253952 ____A (Microsoft Corporation) 60D1A6342238378BFB7545C81EE3606C

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0060416 ____N (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2004-08-09 16:00] - [2004-08-09 16:00] - 0014336 ____N (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2004-08-09 16:00] - [2009-02-09 05:20] - 0399360 ____A (Microsoft Corporation) 01095FEBF33BEEA00C2A0730B9B3EC28

C:\WINDOWS\system32\services.exe
[2004-08-09 16:00] - [2009-02-06 12:14] - 0110592 ____N (Microsoft Corporation) 37561F8D4160D62DA86D24AE41FAE8DE


Extra List:
=======
Avgtdix(10) Bridge(12) BridgeMP(11) Gpc(6) IPSec(4) NetBT(5) PSched(7) pwipf6(13) Tcpip(3)
0x0D00000004000000010000000200000003000000080000000A000000050000000600000007000000090000000B0000000C0000000D000000
IpSec Tag value is correct.

**** End of log ****
ComboFix 12-02-11.03 - HP_Administrator 02/13/2012 17:45:01.3.6 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2645 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\cfscript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Privatefirewall *Disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}

FILE ::
"c:\windows\$NtUninstallKB62280$"
 
Ok, internet works again.

ComboFix 12-02-11.03 - HP_Administrator 02/13/2012 20:33:53.4.6 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2660 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Privatefirewall *Disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}
* Created a new restore point
.
FILE ::
"c:\windows\$NTUninstallKB62280$"
.
The following files were disabled during the run:
c:\program files\SuperCopier2\SC2Hook.dll
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB62280$\950507762
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
.
Infected copy of c:\windows\system32\drivers\dtsoftbus01.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2012-01-14 to 2012-02-14 )))))))))))))))))))))))))))))))
.
.
2012-02-14 01:31 . 2012-02-14 02:15 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-14 01:23 . 2012-01-24 22:43 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-13 01:42 . 2004-08-09 21:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-12 05:26 . 2012-02-12 05:26 -------- d-s---w- c:\windows\Cookies
2012-02-12 04:37 . 2004-08-04 03:59 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
2012-02-12 04:37 . 2004-08-04 03:59 36096 ----a-w- c:\windows\system32\dllcache\intelppm.sys
2012-02-09 11:22 . 2012-02-09 11:22 -------- d-----w- C:\found.001
2012-02-04 21:25 . 2012-02-04 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-02-04 21:25 . 2012-02-04 21:39 -------- d-----w- c:\program files\Security Task Manager
2012-02-04 20:16 . 2011-02-22 18:57 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2012-02-04 20:16 . 2011-02-22 18:57 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2012-02-04 20:16 . 2011-02-22 18:57 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2012-02-04 20:16 . 2012-02-04 20:17 -------- d-----w- c:\program files\ThreatFire
2012-02-04 20:16 . 2012-02-04 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-02-02 17:40 . 2012-02-02 17:44 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
2012-01-29 20:26 . 2012-01-29 21:46 -------- d-----w- c:\program files\Argente - Uninstall Manager
2012-01-24 22:38 . 2012-01-27 19:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DAEMON Tools Lite
2012-01-24 22:22 . 2012-01-24 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2012-01-21 06:49 . 2011-11-09 11:21 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-01-21 06:49 . 2010-11-11 23:10 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2012-01-21 06:49 . 2010-11-11 23:10 100456 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2012-01-21 06:49 . 2004-08-04 04:15 140928 ----a-w- c:\windows\system32\drivers\ks.sys
2012-01-21 06:49 . 2004-08-04 04:08 48640 ----a-w- c:\windows\system32\drivers\stream.sys
2012-01-21 06:49 . 2004-08-04 04:08 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2012-01-21 06:49 . 2004-08-04 07:56 23552 ----a-w- c:\windows\system32\wdmaud.drv
2012-01-21 06:49 . 2004-08-04 05:56 4096 ----a-w- c:\windows\system32\ksuser.dll
2012-01-21 06:49 . 2004-08-04 05:56 130048 ----a-w- c:\windows\system32\ksproxy.ax
2012-01-21 06:49 . 2004-03-16 17:58 136960 ----a-w- c:\windows\system32\drivers\portcls.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 17:33 . 2011-06-14 01:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-31 07:33 . 2011-12-31 07:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-27 08:00 . 2011-07-16 23:59 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-12-23 20:52 . 2011-08-20 00:43 16976 ----a-w- c:\windows\system32\drivers\SSADMDM.SYS
2011-12-23 20:52 . 2011-08-20 00:43 16976 ----a-w- c:\windows\system32\drivers\SSADMDFL.SYS
2011-12-23 20:52 . 2011-01-19 19:07 16976 ----a-w- c:\windows\system32\drivers\SXUPTP.SYS
2011-12-23 20:52 . 2010-10-31 22:48 16976 ----a-w- c:\windows\system32\drivers\BT848.SYS
2011-12-10 20:24 . 2008-07-30 21:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-14 20:01 . 2010-08-06 09:16 1618432 ----a-w- c:\program files\Default Programs Editor.exe
2006-05-03 09:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sha-r- c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-12_03.29.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-14 02:15 . 2012-02-14 02:15 16384 c:\windows\Temp\Perflib_Perfdata_bc.dat
+ 2012-02-14 01:30 . 2012-02-14 01:30 16384 c:\windows\Temp\Perflib_Perfdata_1f4.dat
+ 2012-02-14 02:15 . 2012-02-14 02:15 16384 c:\windows\Temp\Perflib_Perfdata_164.dat
- 2005-08-30 21:07 . 2012-02-12 02:30 88586 c:\windows\system32\perfc009.dat
+ 2005-08-30 21:07 . 2012-02-12 04:38 88586 c:\windows\system32\perfc009.dat
- 2004-08-09 21:00 . 2004-08-09 21:00 64896 c:\windows\system32\drivers\serial.sys
+ 2004-08-09 21:00 . 2004-08-04 04:15 64896 c:\windows\system32\drivers\serial.sys
+ 2004-08-09 21:00 . 2004-08-04 04:15 64896 c:\windows\system32\dllcache\serial.sys
- 2005-08-30 21:02 . 2012-02-07 04:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-30 21:02 . 2012-02-12 20:47 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-30 13:51 . 2012-02-07 04:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-30 13:51 . 2012-02-12 20:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-30 13:51 . 2012-02-07 04:12 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-02-12 20:47 . 2012-02-12 20:47 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-02-12 05:26 . 2012-02-12 05:13 16384 c:\windows\Cookies\index.dat
+ 2012-02-14 02:16 . 2012-02-14 02:16 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2012-02-12 03:24 . 2012-02-12 03:25 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2011-12-21 18:41 . 2012-02-14 02:26 272748 c:\windows\system32\pghash.dat
+ 2005-08-30 21:07 . 2012-02-12 04:38 504792 c:\windows\system32\perfh009.dat
- 2005-08-30 21:07 . 2012-02-12 02:30 504792 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2010-09-02 2158592]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"!1_ProcessGuard_Startup"="c:\program files\ProcessGuard\procguard.exe" [2005-01-20 280064]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-01-19 8563624]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-01-19 8563624]
"SplitCam"="c:\program files\SplitCam\SplitCam.exe" [2011-04-19 2809856]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-04 6497592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2010-02-03 5756544]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
"Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2011-10-22 3065568]
"!1_pgaccount"="c:\program files\ProcessGuard\pgaccount.exe" [2005-01-20 184320]
"StartupDelayer"="c:\program files\Startup Delayer\Startup Launcher GUI.exe" [2009-03-08 147456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-08-15 659200]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-19 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-19 27136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Internet\\Cerberus FTP\\Cerberus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
"c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Internet\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23327:TCP"= 23327:TCP:BitComet 23327 TCP
"23327:UDP"= 23327:UDP:BitComet 23327 UDP
"85:TCP"= 85:TCP:BroadWave Web Server
"5191:TCP"= 5191:TCP:The Browser Highlighter XCOM
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"57575:TCP"= 57575:TCP:pando Media Booster
"57575:UDP"= 57575:UDP:pando Media Booster
"56833:TCP"= 56833:TCP:pando Media Booster
"56833:UDP"= 56833:UDP:pando Media Booster
"19540:UDP"= 19540:UDP:SXUPTP
"443:UDP"= 443:UDP:eek:oVoo UDP port 443
"37674:TCP"= 37674:TCP:eek:oVoo TCP port 37674
"37674:UDP"= 37674:UDP:eek:oVoo UDP port 37674
"37675:UDP"= 37675:UDP:eek:oVoo UDP port 37675
"135:TCP"= 135:TCP:DCOM(135)
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [10/5/2009 1:31 PM 3712]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/30/2011 3:45 PM 64512]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2/4/2012 3:16 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2/4/2012 3:16 PM 69392]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 297168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2/13/2012 8:23 PM 242240]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [4/22/2010 12:46 AM 123856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [4/22/2010 12:46 AM 41680]
R2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [10/24/2009 12:53 AM 1127944]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/9/2004 4:00 PM 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/31/2012 3:02 PM 7391072]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [1/19/2011 2:07 PM 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [1/19/2011 2:07 PM 49152]
R2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [10/31/2010 5:48 PM 16976]
R2 DCSPGSRV;DiamondCS Process Guard Service v3.000;c:\program files\ProcessGuard\DCSUserProt.exe [12/20/2011 4:10 PM 69632]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
R2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [10/26/2010 4:25 PM 319568]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/16/2011 6:58 PM 12184]
R2 PFNet;Privacyware network service;c:\program files\Privacyware\Privatefirewall 7.0\pfsvc.exe [10/21/2011 9:57 PM 379328]
R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [12/20/2011 4:10 PM 24911]
R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [12/5/2010 7:13 PM 354176]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\SXUPTP.SYS [1/19/2011 2:07 PM 16976]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [1/24/2010 11:34 PM 70952]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 27216]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [1/22/2010 12:21 PM 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [1/22/2010 12:21 PM 139648]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/21/2012 1:49 AM 100456]
R3 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [12/18/2011 7:10 PM 130360]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2/4/2012 3:16 PM 33552]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [12/3/2010 1:56 PM 2127728]
S1 PDIDRV;PDIDRV; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2010 5:51 PM 136176]
S2 NFService;Fastream IQ Web/FTP Server;c:\progra~1\FASTRE~2\IQWebFTPServerEngine.exe --> c:\progra~1\FASTRE~2\IQWebFTPServerEngine.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [8/19/2011 7:43 PM 30312]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2010 5:51 PM 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [7/17/2010 2:02 AM 24576]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [6/20/2011 10:31 AM 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [6/20/2011 10:31 AM 15232]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [4/30/2011 7:00 AM 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [4/30/2011 7:00 AM 12184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/28/2007 7:01 PM 42512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 npkycryp;npkycryp; [x]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [8/4/2011 2:27 AM 86016]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [1/19/2011 12:08 PM 590080]
S3 SjyPkt;SjyPkt; [x]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [8/19/2011 7:43 PM 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\SSADMDFL.SYS [8/19/2011 7:43 PM 16976]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\SSADMDM.SYS [8/19/2011 7:43 PM 16976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys --> c:\windows\system32\DRIVERS\C-itnt.sys [?]
S4 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
S4 sptd;sptd;c:\windows\system32\drivers\SPTD.SYS [11/11/2006 1:54 AM 16976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PGFILTER
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
MRESP50a64
wps
MSFWDrv
point32
MTC0001_ESB
se59mgmt
queuemgr
cmdmon
Nsynas32
mirrorv3
GTPTSER
x10nets
houdinilicenseserver
sfhlp02
mgabgexe
int15
wmconnectcds
issimon
NWFILTER
s116nd5
lusbaudio
clmtomcatstartersvc
foldersize
ikfilesec
centennialclientagent
SaiH040B
imap4d32
nmindexingservice
pclepci
CAM1210
portmapper
lxbx_device
dwusbdnt
mcusrmgr
SQTECH9080
s117mdm
iPassPeriodicUpdateApp
SMCB000
sthda
st330service
icraplus
com0com
lxbt_device
cpqnicmgmt
SaiNtHid
toscosrv
NuidFltr
k56
infrastructure
vwlogger
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-01-19 20:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 07:40]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 22:51]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 22:51]
.
2012-02-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
2011-02-12 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-05-08 21:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/b/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &D&ownload &with BitComet - c:\program files\Internet\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\Internet\BitComet\BitComet.exe/AddAllLink.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download all by NetXfer - c:\program files\Internet\NetXfer\NXAddList.html
IE: Download by NetXfer - c:\program files\Internet\NetXfer\NXAddLink.html
IE: Free YouTube Download - c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{A3A0268C-3146-431d-84EE-2789B750ABD2} - {4E2E9E0B-6C23-45e9-A8A3-6A5581779451} - c:\program files\Bubbles\BubblesHBO.dll
LSP: mswsock.dll
Trusted Zone: trymedia.com
TCP: DhcpNameServer = 192.168.2.1
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Internet\Mozilla Firefox 3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Link Alert: linkalert.conlan@addons.mozilla.com - %profile%\extensions\linkalert.conlan@addons.mozilla.com
FF - Ext: VacuumPlaces Extension: VacuumPlaces@revertron.com - %profile%\extensions\VacuumPlaces@revertron.com
FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
FF - Ext: Clear Cache Button: {563e4790-7e70-11da-a72b-0800200c9a66} - %profile%\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
FF - Ext: Walnut for Firefox: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} - %profile%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Ext: View Cookies: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21} - %profile%\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
FF - Ext: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
FF - Ext: AvantGarde Rosepetal: {9f94fab0-58a2-11dd-ae16-0800200c9a66} - %profile%\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Lazarus: Form Recovery: lazarus@interclue.com - %profile%\extensions\lazarus@interclue.com
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Show my Password: {cd617372-6743-4ee4-bac4-fbf60f35719e} - %profile%\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: Better Facebook!: betterfacebook@mattkruse.com - %profile%\extensions\betterfacebook@mattkruse.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG10\Firefox
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-13 21:18
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB62280$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.dtsoftbus01]
"ImagePath"="\?"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\mc23.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3220704123-1705262036-168104783-1007\Software\SecuROM\License information*]
"datasecu"=hex:56,6a,f9,4a,a2,74,63,e0,5a,b2,45,7b,2d,a8,b5,b1,a5,61,80,30,ec,
fd,11,38,6a,03,80,0d,de,c9,ca,7e,8e,96,76,21,57,e0,db,41,fb,69,67,95,2f,13,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\software\’t*’0 ’ ’X*’p*’ \’0 ’O*’i*’*’N*’o*’g*’9 ’I*’t*’0 ’C*’  Ç*0 Á*’V*’i*’`’I*2*]
"ShortcutName"="ƒ‰ƒOƒiƒƒNƒoƒgƒ‹ƒIƒtƒ‰ƒCƒ“’ljÁƒVƒiƒŠƒI2"
.
[HKEY_LOCAL_MACHINE\software\’t*’0 ’ ’X*’p*’ \’0 ’O*’i*’*’N*’o*’g*’9 ’I*’t*’0 ’C*’  Ç*0 Á*’V*’i*’`’I*3*]
"ShortcutName"="ƒ‰ƒOƒiƒƒNƒoƒgƒ‹ƒIƒtƒ‰ƒCƒ“’ljÁƒVƒiƒŠƒI3"
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(324)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(592)
c:\windows\system32\mswsock.dll
mswsock.dll 71a50000 258048 \\.\globalroot\systemroot\system32\mswsock.dll
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'Explorer.EXE'(1716)
c:\program files\TortoiseSVN\bin\tortoisesvn.dll
c:\windows\system32\MSWSOCK.dll
mswsock.dll 71a50000 258048 \\?\globalroot\systemroot\system32\mswsock.dll
c:\program files\TortoiseSVN\bin\intl3_svn.dll
c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFWAH.dll
c:\program files\SuperCopier2\SC2Hook.dll
c:\program files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll
c:\program files\Avi2Dvd\Programs\Filters\Haali media splitter\mkunicode.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\windows\arservice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\ThreatFire\TFService.exe
c:\program files\tbh\base\bin\tbhDaemon.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\hp\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
c:\program files\Common Files\InstallShield\UpdateService\agent.exe
c:\program files\Java\jre1.5.0_06\bin\jusched.exe
c:\program files\Common Files\InstallShield\UpdateService\issch.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\ehome\ehtray.exe
c:\windows\eHome\ehmsas.exe
c:\program files\DU Meter\DUMeter.exe
c:\program files\DISC\DiscUpdMgr.exe
.
**************************************************************************
.
Completion time: 2012-02-13 21:42:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-14 02:42
ComboFix2.txt 2012-02-12 05:26
ComboFix3.txt 2012-02-12 03:49
.
Pre-Run: 45,386,985,472 bytes free
Post-Run: 45,372,592,128 bytes free
.
- - End Of File - - 37AADC7BFA95583B27554543CF09E145
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\windows\system32\dds_trash_log.cmd
c:\windows\TEMP\logishrd\LVPrcInj01.dll

Folder::
c:\windows\$NtUninstallKB62280$

Driver::

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mchInjDrv]

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 12-02-11.03 - HP_Administrator 02/14/2012 13:00:30.5.6 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2642 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Privatefirewall *Disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB62280$\1921239767
c:\windows\$NtUninstallKB62280$\485945278\@
c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
c:\windows\$NtUninstallKB62280$\485945278\L\aqaeidou
c:\windows\$NtUninstallKB62280$\485945278\oemid
c:\windows\$NtUninstallKB62280$\485945278\U\00000001.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000002.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000000.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000032.@
c:\windows\$NtUninstallKB62280$\485945278\version
c:\windows\$NtUninstallKB62280$\485945278\cfg.ini . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
.
Infected copy of c:\windows\system32\drivers\serial.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2012-01-14 to 2012-02-14 )))))))))))))))))))))))))))))))
.
.
2012-02-14 06:33 . 2004-08-04 04:15 64896 ----a-w- c:\windows\system32\drivers\serial.sys
2012-02-14 01:31 . 2012-02-14 17:51 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-14 01:23 . 2012-01-24 22:43 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-13 01:42 . 2004-08-09 21:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-12 05:26 . 2012-02-12 05:26 -------- d-s---w- c:\windows\Cookies
2012-02-12 04:37 . 2004-08-04 03:59 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
2012-02-12 04:37 . 2004-08-04 03:59 36096 ----a-w- c:\windows\system32\dllcache\intelppm.sys
2012-02-09 11:22 . 2012-02-09 11:22 -------- d-----w- C:\found.001
2012-02-04 21:25 . 2012-02-04 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-02-04 21:25 . 2012-02-04 21:39 -------- d-----w- c:\program files\Security Task Manager
2012-02-04 20:16 . 2011-02-22 18:57 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2012-02-04 20:16 . 2011-02-22 18:57 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2012-02-04 20:16 . 2011-02-22 18:57 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2012-02-04 20:16 . 2012-02-04 20:17 -------- d-----w- c:\program files\ThreatFire
2012-02-04 20:16 . 2012-02-04 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-02-02 17:40 . 2012-02-02 17:44 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
2012-01-29 20:26 . 2012-01-29 21:46 -------- d-----w- c:\program files\Argente - Uninstall Manager
2012-01-24 22:38 . 2012-01-27 19:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DAEMON Tools Lite
2012-01-24 22:22 . 2012-01-24 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2012-01-21 06:49 . 2011-11-09 11:21 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-01-21 06:49 . 2010-11-11 23:10 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2012-01-21 06:49 . 2010-11-11 23:10 100456 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2012-01-21 06:49 . 2004-08-04 04:15 140928 ----a-w- c:\windows\system32\drivers\ks.sys
2012-01-21 06:49 . 2004-08-04 04:08 48640 ----a-w- c:\windows\system32\drivers\stream.sys
2012-01-21 06:49 . 2004-08-04 04:08 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2012-01-21 06:49 . 2004-08-04 07:56 23552 ----a-w- c:\windows\system32\wdmaud.drv
2012-01-21 06:49 . 2004-08-04 05:56 4096 ----a-w- c:\windows\system32\ksuser.dll
2012-01-21 06:49 . 2004-08-04 05:56 130048 ----a-w- c:\windows\system32\ksproxy.ax
2012-01-21 06:49 . 2004-03-16 17:58 136960 ----a-w- c:\windows\system32\drivers\portcls.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 17:33 . 2011-06-14 01:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-31 07:33 . 2011-12-31 07:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-27 08:00 . 2011-07-16 23:59 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-12-23 20:52 . 2011-08-20 00:43 16976 ----a-w- c:\windows\system32\drivers\SSADMDM.SYS
2011-12-23 20:52 . 2011-08-20 00:43 16976 ----a-w- c:\windows\system32\drivers\SSADMDFL.SYS
2011-12-23 20:52 . 2011-01-19 19:07 16976 ----a-w- c:\windows\system32\drivers\SXUPTP.SYS
2011-12-23 20:52 . 2010-10-31 22:48 16976 ----a-w- c:\windows\system32\drivers\BT848.SYS
2011-12-10 20:24 . 2008-07-30 21:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-14 20:01 . 2010-08-06 09:16 1618432 ----a-w- c:\program files\Default Programs Editor.exe
2006-05-03 09:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sha-r- c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-12_03.29.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-14 18:29 . 2012-02-14 18:29 16384 c:\windows\Temp\Perflib_Perfdata_304.dat
+ 2012-02-14 18:29 . 2012-02-14 18:29 16384 c:\windows\Temp\Perflib_Perfdata_194.dat
+ 2005-08-30 21:07 . 2012-02-12 04:38 88586 c:\windows\system32\perfc009.dat
- 2005-08-30 21:07 . 2012-02-12 02:30 88586 c:\windows\system32\perfc009.dat
+ 2004-08-09 21:00 . 2004-08-04 04:15 64896 c:\windows\system32\dllcache\serial.sys
+ 2005-08-30 21:02 . 2012-02-12 20:47 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-30 21:02 . 2012-02-07 04:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-30 13:51 . 2012-02-07 04:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-30 13:51 . 2012-02-12 20:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-02-12 05:26 . 2012-02-14 02:18 16384 c:\windows\Cookies\index.dat
- 2012-02-12 03:24 . 2012-02-12 03:25 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2012-02-14 18:29 . 2012-02-14 18:30 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2011-12-21 18:41 . 2012-02-14 18:37 274276 c:\windows\system32\pghash.dat
- 2005-08-30 21:07 . 2012-02-12 02:30 504792 c:\windows\system32\perfh009.dat
+ 2005-08-30 21:07 . 2012-02-12 04:38 504792 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2010-09-02 2158592]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"!1_ProcessGuard_Startup"="c:\program files\ProcessGuard\procguard.exe" [2005-01-20 280064]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-01-19 8563624]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-01-19 8563624]
"SplitCam"="c:\program files\SplitCam\SplitCam.exe" [2011-04-19 2809856]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-04 6497592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2010-02-03 5756544]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
"Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2011-10-22 3065568]
"!1_pgaccount"="c:\program files\ProcessGuard\pgaccount.exe" [2005-01-20 184320]
"StartupDelayer"="c:\program files\Startup Delayer\Startup Launcher GUI.exe" [2009-03-08 147456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-08-15 659200]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-19 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-19 27136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Internet\\Cerberus FTP\\Cerberus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
"c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Internet\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23327:TCP"= 23327:TCP:BitComet 23327 TCP
"23327:UDP"= 23327:UDP:BitComet 23327 UDP
"85:TCP"= 85:TCP:BroadWave Web Server
"5191:TCP"= 5191:TCP:The Browser Highlighter XCOM
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"57575:TCP"= 57575:TCP:pando Media Booster
"57575:UDP"= 57575:UDP:pando Media Booster
"56833:TCP"= 56833:TCP:pando Media Booster
"56833:UDP"= 56833:UDP:pando Media Booster
"19540:UDP"= 19540:UDP:SXUPTP
"443:UDP"= 443:UDP:eek:oVoo UDP port 443
"37674:TCP"= 37674:TCP:eek:oVoo TCP port 37674
"37674:UDP"= 37674:UDP:eek:oVoo UDP port 37674
"37675:UDP"= 37675:UDP:eek:oVoo UDP port 37675
"135:TCP"= 135:TCP:DCOM(135)
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [10/5/2009 1:31 PM 3712]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/30/2011 3:45 PM 64512]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2/4/2012 3:16 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2/4/2012 3:16 PM 69392]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 297168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2/13/2012 8:23 PM 242240]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [4/22/2010 12:46 AM 123856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [4/22/2010 12:46 AM 41680]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/9/2004 4:00 PM 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/31/2012 3:02 PM 7391072]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [1/19/2011 2:07 PM 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [1/19/2011 2:07 PM 49152]
R2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [10/31/2010 5:48 PM 16976]
R2 DCSPGSRV;DiamondCS Process Guard Service v3.000;c:\program files\ProcessGuard\DCSUserProt.exe [12/20/2011 4:10 PM 69632]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
R2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [10/26/2010 4:25 PM 319568]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/16/2011 6:58 PM 12184]
R2 PFNet;Privacyware network service;c:\program files\Privacyware\Privatefirewall 7.0\pfsvc.exe [10/21/2011 9:57 PM 379328]
R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [12/20/2011 4:10 PM 24911]
R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [12/5/2010 7:13 PM 354176]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\SXUPTP.SYS [1/19/2011 2:07 PM 16976]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [1/24/2010 11:34 PM 70952]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 27216]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [1/22/2010 12:21 PM 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [1/22/2010 12:21 PM 139648]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/21/2012 1:49 AM 100456]
R3 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [12/18/2011 7:10 PM 130360]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2/4/2012 3:16 PM 33552]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [12/3/2010 1:56 PM 2127728]
S1 PDIDRV;PDIDRV; [x]
S2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [10/24/2009 12:53 AM 1127944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2010 5:51 PM 136176]
S2 NFService;Fastream IQ Web/FTP Server;c:\progra~1\FASTRE~2\IQWebFTPServerEngine.exe --> c:\progra~1\FASTRE~2\IQWebFTPServerEngine.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [8/19/2011 7:43 PM 30312]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2010 5:51 PM 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [7/17/2010 2:02 AM 24576]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [6/20/2011 10:31 AM 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [6/20/2011 10:31 AM 15232]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [4/30/2011 7:00 AM 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [4/30/2011 7:00 AM 12184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/28/2007 7:01 PM 42512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 npkycryp;npkycryp; [x]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [8/4/2011 2:27 AM 86016]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [1/19/2011 12:08 PM 590080]
S3 SjyPkt;SjyPkt; [x]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [8/19/2011 7:43 PM 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\SSADMDFL.SYS [8/19/2011 7:43 PM 16976]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\SSADMDM.SYS [8/19/2011 7:43 PM 16976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys --> c:\windows\system32\DRIVERS\C-itnt.sys [?]
S4 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
S4 sptd;sptd;c:\windows\system32\drivers\SPTD.SYS [11/11/2006 1:54 AM 16976]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
MRESP50a64
wps
MSFWDrv
point32
MTC0001_ESB
se59mgmt
queuemgr
cmdmon
Nsynas32
mirrorv3
GTPTSER
x10nets
houdinilicenseserver
sfhlp02
mgabgexe
int15
wmconnectcds
issimon
NWFILTER
s116nd5
lusbaudio
clmtomcatstartersvc
foldersize
ikfilesec
centennialclientagent
SaiH040B
imap4d32
nmindexingservice
pclepci
CAM1210
portmapper
lxbx_device
dwusbdnt
mcusrmgr
SQTECH9080
s117mdm
iPassPeriodicUpdateApp
SMCB000
sthda
st330service
icraplus
com0com
lxbt_device
cpqnicmgmt
SaiNtHid
toscosrv
NuidFltr
k56
infrastructure
vwlogger
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-01-19 20:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 07:40]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 22:51]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 22:51]
.
2012-02-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
2011-02-12 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-05-08 21:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/b/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &D&ownload &with BitComet - c:\program files\Internet\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\Internet\BitComet\BitComet.exe/AddAllLink.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download all by NetXfer - c:\program files\Internet\NetXfer\NXAddList.html
IE: Download by NetXfer - c:\program files\Internet\NetXfer\NXAddLink.html
IE: Free YouTube Download - c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{A3A0268C-3146-431d-84EE-2789B750ABD2} - {4E2E9E0B-6C23-45e9-A8A3-6A5581779451} - c:\program files\Bubbles\BubblesHBO.dll
Trusted Zone: trymedia.com
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Internet\Mozilla Firefox 3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Link Alert: linkalert.conlan@addons.mozilla.com - %profile%\extensions\linkalert.conlan@addons.mozilla.com
FF - Ext: VacuumPlaces Extension: VacuumPlaces@revertron.com - %profile%\extensions\VacuumPlaces@revertron.com
FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
FF - Ext: Clear Cache Button: {563e4790-7e70-11da-a72b-0800200c9a66} - %profile%\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
FF - Ext: Walnut for Firefox: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} - %profile%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Ext: View Cookies: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21} - %profile%\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
FF - Ext: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
FF - Ext: AvantGarde Rosepetal: {9f94fab0-58a2-11dd-ae16-0800200c9a66} - %profile%\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Lazarus: Form Recovery: lazarus@interclue.com - %profile%\extensions\lazarus@interclue.com
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Show my Password: {cd617372-6743-4ee4-bac4-fbf60f35719e} - %profile%\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: Better Facebook!: betterfacebook@mattkruse.com - %profile%\extensions\betterfacebook@mattkruse.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG10\Firefox
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-14 13:31
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB62280$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.dtsoftbus01]
"ImagePath"="\?"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\mc21.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3220704123-1705262036-168104783-1007\Software\SecuROM\License information*]
"datasecu"=hex:56,6a,f9,4a,a2,74,63,e0,5a,b2,45,7b,2d,a8,b5,b1,a5,61,80,30,ec,
fd,11,38,6a,03,80,0d,de,c9,ca,7e,8e,96,76,21,57,e0,db,41,fb,69,67,95,2f,13,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\software\’t*’0 ’ ’X*’p*’ \’0 ’O*’i*’*’N*’o*’g*’9 ’I*’t*’0 ’C*’  Ç*0 Á*’V*’i*’`’I*2*]
"ShortcutName"="ƒ‰ƒOƒiƒƒNƒoƒgƒ‹ƒIƒtƒ‰ƒCƒ“’ljÁƒVƒiƒŠƒI2"
.
[HKEY_LOCAL_MACHINE\software\’t*’0 ’ ’X*’p*’ \’0 ’O*’i*’*’N*’o*’g*’9 ’I*’t*’0 ’C*’  Ç*0 Á*’V*’i*’`’I*3*]
"ShortcutName"="ƒ‰ƒOƒiƒƒNƒoƒgƒ‹ƒIƒtƒ‰ƒCƒ“’ljÁƒVƒiƒŠƒI3"
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(336)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll
.
- - - - - - - > 'lsass.exe'(608)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'Explorer.EXE'(2472)
c:\program files\TortoiseSVN\bin\tortoisesvn.dll
c:\program files\TortoiseSVN\bin\intl3_svn.dll
c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll
c:\windows\system32\WSOCK32.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SuperCopier2\SC2Hook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\windows\arservice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\ThreatFire\TFService.exe
c:\program files\tbh\base\bin\tbhDaemon.exe
c:\windows\system32\wscntfy.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\hp\KBD\KBD.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system\hpsysdrv.exe
c:\program files\Common Files\InstallShield\UpdateService\issch.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\ehome\ehtray.exe
c:\windows\eHome\ehmsas.exe
c:\program files\DU Meter\DUMeter.exe
c:\program files\DISC\DiscUpdMgr.exe
.
**************************************************************************
.
Completion time: 2012-02-14 13:43:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-14 18:43
ComboFix2.txt 2012-02-14 02:42
ComboFix3.txt 2012-02-12 05:26
ComboFix4.txt 2012-02-12 03:49
.
Pre-Run: 45,356,290,048 bytes free
Post-Run: 45,311,131,648 bytes free
.
- - End Of File - - 2CAB57BAFEE0C43E61FFC8D7C252E5F1
 
Back