TechSpot

Trying to clear out remnants of XP *** 2012 infection

Solved
By rubydreamer
Feb 11, 2012
  1. About a month ago, I somehow managed to get both the Antivirus AND Internet Security infections. At that time I had AVG.

    I spent about a week or so getting rid of those issues with help given to others and my system was working well enough except for some minor annoying issues.

    Occasionally, Firefox would pop up this unwanted spam page in a new tab, which was always one of a small set of URLs (obviously crap I didn't want that would likely lead to infections)

    After getting rid of those two nasties I upped my defenses with Process Guard, PrivateFirewall and ThreatFire. Spyboy SD and MBAM were both showing nothing.

    However, in looking to find the root of these continuing annoyances I stumbled upon several things over the next few weeks.

    1. Ports 34354 and 18504 open via svchost (and nothing to explain why)
    2. Occasionally a tiny rogue setup.exe being launched by svchost from a random temp directory. (I managed to snatch one before it was summarily deleted by itself)
    3. Random reboots (usually late at night)
    4. the application or dll 80000032.@ is not a valid windows image please check this against your installation. Messages (after I did a scandisk including a surface scan from a clean boot environment. Thank you HIREN boot CD)



    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.11.04

    Windows XP Service Pack 2 x86 NTFS
    Internet Explorer 6.0.2900.2180
    HP_Administrator :: ELENGIL [administrator]

    2/11/2012 10:29:32 AM
    mbam-log-2012-02-11 (10-29-32).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 260106
    Time elapsed: 34 minute(s), 35 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 1
    C:\WINDOWS\system32\rtl8185.dll (RootKit.0Access.H) -> Delete on reboot.

    Registry Keys Detected: 1
    HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NETWORKLOG (Trojan.Downloader) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKLM\SYSTEM\CurrentControlSet\Services\NetworkLog|ImagePath (Trojan.Downloader) -> Data: C:\WINDOWS\svcs.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 48
    C:\WINDOWS\system32\rtl8185.dll (RootKit.0Access.H) -> Delete on reboot.
    C:\WINDOWS\system32\alcxsens.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\apphostsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ASLDRService.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\avgarcln.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\axinstsv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\DELTA.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ec2007service.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\eectrl.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\epsonstatusagent2.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fsma.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\Hardlock.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hidusb.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\icepack.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iPassP.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kbdclass.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcafeeantispyware.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcvsrte.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\NetMsmqActivator.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\NICSer_WPC54G.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nmindexingservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\NWSNS.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pavatscheduler.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\s716mgmt.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\serenum.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\server.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\siswlsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssmdrv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ss_bus.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\StkScan.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\symdns.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tangoservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tdimsys.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\transbaseservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tvichw32.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wencrservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wg3n.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\WIBUKEY.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winachsf.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\GENERICDRV.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lcs.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rpcnet.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\zpjobq.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\_NWFILTER.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\X10UIF.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\prfldsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lvuvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\magictuneengine.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-02-11 16:19:54
    Windows 5.1.2600 Service Pack 2 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-e ST3320833AS rev.3.AHH
    Running: 9kovs3ji.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kxldapog.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_30
    Run by HP_Administrator at 16:22:17 on 2012-02-11
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.1923 [GMT -5:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    FW: Privatefirewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
    C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\WINDOWS\arservice.exe
    C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
    C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
    C:\Program Files\ProcessGuard\dcsuserprot.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
    C:\Program Files\ThreatFire\TFService.exe
    c:\Program Files\tbh\base\bin\tbhDaemon.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
    C:\Program Files\ProcessGuard\pgaccount.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\ThreatFire\TFTray.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Vtune\TBPanel.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\ProcessGuard\procguard.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe
    C:\Program Files\DISC\DISCover.exe
    C:\Program Files\SplitCam\SplitCam.exe
    C:\Program Files\DISC\DiscUpdMgr.exe
    C:\WINDOWS\ARPWRMSG.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\DU Meter\DUMeter.exe
    C:\Program Files\Internet\BitComet\BitComet.exe
    C:\Documents and Settings\HP_Administrator\Local Settings\Apps\F.lux\flux.exe
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\FreeCommander\FreeCommander.exe
    C:\Program Files\Internet\Mozilla Firefox 3\firefox.exe
    \\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.atcomet.com/b/
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = www.google.com
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
    {1e7837cb-ad5f-48be-b10e-b617da4d3343}
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\internet\bitcomet\tools\BitCometBHO_1.5.4.11.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - hpWebHelper Class
    BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    {fbd95266-b665-4e3e-aba8-ea06b7dea609}
    TB: NetXfer: {c16cbaac-a75c-4db5-a0dd-cdf5cafcdd3a} - c:\program files\internet\netxfer\NXToolBar.dll
    TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
    uRun: [TBPanel] c:\program files\vtune\TBPanel.exe /A
    uRun: [SuperCopier2.exe] c:\program files\supercopier2\SuperCopier2.exe
    uRun: [!1_ProcessGuard_Startup] "c:\program files\processguard\procguard.exe" -minimize
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [DriverMax] "c:\program files\innovative solutions\drivermax\drivermax.exe" -agent
    uRun: [DriverMax_RESTART] "c:\program files\innovative solutions\drivermax\drivermax.exe" -RESTART
    uRun: [SplitCam] c:\program files\splitcam\SplitCam.exe
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
    mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
    mRun: [Six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -b
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
    mRun: [Privatefirewall] c:\program files\privacyware\privatefirewall 7.0\PFGUI.exe
    mRun: [!1_pgaccount] "c:\program files\processguard\pgaccount.exe"
    mRun: [StartupDelayer] "c:\program files\startup delayer\Startup Launcher GUI.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
    dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
    mPolicies-explorer: NoStartMenuMorePrograms = 1 (0x1)
    IE: &D&ownload &with BitComet - c:\program files\internet\bitcomet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files\internet\bitcomet\BitComet.exe/AddAllLink.htm
    IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
    IE: Download all by NetXfer - c:\program files\internet\netxfer\NXAddList.html
    IE: Download by NetXfer - c:\program files\internet\netxfer\NXAddLink.html
    IE: Free YouTube Download - c:\documents and settings\hp_administrator\application data\dvdvideosoftiehelpers\youtubedownload.htm
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\hp_administrator\application data\dvdvideosoftiehelpers\youtubetomp3.htm
    IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
    IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\internet\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
    IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {A3A0268C-3146-431d-84EE-2789B750ABD2} - {4E2E9E0B-6C23-45e9-A8A3-6A5581779451} - c:\program files\bubbles\BubblesHBO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: mswsock.dll
    Trusted Zone: trymedia.com
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1287561639000
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{1594FE92-FEC5-43E7-902C-E92A362EBDCF} : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    TCP: Interfaces\{9B743EA3-719A-4C2C-A274-07437BDFF65F} : DhcpNameServer = 192.168.0.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: {AC519E4E-EDF0-48C7-8ADA-2A4A5B1C81C9} - No File
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    LSA: Authentication Packages = msv1_0 c:\windows\system32\wvUOebBS
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\o17z89r9.firefox3\
    FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\o17z89r9.firefox3\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
    FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\o17z89r9.firefox3\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension3.dll
    FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
    FF - component: c:\program files\internet\mozilla firefox 3\components\GoogleDesktopMozilla.dll
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
    FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\o17z89r9.firefox3\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
    FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\internet\mozilla firefox 3\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\internet\mozilla firefox 3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\internet\mozilla firefox 3\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\internet\mozilla firefox 3\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\internet\mozilla firefox 3\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    FF - Ext: Link Alert: linkalert.conlan@addons.mozilla.com - %profile%\extensions\linkalert.conlan@addons.mozilla.com
    FF - Ext: VacuumPlaces Extension: VacuumPlaces@revertron.com - %profile%\extensions\VacuumPlaces@revertron.com
    FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com
    FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
    FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
    FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
    FF - Ext: Clear Cache Button: {563e4790-7e70-11da-a72b-0800200c9a66} - %profile%\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
    FF - Ext: Walnut for Firefox: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} - %profile%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
    FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    FF - Ext: View Cookies: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21} - %profile%\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
    FF - Ext: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
    FF - Ext: AvantGarde Rosepetal: {9f94fab0-58a2-11dd-ae16-0800200c9a66} - %profile%\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
    FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
    FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: Lazarus: Form Recovery: lazarus@interclue.com - %profile%\extensions\lazarus@interclue.com
    FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
    FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com
    FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    FF - Ext: Show my Password: {cd617372-6743-4ee4-bac4-fbf60f35719e} - %profile%\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
    FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
    FF - Ext: Better Facebook!: betterfacebook@mattkruse.com - %profile%\extensions\betterfacebook@mattkruse.com
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
    FF - Ext: XULRunner: {2AD94B75-6B3B-4902-885C-DF4193ED7271} - c:\documents and settings\hp_administrator\local settings\application data\{2AD94B75-6B3B-4902-885C-DF4193ED7271}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-6-30 64512]
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-2-4 51984]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-2-4 69392]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-1-24 242240]
    R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-4-22 123856]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-4-22 41680]
    R2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\lsoft technologies inc\active@ hard disk monitor\DiskMonitorService.exe [2009-10-24 1127944]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-9 14336]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
    R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2011-1-19 152064]
    R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2011-1-19 49152]
    R2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [2010-10-31 16976]
    R2 DCSPGSRV;DiamondCS Process Guard Service v3.000;c:\program files\processguard\DCSUserProt.exe [2011-12-20 69632]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
    R2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\logitech\solarapp\L4301_Solar.exe [2010-10-26 319568]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-7-16 12184]
    R2 PFNet;Privacyware network service;c:\program files\privacyware\privatefirewall 7.0\pfsvc.exe [2011-10-21 379328]
    R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [2011-12-20 24911]
    R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [2010-12-5 354176]
    R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\SXUPTP.SYS [2011-1-19 16976]
    R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2010-1-24 70952]
    R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-1-22 59904]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-1-22 139648]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2012-1-21 100456]
    R3 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2011-12-18 130360]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-2-4 33552]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-12-3 2127728]
    S0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [2009-10-5 3712]
    S1 PDIDRV;PDIDRV; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-29 136176]
    S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    S2 NFService;Fastream IQ Web/FTP Server;c:\progra~1\fastre~2\iqwebftpserverengine.exe --> c:\progra~1\fastre~2\IQWebFTPServerEngine.exe [?]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-8-19 30312]
    S3 cpuz135;cpuz135;\??\c:\docume~1\hp_adm~1\locals~1\temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\hp_adm~1\locals~1\temp\cpuz135\cpuz135_x32.sys [?]
    S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; [x]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-29 136176]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-7-17 24576]
    S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-6-20 2152152]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-6-20 15232]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-4-30 42648]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-4-30 12184]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-28 42512]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 npkycryp;npkycryp; [x]
    S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2011-8-4 86016]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2011-1-19 590080]
    S3 SjyPkt;SjyPkt; [x]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-8-19 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\SSADMDFL.SYS [2011-8-19 16976]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\SSADMDM.SYS [2011-8-19 16976]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [2006-11-11 805808]
    S4 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    .
    =============== Created Last 30 ================
    .
    2012-02-11 21:14:13 54016 ----a-w- c:\windows\system32\drivers\icdvgd.sys
    2012-02-09 11:22:28 -------- d-sh--w- C:\found.001
    2012-02-07 21:24:12 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-04 21:25:16 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
    2012-02-04 21:25:02 -------- d-----w- c:\program files\Security Task Manager
    2012-02-04 20:16:59 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
    2012-02-04 20:16:59 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
    2012-02-04 20:16:59 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
    2012-02-04 20:16:56 -------- d-----w- c:\program files\ThreatFire
    2012-02-04 20:16:56 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
    2012-02-02 17:40:07 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
    2012-01-29 20:26:24 -------- d-----w- c:\program files\Argente - Uninstall Manager
    2012-01-24 22:39:41 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-01-24 22:38:05 -------- d-----w- c:\documents and settings\hp_administrator\application data\DAEMON Tools Lite
    2012-01-24 22:22:37 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
    2012-01-21 06:49:18 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
    2012-01-21 06:49:02 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
    2012-01-21 06:49:02 48640 ----a-w- c:\windows\system32\drivers\stream.sys
    2012-01-21 06:49:02 26216 ----a-w- c:\windows\system32\nvhdap32.dll
    2012-01-21 06:49:02 140928 ----a-w- c:\windows\system32\drivers\ks.sys
    2012-01-21 06:49:02 100456 ----a-w- c:\windows\system32\drivers\nvhda32.sys
    2012-01-21 06:49:01 4096 ----a-w- c:\windows\system32\ksuser.dll
    2012-01-21 06:49:01 23552 ----a-w- c:\windows\system32\wdmaud.drv
    2012-01-21 06:49:00 136960 ----a-w- c:\windows\system32\drivers\portcls.sys
    2012-01-21 06:49:00 130048 ----a-w- c:\windows\system32\ksproxy.ax
    .
    ==================== Find3M ====================
    .
    2012-01-27 03:13:01 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2012-01-27 03:13:01 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2012-01-26 17:33:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-31 07:33:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-12-31 07:33:28 472808 ----a-w- c:\windows\system32\REN196.tmp
    2011-12-27 08:00:02 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2011-12-23 23:10:36 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-12-23 20:52:17 16976 ----a-w- c:\windows\system32\drivers\SXUPTP.SYS
    2011-12-23 20:52:17 16976 ----a-w- c:\windows\system32\drivers\SSADMDM.SYS
    2011-12-23 20:52:17 16976 ----a-w- c:\windows\system32\drivers\SSADMDFL.SYS
    2011-12-23 20:52:17 16976 ----a-w- c:\windows\system32\drivers\BT848.SYS
    2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-14 20:01:50 1618432 ----a-w- c:\program files\Default Programs Editor.exe
    2006-05-03 09:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
    2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 12:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
    .
    ============= FINISH: 16:25:19.26 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 46,863   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================================

    I still need Attach.txt part of DDS.

    Then....

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===========================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  3. rubydreamer

    rubydreamer TS Rookie Topic Starter Posts: 41

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume3
    Install Date: 11/5/2006 9:04:38 PM
    System Uptime: 2/11/2012 3:01:39 PM (1 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4A77T/USB3
    Processor: AMD Phenom(tm) II X6 1055T Processor | AM3 | 2812/200mhz
    Processor: AMD Phenom(tm) II X6 1055T Processor | AM3 | 2812/200mhz
    Processor: AMD Phenom(tm) II X6 1055T Processor | AM3 | 2812/200mhz
    Processor: AMD Phenom(tm) II X6 1055T Processor | AM3 | 2812/200mhz
    Processor: AMD Phenom(tm) II X6 1055T Processor | AM3 | 2812/200mhz
    Processor: AMD Phenom(tm) II X6 1055T Processor | AM3 | 2812/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 289 GiB total, 41.936 GiB free.
    D: is FIXED (FAT32) - 9 GiB total, 0.606 GiB free.
    E: is FIXED (NTFS) - 293 GiB total, 291.945 GiB free.
    F: is CDROM (CDFS)
    G: is Removable
    H: is Removable
    I: is Removable
    J: is FIXED (NTFS) - 639 GiB total, 352.655 GiB free.
    K: is FIXED (NTFS) - 116 GiB total, 23.112 GiB free.
    L: is Removable
    M: is CDROM (CDFS)
    P: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Virtual Machine Network Services Driver
    Device ID: ROOT\CNTX_VPCNETS2_MP\0001
    Manufacturer: Microsoft
    Name: Virtual Machine Network Services Driver #2
    PNP Device ID: ROOT\CNTX_VPCNETS2_MP\0001
    Service: VPCNetS2
    .
    ==== System Restore Points ===================
    .
    RP437: 12/19/2011 8:00:09 PM - Ad-Aware Checkpoint
    RP438: 12/21/2011 6:26:33 AM - System Checkpoint
    RP439: 12/22/2011 8:21:05 AM - System Checkpoint
    RP440: 12/24/2011 6:27:30 AM - System Checkpoint
    RP441: 12/26/2011 3:20:30 PM - System Checkpoint
    RP442: 12/27/2011 4:02:30 PM - System Checkpoint
    RP443: 12/30/2011 4:00:37 AM - System Checkpoint
    RP444: 12/31/2011 2:31:16 AM - Removed Java(TM) 6 Update 20
    RP445: 12/31/2011 2:32:16 AM - Installed Java(TM) 6 Update 30
    RP446: 1/1/2012 9:54:06 AM - System Checkpoint
    RP447: 1/2/2012 12:36:04 PM - System Checkpoint
    RP448: 1/4/2012 3:49:49 AM - System Checkpoint
    RP449: 1/5/2012 9:43:15 AM - System Checkpoint
    RP450: 1/6/2012 10:40:56 AM - System Checkpoint
    RP451: 1/7/2012 11:28:36 AM - System Checkpoint
    RP452: 1/8/2012 12:22:17 PM - System Checkpoint
    RP453: 1/9/2012 3:30:37 PM - System Checkpoint
    RP454: 1/10/2012 4:09:30 PM - System Checkpoint
    RP455: 1/11/2012 4:44:10 PM - System Checkpoint
    RP456: 1/12/2012 6:11:10 PM - System Checkpoint
    RP457: 1/14/2012 12:42:53 AM - System Checkpoint
    RP458: 1/15/2012 2:11:43 AM - System Checkpoint
    RP459: 1/16/2012 5:06:34 PM - System Checkpoint
    RP460: 1/21/2012 1:48:39 AM - DMX_DriverMax Driver Installation
    RP461: 1/22/2012 2:07:09 AM - System Checkpoint
    RP462: 1/23/2012 2:14:09 AM - System Checkpoint
    RP463: 1/24/2012 3:24:18 AM - System Checkpoint
    RP464: 1/27/2012 11:10:03 AM - System Checkpoint
    RP465: 1/29/2012 12:31:44 AM - System Checkpoint
    RP466: 1/31/2012 4:07:39 AM - System Checkpoint
    RP467: 2/2/2012 11:32:36 PM - System Checkpoint
    RP468: 2/11/2012 4:02:50 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    .sol Editor 1.1.0.1
    1st AutoRun Express 2.0 (Free)
    7-Zip 4.42
    Active@ Hard Disk Monitor
    Ad-Aware
    AddOn Studio for World of Warcraft
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 7.1.0
    Adobe Shockwave Player 11.5
    Agree Free MP3 to M4A AAC Converter 5.0
    Aion
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    AMD Processor Driver
    AMIP for foobar2000 (remove only)
    AnswerBook 2.x
    Any FLV Player 2.0.0
    AoA Audio Extractor
    AptDiff 1.3.0
    Aquaria
    Argente - Uninstall Manager 2.5.0.7
    Aspell English Dictionary-0.50-2
    Astral Masters
    Asus 802.11n Network Adapter
    ATT 1.4 Engine Only (no voices)
    Auslogics Disk Defrag
    AusLogics Registry Defrag
    AutoHotkey 1.0.48.05
    AVG 2011
    Avi2Dvd 0.4.4 beta
    Avid Free DV
    Avidemux 2.5 (32-bit)
    AviSynth 2.5
    AviTricks Classic version 1.65
    AVS Audio Converter version 6.2
    AVS Update Manager 1.0
    AVS Video Converter 8
    AVS4YOU Software Navigator 1.4
    Barnes & Noble Desktop Reader
    Battle for Wesnoth 1.8.4
    Belkin Setup and Router Monitor
    Belkin USB Print and Storage Center
    Beneton Movie GIF 1.1.2
    BitComet 1.29
    BoBaFeTT Diablo Trainer
    BOINC
    Browser Highlighter - Firefox
    Bubbles
    BufferChm
    Build Your Own Net Dream (remove only)
    calibre
    Canon MF5550/MF5530 Printers
    CanoScan LiDE 600F
    CCleaner
    CDex extraction audio
    Cerberus FTP Server
    Cheat Engine 5.3
    Cheat Engine 5.5
    CIS Smart CD-Menu Creator
    ClipMagic 3.2.3
    CNET TechTracker
    CombiMovie Version 1.31
    CometBird 9.0.1 (x86 en-US)
    Consolas Font Family
    Constellation
    Course Vector .minerva
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_LightScribeConfig
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    cp_PosterPrintConfig
    cp_UpdateProjectsConfig
    Creeper World DEMO
    Creeper World Map Editor
    CueTour
    Curse Client
    Customer Experience Enhancement
    Cute Knight
    CutePDF Writer 2.8
    DAEMON Tools Lite
    Data Fax SoftModem with SmartCP
    Deadlock
    Deliverance-Online
    Desktop Netstat 1.3a
    Destinations
    DeviceManagementQFolder
    deXter's Sakray Updater
    Diablo
    DiamondCS ProcessGuard v3.150
    DirectVobSub (remove only)
    DISCover
    Disney Pirates of the Caribbean Online
    Divinity II - DKS
    doPDF 7.2 printer
    DoremiSoft AVI to MP4 Converter 1.0
    Driver Detective
    DriverGuide DriverScan
    DriverMax 6
    Dropbox
    DTweak
    DU Meter
    Dungeon Siege 2
    Dungeon Siege II Tool Kit 1.0
    DVD-lab PRO 2.2
    DVD Decrypter (Remove Only)
    DVD2AVI Ripper v2.7.0.35
    DVDx
    EA Download Manager
    EasyBits GO
    eMpTy-V-loader version 2.2
    Enhanced Multimedia Keyboard Solution
    Envelop
    EPU-4 Engine
    eReg
    ESET Online Scanner v3
    EssenceRO 2.0
    EvilLyrics
    Evrsoft First Page 2006
    Extension Changer
    Eyeball Chat 2.2
    F.lux
    FaceFilter Studio 2 Trial Edition
    Fake Webcam 6.1.3
    Fallout 3
    FAST Defrag Freeware 2.3
    Fastream IQ Web/FTP Server Engine
    Fastream IQ Web/FTP Server GUI
    File Splitter and Joiner (FFSJ v3.1)
    FileHippo.com Update Checker
    FileMenu Tools
    FileZilla (remove only)
    FileZilla Server (remove only)
    FinalBurner Free v1.10.0.73
    FLAC 1.2.1b (remove only)
    FlashDigger Plus
    Flv Audio Extractor 1.04
    Flv Audio Video Extractor 2.0
    FLV Player 1.3.3
    foobar2000 v0.9.4.2
    foobar2000 v1.0
    Fortop SWF Resources Extractor 1.2
    FoxyTunes for Firefox
    Free Mouse Auto Clicker 2.8.2
    Free Music Zilla
    Free Studio version 4.8
    Free WMV to AVI MPEG Converter v1.2
    Freeciv 2.3.0 (GTK+ client)
    FreeOrion 0.3.17
    FreeSpace 2
    FreeUndelete
    FS2 OPEN SCP
    FullDPAppQFolder
    Futuremark SystemInfo
    G-Force
    Geeks3D.com FurMark 1.9.1
    Gem Shop Deluxe
    GemMaster Mystic
    GNU Aspell 0.50-3
    Google Chrome
    Google Desktop
    Google Talk (remove only)
    Google Update Helper
    Google Web Accelerator
    GrabIt 1.6.2 Beta (build 940)
    Grand Fantasia
    GTK+ 2.8.18 runtime environment
    GTK+ Runtime 2.14.7 rev a (remove only)
    GX::Transcoder.net
    HashCalc 2.02
    Hauppauge WinTV NT4/Win2000 Drivers
    Hauppauge WinTV2000
    HDD Observer
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hirc
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Studio 2008 Shell (isolated mode) - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2008 Shell (isolated mode) - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2008 Shell (isolated mode) - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2008 Shell (isolated mode) - ENU (KB946581)
    Hotfix for Microsoft Visual Studio 2008 Shell (isolated mode) - ENU (KB947173)
    Hotfix for Microsoft Visual Studio 2008 Shell (isolated mode) - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2008 Shell (isolated mode) - ENU (KB947789)
    Hotfix for Office (KB950278)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 10 (KB910393)
    Hotfix for Windows XP (KB888795)
    Hotfix for Windows XP (KB891593)
    Hotfix for Windows XP (KB893357)
    Hotfix for Windows XP (KB895961)
    Hotfix for Windows XP (KB899337)
    Hotfix for Windows XP (KB899510)
    Hotfix for Windows XP (KB902841)
    Hotfix for Windows XP (KB906569)
    Hotfix for Windows XP (KB912024)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB935448)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    Hotkeycontrol XP 4.2.1
    HP Boot Optimizer
    HP DigitalMedia Archive
    HP DVD Play 2.1
    HP Imaging Device Functions 7.0
    HP Photosmart for Media Center PC
    HP Photosmart Premier Software 6.5
    HP Update
    HP Web Helper
    HPI Replace
    HPPhotoSmartExpress
    HpSdpAppCoreApp
    HSLAB Force Down Lite
    HTC Driver Installer
    HTC Sync
    ICQ6
    Impossible Creatures
    InstantShareDevices
    ISO Recorder
    IZArc 4.1
    J2SE Runtime Environment 5.0 Update 6
    Jasc Animation Shop 3
    Java Auto Updater
    Java(TM) 6 Update 30
    K-Lite Codec Pack 6.3.0 (Full)
    KaraFun 1.01a
    Karaoke Anything!
    KC Softwares VideoInspector
    LaceLevel2 GDS plugin
    Last.fm 1.4.2.58376
    LibreOffice 3.3
    LightScribe Diagnostic Utility
    LightScribe System Software
    LimitRO Small Client Installer v20090805
    Logitech SetPoint 6.30
    Logitech Solar App 1.0
    Logitech Webcam Software
    Logitech Webcam Software Driver Package
    Loquendo TTS: Amalia (Portuguese)
    Loquendo TTS: Dave (American English)
    Loquendo TTS: Elizabeth (British English)
    Loquendo TTS: Juliette (French)
    Loquendo TTS: Simon (British English)
    Loquendo TTS: Susan (American English)
    Lost Empire - Immortals
    Magic ISO Maker v5.3 (build 0221)
    MagicDisc 2.5.74
    Malwarebytes Anti-Malware version 1.60.1.1000
    Maniac Mansion Deluxe
    MapleStory
    MechWars
    MediaJoin
    Meebo Notifier
    Mega Manager
    MegaTrainer eXperience V1.0.4.7
    Metal Assault
    Microsoft .NET Framework 1.0 Hotfix (KB887998)
    Microsoft .NET Framework 1.0 Hotfix (KB930494)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Away Mode
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Money 2006
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office Standard Edition 2003 60 days trial
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2008 Management Objects
    Microsoft Text-to-Speech Engine 4.0 (English)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio Shell 2008 Service Pack 1 - ENU
    Microsoft Visual Studio Web Authoring Component
    Microsoft Works
    Microsoft WorldWide Telescope
    Microsoft XNA Framework Redistributable 1.0 Refresh
    Microsoft XNA Framework Redistributable 4.0
    Minecraft crafting guide version 1.7
    mIRC
    Mmm
    MobiOne 1.0 Milestone-6
    MobMap 3.43
    Movies
    Mozilla Firefox (2.0.0.16)
    Mozilla Firefox (3.5.5)
    Mozilla Thunderbird (1.5.0.12)
    Mp3 Tag Tools v1.2
    Mp3Decode
    MSD Organizer Freeware 8.30
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    MUSHclient (remove only)
    muvee autoProducer 5.0
    muvee autoProducer unPlugged 2.0
    My HP Games
    MyMouse 4.3
    MySQL Server 5.0
    NCsoft Launcher
    NEC Electronics USB 3.0 Host Controller Driver
    Netscape Browser (remove only)
    NetStorm Islands at War
    Network Measurement Agent
    NetXfer 2.02.307
    NewsProxy
    Nexon Game Manager
    NextUp-Acapela Brightspeech Heather22 US English Voice
    No-IP.com DUC (remove only)
    NoteWorthy Composer
    Npust text editor -- bulk eMail address Creator 1.0
    NTFS Undelete 3.0.2.830
    NVIDIA Control Panel 266.58
    NVIDIA Drivers
    NVIDIA Graphics Driver 266.58
    NVIDIA HD Audio Driver 1.1.13.1
    NVIDIA Install Application
    NVIDIA nView 135.50
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.10.0514
    ooVoo
    OpenAL
    OptionalContentQFolder
    Orbit Downloader
    Otto
    Paint Shop Pro 7 Evaluation
    Painter
    PaltalkScene
    Pan
    Pan 0.14.2
    Pando Media Booster
    Panopreter
    PartitionMagic
    PatchWise Free 3.29
    Pax Imperia
    PC-Doctor 5 for Windows
    PC Fixer
    PC Pitstop DiskMD 3
    PC Pitstop Optimize 1.5
    PC Pitstop Optimize3 3.0
    PeerGuardian 2.0
    PhotoGallery
    Pidgin
    PopBit Video to MP3 Converter Free 1.6.1
    Potaro 1.1.0.9 Beta
    Power CD+G Burner
    PowerQuest PartitionMagic 8.0
    Privatefirewall 7.0
    Python 2.2 pywin32 extensions (build 203)
    Python 2.2.3
    Python 2.5
    Quicken 2006
    QuickPar 0.9
    RadarSync
    RAGNAROK BATTLE OFFLINE 1.0
    RandMap
    Rappelz_US
    RBO Extra Scenario Vol.1
    RBO Extra Scenario Vol.2
    RBO Extra Scenario Vol.3
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    Registry Mechanic 8.0
    RegScrubXP 3.25
    Remove WeatherBug Installer
    Replay Media Catcher 3.02
    RIFT
    Robokill 2 - Leviathan Five
    RoE Time v0.2
    RoughDraft 3.0
    Rubies of Eventide
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    SAPI51forSayPad
    SayPad
    Scan2PDF 1.6
    SeaMonkey (2.0.4)
    Security Task Manager 1.8d
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981350)
    SimCity 2000® Special Edition
    Simple Sudoku 4.2
    SimpleOCR 3.1
    Singles
    SIW version 2011.10.29
    SkinsHP1
    Skype™ 5.5
    SlideShow
    SlideShowMusic
    Smart Defrag
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Sonic_PrimoSDK
    Sothink SWF Quicker
    SoulMaster
    SoundTap Streaming Audio Recorder
    SpeedFan (remove only)
    Split and Tile Trial
    SplitCam
    SPORE™
    Spotmau 5.1.1.4846
    Spring 0.79.1.2
    Spybot - Search & Destroy
    SQL Server System CLR Types
    StarCraft Fusion
    Stellar Frontier
    StreamTransport version: 1.0.2.2171
    Subtitle Workshop 2.51
    Sun VirtualBox
    SUPER © Version 2010.bld.38 (May 2, 2010)
    SuperCopier2
    Swiff Player 1.1
    Switch Sound File Converter
    System Requirements Lab
    System Requirements Lab BETA
    System Requirements Lab CYRI
    TA Conflict Crusher
    TeamSpeak 2 RC2
    Terrafirma
    The Babylon Project v3.4b
    ThreatExpert Memory Scanner 1.0
    ThreatFire
    thriXXX 3DSexVilla2-058.002
    thriXXX WebLaunch
    TMPGEnc 3.0 XPress
    TomTom HOME
    Torchlight
    TortoiseSVN 1.4.0.7501 (32 bit)
    Tower of the Sorcerer Ver1.2
    UBCD4Win 3.50
    UFO Extraterrestrials
    UltimateDefrag V1 FREE Public Domain Version
    Unified Remote
    Uninstall 1.0.0.1
    Unity Web Player
    Universal Extractor 1.5
    Unload
    UnrealIRCd3.2.8.1
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Visual Studio Web Authoring Component (KB945140)
    Update for Office 2007 (KB946691)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB912945)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB953356)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Updates from HP (remove only)
    Utherverse 3D Client
    v1.20
    VDMSound
    Ventrilo Client
    Verbose Uninstall
    Verizon Wireless Software Utility Application for Android - Samsung
    Video Mover
    VideoMach 5.0.0
    Virtools 3D Life Player
    Virtual Villagers (remove only)
    VisualSubSync (remove only)
    VLC media player 1.1.5
    Vtune 7.13
    Warcraft II BNE
    WavePad Uninstall
    WBFS Manager 3.0
    WebFldrs XP
    Wild Tangent - Fate
    WinCleaner Memory Optimizer Version 5.2
    Windows Defender
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Live installer
    Windows Live Messenger
    Windows Live Sync
    Windows Media Format 11 runtime
    Windows Media Player Firefox Plugin
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB883667
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB892050
    Windows XP Hotfix - KB893066
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB912067
    Windows XP Media Center Edition 2005 KB973768
    WinPcap 4.0.1
    World of Warcraft
    WoW Realm Launcher
    WoW UI Designer
    XML Paper Specification Shared Components Pack 1.0
    Xvid 1.1.3 final uninstall
    Yahoo! Messenger
    Yawcam 0.3.3
    YouTube Downloader 2.5.3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/9/2012 3:00:11 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'ProcCache.sbc' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.
    2/9/2012 2:58:52 AM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
    2/8/2012 9:30:00 AM, error: Schedule [7901] - The At20.job command failed to start due to the following error: General access denied error
    2/8/2012 9:30:00 AM, error: Schedule [7901] - The At19.job command failed to start due to the following error: General access denied error
    2/8/2012 8:30:00 AM, error: Schedule [7901] - The At18.job command failed to start due to the following error: General access denied error
    2/8/2012 8:30:00 AM, error: Schedule [7901] - The At17.job command failed to start due to the following error: General access denied error
    2/8/2012 7:30:00 AM, error: Schedule [7901] - The At16.job command failed to start due to the following error: General access denied error
    2/8/2012 7:30:00 AM, error: Schedule [7901] - The At15.job command failed to start due to the following error: General access denied error
    2/8/2012 6:30:00 AM, error: Schedule [7901] - The At14.job command failed to start due to the following error: General access denied error
    2/8/2012 6:30:00 AM, error: Schedule [7901] - The At13.job command failed to start due to the following error: General access denied error
    2/8/2012 5:30:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: General access denied error
    2/8/2012 5:30:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: General access denied error
    2/8/2012 4:30:00 PM, error: Schedule [7901] - The At33.job command failed to start due to the following error: General access denied error
    2/8/2012 4:30:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: General access denied error
    2/8/2012 4:30:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: General access denied error
    2/8/2012 3:49:01 PM, error: Service Control Manager [7000] - The Media Center Scheduler Service service failed to start due to the following error: The handle is invalid.
    2/8/2012 3:49:01 PM, error: DCOM [10005] - DCOM got error "%6" attempting to start the service ehSched with arguments "-Service" in order to run the server: {4B635ECB-0887-4015-8CA6-D621362F98D1}
    2/8/2012 3:30:00 PM, error: Schedule [7901] - The At32.job command failed to start due to the following error: General access denied error
    2/8/2012 3:30:00 PM, error: Schedule [7901] - The At31.job command failed to start due to the following error: General access denied error
    2/8/2012 3:30:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: General access denied error
    2/8/2012 3:30:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: General access denied error
    2/8/2012 2:30:00 PM, error: Schedule [7901] - The At30.job command failed to start due to the following error: General access denied error
    2/8/2012 2:30:00 PM, error: Schedule [7901] - The At29.job command failed to start due to the following error: General access denied error
    2/8/2012 2:30:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: General access denied error
    2/8/2012 2:30:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: General access denied error
    2/8/2012 12:30:00 PM, error: Schedule [7901] - The At26.job command failed to start due to the following error: General access denied error
    2/8/2012 12:30:00 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: General access denied error
    2/8/2012 12:30:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error
    2/8/2012 12:30:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error
    2/8/2012 11:30:00 AM, error: Schedule [7901] - The At24.job command failed to start due to the following error: General access denied error
    2/8/2012 11:30:00 AM, error: Schedule [7901] - The At23.job command failed to start due to the following error: General access denied error
    2/8/2012 10:30:00 AM, error: Schedule [7901] - The At22.job command failed to start due to the following error: General access denied error
    2/8/2012 10:30:00 AM, error: Schedule [7901] - The At21.job command failed to start due to the following error: General access denied error
    2/8/2012 1:30:00 PM, error: Schedule [7901] - The At28.job command failed to start due to the following error: General access denied error
    2/8/2012 1:30:00 PM, error: Schedule [7901] - The At27.job command failed to start due to the following error: General access denied error
    2/8/2012 1:30:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error
    2/8/2012 1:30:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error
    2/7/2012 9:30:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: General access denied error
    2/7/2012 9:30:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: General access denied error
    2/7/2012 8:30:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: General access denied error
    2/7/2012 8:30:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: General access denied error
    2/7/2012 8:22:16 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    2/7/2012 7:30:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: General access denied error
    2/7/2012 7:30:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: General access denied error
    2/7/2012 6:30:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: General access denied error
    2/7/2012 6:30:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: General access denied error
    2/7/2012 5:30:00 PM, error: Schedule [7901] - The At36.job command failed to start due to the following error: General access denied error
    2/7/2012 5:30:00 PM, error: Schedule [7901] - The At35.job command failed to start due to the following error: General access denied error
    2/7/2012 4:30:00 PM, error: Schedule [7901] - The At34.job command failed to start due to the following error: General access denied error
    2/7/2012 4:12:05 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
    2/7/2012 4:09:13 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
    2/7/2012 4:08:40 PM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
    2/7/2012 4:08:38 PM, error: Service Control Manager [7001] - The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    2/7/2012 4:08:38 PM, error: Service Control Manager [7000] - The Fastream IQ Web/FTP Server service failed to start due to the following error: The system cannot find the file specified.
    2/7/2012 4:06:30 PM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 485B39953844 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    2/7/2012 11:30:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: General access denied error
    2/7/2012 11:30:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: General access denied error
    2/7/2012 10:30:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: General access denied error
    2/7/2012 10:30:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: General access denied error
    2/4/2012 3:56:24 PM, error: Service Control Manager [7001] - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    2/11/2012 3:06:21 PM, error: RemoteAccess [20151] - The Control Protocol IPCP in the Point to Point Protocol module (unknown) returned an error while initializing. A device attached to the system is not functioning.
    2/11/2012 3:06:09 PM, error: PlugPlayManager [12] - The device 'WAN Miniport (Network Monitor) - Privacyware Filter Miniport' (Root\PWIPF6MP\0002) disappeared from the system without first being prepared for removal.
    2/11/2012 3:06:09 PM, error: PlugPlayManager [12] - The device 'WAN Miniport (IP) - Privacyware Filter Miniport' (Root\PWIPF6MP\0004) disappeared from the system without first being prepared for removal.
    2/11/2012 3:06:09 PM, error: PlugPlayManager [12] - The device 'Realtek PCIe GBE Family Controller - Privacyware Filter Miniport' (Root\PWIPF6MP\0001) disappeared from the system without first being prepared for removal.
    2/11/2012 3:06:09 PM, error: PlugPlayManager [12] - The device 'NVIDIA nForce Networking Controller - Privacyware Filter Miniport' (Root\PWIPF6MP\0003) disappeared from the system without first being prepared for removal.
    2/11/2012 3:06:09 PM, error: PlugPlayManager [12] - The device 'HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter - Privacyware Filter Miniport' (Root\PWIPF6MP\0005) disappeared from the system without first being prepared for removal.
    2/11/2012 3:06:05 PM, error: PlugPlayManager [12] - The device 'ASUS EZ N 802.11b/g/n Wireless USB Adapter - Privacyware Filter Miniport' (Root\PWIPF6MP\0000) disappeared from the system without first being prepared for removal.
    2/11/2012 3:04:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cfadisk IntelIde ViaIde
    2/11/2012 3:04:27 PM, error: Service Control Manager [7023] - The Atimtag service terminated with the following error: The specified module could not be found.
    .
    ==== End Of File ===========================

    Will post rest when its done (15 mins download, and still scanning)
     
  4. rubydreamer

    rubydreamer TS Rookie Topic Starter Posts: 41

    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-11 18:39:07
    -----------------------------
    18:39:07.015 OS Version: Windows 5.1.2600 Service Pack 2
    18:39:07.015 Number of processors: 6 586 0xA00
    18:39:07.015 ComputerName: ELENGIL UserName:
    18:39:11.000 Initialize success
    18:51:17.906 AVAST engine defs: 12021101
    18:52:51.640 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-6
    18:52:51.640 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA3EA Size: 953869MB BusType: 3
    18:52:51.640 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-e
    18:52:51.640 Disk 1 Vendor: ST3320833AS 3.AHH Size: 305245MB BusType: 3
    18:52:51.640 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-1c
    18:52:51.640 Disk 2 Vendor: HDS722516VLAT80 V34OA63A Size: 157066MB BusType: 3
    18:52:51.656 Disk 1 MBR read successfully
    18:52:51.656 Disk 1 MBR scan
    18:52:51.718 Disk 1 unknown MBR code
    18:52:51.718 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 296174 MB offset 63
    18:52:51.734 Disk 1 Partition 2 00 0C FAT32 LBA RECOVERY 9060 MB offset 606582270
    18:52:51.734 Disk 1 scanning sectors +625137345
    18:52:51.781 Disk 1 scanning C:\WINDOWS\system32\drivers
    18:53:00.000 File: C:\WINDOWS\system32\drivers\serial.sys **INFECTED** Win32:Aluroot [Rtk]
    18:53:02.843 Disk 1 trace - called modules:
    18:53:02.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8b6ebf10]<<
    18:53:02.875 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8ba93ab8]
    18:53:02.890 3 CLASSPNP.SYS[b811905b] -> nt!IofCallDriver -> [0x8b7a1668]
    18:53:02.890 \Driver\00000474[0x8b79b698] -> IRP_MJ_CREATE -> 0x8b6ebf10
    18:53:04.078 AVAST engine scan C:\WINDOWS
    18:53:12.890 AVAST engine scan C:\WINDOWS\system32
    18:57:13.265 AVAST engine scan C:\WINDOWS\system32\drivers
    18:57:22.765 File: C:\WINDOWS\system32\drivers\serial.sys **INFECTED** Win32:Aluroot [Rtk]
    18:57:29.562 AVAST engine scan C:\Documents and Settings\HP_Administrator
    19:38:39.078 AVAST engine scan C:\Documents and Settings\All Users
    19:47:19.812 Scan finished successfully
    19:52:11.750 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat"
    19:52:11.781 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.txt"



    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive1 at offset 0x00000000`00007e00
    Boot sector MD5 is: 74c9b8a519aa05c22f46e134715d1f6f

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive1 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
     
  5. Broni

    Broni Malware Annihilator Posts: 46,863   +254

    Please download and run ListParts by Farbar (for 32-bit system)

    Please download and run ListParts64 by Farbar (for 64-bit system)

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
     
  6. rubydreamer

    rubydreamer TS Rookie Topic Starter Posts: 41

    ListParts by Farbar
    Ran by HP_Administrator on 11-02-2012 at 20:14:33
    Windows XP (X86)
    Running From: C:\Downloads\Temp
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 76%
    Total physical RAM: 3326.1 MB
    Available physical RAM: 794.37 MB
    Total Pagefile: 7255.64 MB
    Available Pagefile: 4550.27 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 2005.73 MB

    ======================= Partitions =========================

    1 Drive c: (HP_PAVILION) (Fixed) (Total:289.23 GB) (Free:41.8 GB) NTFS ==>[Drive with boot components (Windows XP)]
    2 Drive d: (HP_RECOVERY) (Fixed) (Total:8.83 GB) (Free:0.61 GB) FAT32 ==>[Drive with boot components (Windows XP)]
    3 Drive e: (OS XP) (Fixed) (Total:292.96 GB) (Free:291.94 GB) NTFS
    4 Drive f: (HBCD 15.1) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS
    8 Drive j: (Storage) (Fixed) (Total:638.55 GB) (Free:352.65 GB) NTFS
    9 Drive k: (Storage 2) (Fixed) (Total:115.83 GB) (Free:23.11 GB) NTFS
    11 Drive m: (PAX_IMPERIA) (CDROM) (Total:0.27 GB) (Free:0 GB) CDFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 932 GB 0 B
    Disk 1 Online 298 GB 0 B
    Disk 2 Online 153 GB 31 MB

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 293 GB 32 KB
    Partition 2 Extended 639 GB 293 GB
    Partition 3 Logical 639 GB 293 GB

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E OS XP NTFS Partition 293 GB Healthy

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 J Storage NTFS Partition 639 GB Healthy

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 289 GB 32 KB
    Partition 2 Primary 9 GB 289 GB

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 C HP_PAVILION NTFS Partition 289 GB Healthy System (partition with boot components)

    Disk: 1
    Partition 2
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 D HP_RECOVERY FAT32 Partition 9 GB Healthy

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Unknown 34 GB 32 KB
    Partition 2 Extended 120 GB 34 GB
    Partition 3 Logical 3977 MB 34 GB
    Partition 4 Logical 116 GB 38 GB

    Disk: 2
    Partition 1
    Type : 83
    Hidden: Yes
    Active: Yes

    There is no volume associated with this partition.

    Disk: 2
    Partition 3
    Type : 82
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    Disk: 2
    Partition 4
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 7 K Storage 2 NTFS Partition 116 GB Healthy


    ****** End Of Log ******
     
  7. Broni

    Broni Malware Annihilator Posts: 46,863   +254

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. rubydreamer

    rubydreamer TS Rookie Topic Starter Posts: 41

    Looks to be finishing up. Posting from my tablet. It says it found zeroaccess. Should have a log to post soon.
     
  9. rubydreamer

    rubydreamer TS Rookie Topic Starter Posts: 41

    ComboFix 12-02-11.03 - HP_Administrator 02/11/2012 21:29:38.1.6 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2633 [GMT -5:00]
    Running from: c:\downloads\Temp\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    FW: Privatefirewall *Disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\data
    c:\data\magic
    c:\data\magic.mgc
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\HP_Administrator\Application Data\Adobe\plugs
    c:\documents and settings\HP_Administrator\Application Data\Adobe\shed
    c:\documents and settings\HP_Administrator\Local Settings\Application Data\{2AD94B75-6B3B-4902-885C-DF4193ED7271}
    c:\documents and settings\HP_Administrator\Local Settings\Application Data\{2AD94B75-6B3B-4902-885C-DF4193ED7271}\chrome.manifest
    c:\documents and settings\HP_Administrator\Local Settings\Application Data\{2AD94B75-6B3B-4902-885C-DF4193ED7271}\chrome\content\_cfg.js
    c:\documents and settings\HP_Administrator\Local Settings\Application Data\{2AD94B75-6B3B-4902-885C-DF4193ED7271}\chrome\content\overlay.xul
    c:\documents and settings\HP_Administrator\Local Settings\Application Data\{2AD94B75-6B3B-4902-885C-DF4193ED7271}\install.rdf
    c:\documents and settings\HP_Administrator\Local Settings\Application Data\assembly\tmp
    c:\documents and settings\HP_Administrator\WINDOWS
    c:\documents and settings\LocalService\NTUSER.DAT.tmp
    C:\index.htm
    C:\install.exe
    c:\program files\Extension Changer\extmain.exe
    c:\windows\$NtUninstallKB62280$\1431381802
    c:\windows\$NtUninstallKB62280$\485945278\@
    c:\windows\$NtUninstallKB62280$\485945278\bckfg.tmp
    c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
    c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
    c:\windows\$NtUninstallKB62280$\485945278\keywords
    c:\windows\$NtUninstallKB62280$\485945278\kwrd.dll
    c:\windows\$NtUninstallKB62280$\485945278\L\aqaeidou
    c:\windows\$NtUninstallKB62280$\485945278\lsflt7.ver
    c:\windows\$NtUninstallKB62280$\485945278\oemid
    c:\windows\$NtUninstallKB62280$\485945278\U\00000001.@
    c:\windows\$NtUninstallKB62280$\485945278\U\00000002.@
    c:\windows\$NtUninstallKB62280$\485945278\U\00000004.@
    c:\windows\$NtUninstallKB62280$\485945278\U\80000000.@
    c:\windows\$NtUninstallKB62280$\485945278\U\80000004.@
    c:\windows\$NtUninstallKB62280$\485945278\U\80000032.@
    c:\windows\$NtUninstallKB62280$\485945278\version
    c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe
    c:\windows\IsUn0411.exe
    c:\windows\iun6002.exe
    c:\windows\kb913800.exe
    c:\windows\ST6UNST.000
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\drivers\etc\lmhosts
    c:\windows\system32\muzapp.exe
    c:\windows\system32\REN196.tmp
    c:\windows\system32\SET1967.tmp
    c:\windows\system32\SET196A.tmp
    c:\windows\system32\SET1975.tmp
    c:\windows\system32\SET1978.tmp
    c:\windows\system32\SET1981.tmp
    c:\windows\system32\SET198E.tmp
    c:\windows\wpe pro.INI
    D:\Autorun.inf
    c:\windows\$NtUninstallKB62280$ . . . . Failed to delete
    c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
    .
    c:\windows\system32\drivers\serial.sys . . . is infected!! . . . Failed to find a valid replacement.
    c:\windows\system32\drivers\intelppm.sys . . . is missing!!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NETWORKLOG
    -------\Service_NetworkLog
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-09 11:22 . 2012-02-09 11:22 -------- d-----w- C:\found.001
    2012-02-07 21:24 . 2012-02-11 20:02 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-04 21:25 . 2012-02-04 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
    2012-02-04 21:25 . 2012-02-04 21:39 -------- d-----w- c:\program files\Security Task Manager
    2012-02-04 20:16 . 2011-02-22 18:57 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
    2012-02-04 20:16 . 2011-02-22 18:57 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
    2012-02-04 20:16 . 2011-02-22 18:57 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
    2012-02-04 20:16 . 2012-02-04 20:17 -------- d-----w- c:\program files\ThreatFire
    2012-02-04 20:16 . 2012-02-04 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2012-02-02 17:40 . 2012-02-02 17:44 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
    2012-01-29 20:26 . 2012-01-29 21:46 -------- d-----w- c:\program files\Argente - Uninstall Manager
    2012-01-24 22:39 . 2012-01-24 22:43 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-01-24 22:38 . 2012-01-27 19:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DAEMON Tools Lite
    2012-01-24 22:22 . 2012-01-24 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
    2012-01-21 06:49 . 2011-11-09 11:21 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
    2012-01-21 06:49 . 2010-11-11 23:10 26216 ----a-w- c:\windows\system32\nvhdap32.dll
    2012-01-21 06:49 . 2010-11-11 23:10 100456 ----a-w- c:\windows\system32\drivers\nvhda32.sys
    2012-01-21 06:49 . 2004-08-04 04:15 140928 ----a-w- c:\windows\system32\drivers\ks.sys
    2012-01-21 06:49 . 2004-08-04 04:08 48640 ----a-w- c:\windows\system32\drivers\stream.sys
    2012-01-21 06:49 . 2004-08-04 04:08 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
    2012-01-21 06:49 . 2004-08-04 07:56 23552 ----a-w- c:\windows\system32\wdmaud.drv
    2012-01-21 06:49 . 2004-08-04 05:56 4096 ----a-w- c:\windows\system32\ksuser.dll
    2012-01-21 06:49 . 2004-08-04 05:56 130048 ----a-w- c:\windows\system32\ksproxy.ax
    2012-01-21 06:49 . 2004-03-16 17:58 136960 ----a-w- c:\windows\system32\drivers\portcls.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-26 17:33 . 2011-06-14 01:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-31 07:33 . 2011-12-31 07:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-12-27 08:00 . 2011-07-16 23:59 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2011-12-23 20:52 . 2011-08-20 00:43 16976 ----a-w- c:\windows\system32\drivers\SSADMDM.SYS
    2011-12-23 20:52 . 2011-08-20 00:43 16976 ----a-w- c:\windows\system32\drivers\SSADMDFL.SYS
    2011-12-23 20:52 . 2011-01-19 19:07 16976 ----a-w- c:\windows\system32\drivers\SXUPTP.SYS
    2011-12-23 20:52 . 2010-10-31 22:48 16976 ----a-w- c:\windows\system32\drivers\BT848.SYS
    2011-12-10 20:24 . 2008-07-30 21:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-14 20:01 . 2010-08-06 09:16 1618432 ----a-w- c:\program files\Default Programs Editor.exe
    2006-05-03 09:06 163328 --sha-r- c:\windows\system32\flvDX.dll
    2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 12:30 216064 --sha-r- c:\windows\system32\nbDX.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
    "TBPanel"="c:\program files\Vtune\TBPanel.exe" [2010-09-02 2158592]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
    "!1_ProcessGuard_Startup"="c:\program files\ProcessGuard\procguard.exe" [2005-01-20 280064]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "DriverMax"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-01-19 8563624]
    "DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-01-19 8563624]
    "SplitCam"="c:\program files\SplitCam\SplitCam.exe" [2011-04-19 2809856]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-04 6497592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
    "NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
    "Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2010-02-03 5756544]
    "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
    "Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2011-10-22 3065568]
    "!1_pgaccount"="c:\program files\ProcessGuard\pgaccount.exe" [2005-01-20 184320]
    "StartupDelayer"="c:\program files\Startup Delayer\Startup Launcher GUI.exe" [2009-03-08 147456]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-08-15 659200]
    .
    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-19 27136]
    PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-19 27136]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\DISC\\DISCover.exe"=
    "c:\\Program Files\\DISC\\DiscStreamHub.exe"=
    "c:\\Program Files\\DISC\\myFTP.exe"=
    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
    "c:\\Program Files\\Internet\\Cerberus FTP\\Cerberus.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\ICQ6\\ICQ.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\msncall.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
    "c:\\Program Files\\Curse\\CurseClient.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
    "c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Internet\\BitComet\\BitComet.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Program Files\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "23327:TCP"= 23327:TCP:BitComet 23327 TCP
    "23327:UDP"= 23327:UDP:BitComet 23327 UDP
    "85:TCP"= 85:TCP:BroadWave Web Server
    "5191:TCP"= 5191:TCP:The Browser Highlighter XCOM
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "57575:TCP"= 57575:TCP:pando Media Booster
    "57575:UDP"= 57575:UDP:pando Media Booster
    "56833:TCP"= 56833:TCP:pando Media Booster
    "56833:UDP"= 56833:UDP:pando Media Booster
    "19540:UDP"= 19540:UDP:SXUPTP
    "443:UDP"= 443:UDP:eek:oVoo UDP port 443
    "37674:TCP"= 37674:TCP:eek:oVoo TCP port 37674
    "37674:UDP"= 37674:UDP:eek:oVoo UDP port 37674
    "37675:UDP"= 37675:UDP:eek:oVoo UDP port 37675
    "135:TCP"= 135:TCP:DCOM(135)
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
    R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [10/5/2009 1:31 PM 3712]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/30/2011 3:45 PM 64512]
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2/4/2012 3:16 PM 51984]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2/4/2012 3:16 PM 69392]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 248656]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 297168]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1/24/2012 5:39 PM 242240]
    R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [4/22/2010 12:46 AM 123856]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [4/22/2010 12:46 AM 41680]
    R2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [10/24/2009 12:53 AM 1127944]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/9/2004 4:00 PM 14336]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/31/2012 3:02 PM 7391072]
    R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [1/19/2011 2:07 PM 152064]
    R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [1/19/2011 2:07 PM 49152]
    R2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [10/31/2010 5:48 PM 16976]
    R2 DCSPGSRV;DiamondCS Process Guard Service v3.000;c:\program files\ProcessGuard\DCSUserProt.exe [12/20/2011 4:10 PM 69632]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
    R2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [10/26/2010 4:25 PM 319568]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/16/2011 6:58 PM 12184]
    R2 PFNet;Privacyware network service;c:\program files\Privacyware\Privatefirewall 7.0\pfsvc.exe [10/21/2011 9:57 PM 379328]
    R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [12/20/2011 4:10 PM 24911]
    R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [12/5/2010 7:13 PM 354176]
    R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\SXUPTP.SYS [1/19/2011 2:07 PM 16976]
    R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [1/24/2010 11:34 PM 70952]
    R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 27216]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [1/22/2010 12:21 PM 59904]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [1/22/2010 12:21 PM 139648]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/21/2012 1:49 AM 100456]
    R3 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [12/18/2011 7:10 PM 130360]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2/4/2012 3:16 PM 33552]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [12/3/2010 1:56 PM 2127728]
    S1 PDIDRV;PDIDRV; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2010 5:51 PM 136176]
    S2 NFService;Fastream IQ Web/FTP Server;c:\progra~1\FASTRE~2\IQWebFTPServerEngine.exe --> c:\progra~1\FASTRE~2\IQWebFTPServerEngine.exe [?]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [8/19/2011 7:43 PM 30312]
    S3 cpuz135;cpuz135;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [?]
    S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; [x]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2010 5:51 PM 136176]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [7/17/2010 2:02 AM 24576]
    S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [6/20/2011 10:31 AM 2152152]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [6/20/2011 10:31 AM 15232]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [4/30/2011 7:00 AM 42648]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [4/30/2011 7:00 AM 12184]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/28/2007 7:01 PM 42512]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 npkycryp;npkycryp; [x]
    S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [8/4/2011 2:27 AM 86016]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [1/19/2011 12:08 PM 590080]
    S3 SjyPkt;SjyPkt; [x]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [8/19/2011 7:43 PM 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\SSADMDFL.SYS [8/19/2011 7:43 PM 16976]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\SSADMDM.SYS [8/19/2011 7:43 PM 16976]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    S3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys --> c:\windows\system32\DRIVERS\C-itnt.sys [?]
    S4 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
    S4 sptd;sptd;c:\windows\system32\drivers\SPTD.SYS [11/11/2006 1:54 AM 16976]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - PGFILTER
    *Deregistered* - mchInjDrv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    MRESP50a64
    wps
    MSFWDrv
    point32
    MTC0001_ESB
    se59mgmt
    queuemgr
    cmdmon
    Nsynas32
    mirrorv3
    GTPTSER
    x10nets
    houdinilicenseserver
    sfhlp02
    mgabgexe
    int15
    wmconnectcds
    issimon
    NWFILTER
    s116nd5
    lusbaudio
    clmtomcatstartersvc
    foldersize
    ikfilesec
    centennialclientagent
    SaiH040B
    imap4d32
    nmindexingservice
    pclepci
    CAM1210
    portmapper
    lxbx_device
    dwusbdnt
    mcusrmgr
    SQTECH9080
    s117mdm
    iPassPeriodicUpdateApp
    SMCB000
    sthda
    st330service
    icraplus
    com0com
    lxbt_device
    cpqnicmgmt
    SaiNtHid
    toscosrv
    NuidFltr
    k56
    infrastructure
    vwlogger
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2011-01-19 20:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 07:40]
    .
    2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 22:51]
    .
    2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 22:51]
    .
    2012-02-10 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
    .
    2012-01-30 c:\windows\Tasks\SmartDefrag.job
    - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2011-02-09 23:08]
    .
    2011-02-12 c:\windows\Tasks\switchShakeIcon.job
    - c:\program files\NCH Swift Sound\Switch\switch.exe [2010-05-08 21:58]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.atcomet.com/b/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: &D&ownload &with BitComet - c:\program files\Internet\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files\Internet\BitComet\BitComet.exe/AddAllLink.htm
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: Download all by NetXfer - c:\program files\Internet\NetXfer\NXAddList.html
    IE: Download by NetXfer - c:\program files\Internet\NetXfer\NXAddLink.html
    IE: Free YouTube Download - c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
    IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    IE: {{A3A0268C-3146-431d-84EE-2789B750ABD2} - {4E2E9E0B-6C23-45e9-A8A3-6A5581779451} - c:\program files\Bubbles\BubblesHBO.dll
    Trusted Zone: trymedia.com
    TCP: DhcpNameServer = 192.168.2.1
    DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Internet\Mozilla Firefox 3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    FF - Ext: Link Alert: linkalert.conlan@addons.mozilla.com - %profile%\extensions\linkalert.conlan@addons.mozilla.com
    FF - Ext: VacuumPlaces Extension: VacuumPlaces@revertron.com - %profile%\extensions\VacuumPlaces@revertron.com
    FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com
    FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
    FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
    FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
    FF - Ext: Clear Cache Button: {563e4790-7e70-11da-a72b-0800200c9a66} - %profile%\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
    FF - Ext: Walnut for Firefox: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} - %profile%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
    FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    FF - Ext: View Cookies: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21} - %profile%\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
    FF - Ext: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
    FF - Ext: AvantGarde Rosepetal: {9f94fab0-58a2-11dd-ae16-0800200c9a66} - %profile%\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
    FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
    FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: Lazarus: Form Recovery: lazarus@interclue.com - %profile%\extensions\lazarus@interclue.com
    FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
    FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com
    FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    FF - Ext: Show my Password: {cd617372-6743-4ee4-bac4-fbf60f35719e} - %profile%\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
    FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
    FF - Ext: Better Facebook!: betterfacebook@mattkruse.com - %profile%\extensions\betterfacebook@mattkruse.com
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG10\Firefox
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{1E7837CB-AD5F-48BE-B10E-B617DA4D3343} - (no file)
    BHO-{FBD95266-B665-4E3E-ABA8-EA06B7DEA609} - (no file)
    SafeBoot-WinDefend
    AddRemove-ClipMagic_3.1 - c:\windows\iun6002.exe
    AddRemove-Diablo - c:\windows\DiabUnin.exe
    AddRemove-Karaoke Anything!1.0 - c:\windows\iun6002.exe
    AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
    AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
    AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
    AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
    AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
    AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
    AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
    AddRemove-26_VIA_driver2 - c:\program files\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe
    AddRemove-Akamai - c:\documents and settings\HP_Administrator\Local Settings\Application Data\Akamai\uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-11 22:26
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mchInjDrv]
    "ImagePath"="\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\mc21.tmp"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySQL]
    "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ThreatFire]
    "AlternateImagePath"=""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3220704123-1705262036-168104783-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6A5436B3-0D87-5A7E-5E23-69F35B8692EE}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "fainmcmholbc"=hex:68,61,6f,69,69,70,61,6f,70,6c,67,68,63,66,6d,66,00,fb
    "fainmcmholac"=hex:68,61,6f,69,69,70,61,6f,70,6c,67,68,63,66,6d,66,00,fb
    .
    [HKEY_USERS\S-1-5-21-3220704123-1705262036-168104783-1007\Software\SecuROM\License information*]
    "datasecu"=hex:56,6a,f9,4a,a2,74,63,e0,5a,b2,45,7b,2d,a8,b5,b1,a5,61,80,30,ec,
    fd,11,38,6a,03,80,0d,de,c9,ca,7e,8e,96,76,21,57,e0,db,41,fb,69,67,95,2f,13,\
    "rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
    .
    [HKEY_LOCAL_MACHINE\software\’t*’0 ’ ’X*’p*’ \’0 ’O*’i*’*’N*’o*’g*’9 ’I*’t*’0 ’C*’  Ç*0 Á*’V*’i*’`’I*2*]
    "ShortcutName"="ƒ‰ƒOƒiƒƒNƒoƒgƒ‹ƒIƒtƒ‰ƒCƒ“’ljÁƒVƒiƒŠƒI2"
    .
    [HKEY_LOCAL_MACHINE\software\’t*’0 ’ ’X*’p*’ \’0 ’O*’i*’*’N*’o*’g*’9 ’I*’t*’0 ’C*’  Ç*0 Á*’V*’i*’`’I*3*]
    "ShortcutName"="ƒ‰ƒOƒiƒƒNƒoƒgƒ‹ƒIƒtƒ‰ƒCƒ“’ljÁƒVƒiƒŠƒI3"
    DUMPHIVE0.003 (REGF)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(288)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\ThreatFire\TFNI.dll
    c:\program files\ThreatFire\TFWAH.dll
    .
    - - - - - - - > 'lsass.exe'(496)
    c:\program files\ThreatFire\TFWAH.dll
    .
    - - - - - - - > 'Explorer.EXE'(2040)
    c:\program files\TortoiseSVN\bin\tortoisesvn.dll
    c:\program files\TortoiseSVN\bin\intl3_svn.dll
    c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\ThreatFire\TFWAH.dll
    c:\program files\ThreatFire\TFNI.dll
    c:\program files\SuperCopier2\SC2Hook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\AVG\AVG10\avgrsx.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
    c:\windows\arservice.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\ThreatFire\TFService.exe
    c:\program files\tbh\base\bin\tbhDaemon.exe
    c:\program files\TortoiseSVN\bin\TSVNCache.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\windows\system32\RUNDLL32.EXE
    c:\hp\KBD\KBD.EXE
    c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    c:\windows\ARPWRMSG.EXE
    c:\windows\ehome\ehtray.exe
    c:\windows\eHome\ehmsas.exe
    c:\program files\DU Meter\DUMeter.exe
    c:\documents and settings\HP_Administrator\Local Settings\Apps\F.lux\flux.exe
    c:\windows\system\hpsysdrv.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-11 22:48:59 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-12 03:48
    .
    Pre-Run: 44,731,031,552 bytes free
    Post-Run: 45,574,877,184 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /usepmtimer /NoExecute=OptIn
    [spybotsd]
    timeout.old=0
    .
    - - End Of File - - 9E2B234A0C8CFA1C91B1690884E06BD1
     
  10. Broni

    Broni Malware Annihilator Posts: 46,863   +254

    We have one infected and one missing system file.

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      intelppm.sys
      serial.sys
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  11. rubydreamer

    rubydreamer TS Rookie Topic Starter Posts: 41

    SystemLook 30.07.11 by jpshortstuff
    Log created at 23:06 on 11/02/2012 by HP_Administrator
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "intelppm.sys"
    C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\intelppm.sys --a---- 36352 bytes [07:38 22/10/2010] [18:31 13/04/2008] 8C953733D8F36EB2133F5BB58808B66B

    Searching for "serial.sys"
    C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\serial.sys --a---- 64512 bytes [07:48 22/10/2010] [19:15 13/04/2008] CCA207A8896D4C6A0C9CE29A4AE411A7
    C:\WINDOWS\system32\drivers\serial.sys --a---- 64896 bytes [21:00 09/08/2004] [21:00 09/08/2004] 3A9167FE85254E2E5EA73CBBE1CD2D14

    -= EOF =-
     
     
  12. Broni

    Broni Malware Annihilator Posts: 46,863   +254

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    FCopy::
    C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\intelppm.sys | c:\windows\system32\drivers\intelppm.sys
    C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\serial.sys | c:\windows\system32\drivers\serial.sys
    
    File::
    c:\windows\system32\dds_trash_log.cmd
    
    RegNull::
    [HKEY_USERS\S-1-5-21-3220704123-1705262036-168104783-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6A5436B3-0D87-5A7E-5E23-69F35B8692EE}*]
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  13. rubydreamer

    rubydreamer TS Rookie Topic Starter Posts: 41

    ComboFix 12-02-11.03 - HP_Administrator 02/11/2012 23:37:53.2.6 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2748 [GMT -5:00]
    Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\HP_Administrator\Desktop\cfscript.txt
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    FW: Privatefirewall *Enabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}
    .
    FILE ::
    "c:\windows\system32\dds_trash_log.cmd"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\dds_trash_log.cmd
    c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
    .
    c:\windows\system32\drivers\serial.sys . . . is infected!! . . . Failed to find a valid replacement.
    .
    --------------- FCopy ---------------
    .
    c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\intelppm.sys --> c:\windows\system32\drivers\intelppm.sys
    c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\serial.sys --> c:\windows\system32\drivers\serial.sys
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-12 04:37 . 2004-08-04 03:59 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
    2012-02-12 04:37 . 2004-08-04 03:59 36096 ----a-w- c:\windows\system32\dllcache\intelppm.sys
    2012-02-09 11:22 . 2012-02-09 11:22 -------- d-----w- C:\found.001
    2012-02-04 21:25 . 2012-02-04 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
    2012-02-04 21:25 . 2012-02-04 21:39 -------- d-----w- c:\program files\Security Task Manager
    2012-02-04 20:16 . 2011-02-22 18:57 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
    2012-02-04 20:16 . 2011-02-22 18:57 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
    2012-02-04 20:16 . 2011-02-22 18:57 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
    2012-02-04 20:16 . 2012-02-04 20:17 -------- d-----w- c:\program files\ThreatFire
    2012-02-04 20:16 . 2012-02-04 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2012-02-02 17:40 . 2012-02-02 17:44 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
    2012-01-29 20:26 . 2012-01-29 21:46 -------- d-----w- c:\program files\Argente - Uninstall Manager
    2012-01-24 22:39 . 2012-01-24 22:43 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-01-24 22:38 . 2012-01-27 19:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DAEMON Tools Lite
    2012-01-24 22:22 . 2012-01-24 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
    2012-01-21 06:49 . 2011-11-09 11:21 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
    2012-01-21 06:49 . 2010-11-11 23:10 26216 ----a-w- c:\windows\system32\nvhdap32.dll
    2012-01-21 06:49 . 2010-11-11 23:10 100456 ----a-w- c:\windows\system32\drivers\nvhda32.sys
    2012-01-21 06:49 . 2004-08-04 04:15 140928 ----a-w- c:\windows\system32\drivers\ks.sys
    2012-01-21 06:49 . 2004-08-04 04:08 48640 ----a-w- c:\windows\system32\drivers\stream.sys
    2012-01-21 06:49 . 2004-08-04 04:08 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
    2012-01-21 06:49 . 2004-08-04 07:56 23552 ----a-w- c:\windows\system32\wdmaud.drv
    2012-01-21 06:49 . 2004-08-04 05:56 4096 ----a-w- c:\windows\system32\ksuser.dll
    2012-01-21 06:49 . 2004-08-04 05:56 130048 ----a-w- c:\windows\system32\ksproxy.ax
    2012-01-21 06:49 . 2004-03-16 17:58 136960 ----a-w- c:\windows\system32\drivers\portcls.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-26 17:33 . 2011-06-14 01:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-31 07:33 . 2011-12-31 07:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-12-27 08:00 . 2011-07-16 23:59 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2011-12-23 20:52 . 2011-08-20 00:43 16976 ----a-w- c:\windows\system32\drivers\SSADMDM.SYS
    2011-12-23 20:52 . 2011-08-20 00:43 16976 ----a-w- c:\windows\system32\drivers\SSADMDFL.SYS
    2011-12-23 20:52 . 2011-01-19 19:07 16976 ----a-w- c:\windows\system32\drivers\SXUPTP.SYS
    2011-12-23 20:52 . 2010-10-31 22:48 16976 ----a-w- c:\windows\system32\drivers\BT848.SYS
    2011-12-10 20:24 . 2008-07-30 21:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-14 20:01 . 2010-08-06 09:16 1618432 ----a-w- c:\program files\Default Programs Editor.exe
    2006-05-03 09:06 163328 --sha-r- c:\windows\system32\flvDX.dll
    2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 12:30 216064 --sha-r- c:\windows\system32\nbDX.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-02-12_03.29.53 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-02-12 05:11 . 2012-02-12 05:11 16384 c:\windows\Temp\Perflib_Perfdata_1e0.dat
    - 2012-02-12 03:24 . 2012-02-12 03:24 16384 c:\windows\Temp\Perflib_Perfdata_1ac.dat
    + 2012-02-12 05:11 . 2012-02-12 05:11 16384 c:\windows\Temp\Perflib_Perfdata_1ac.dat
    + 2005-08-30 21:07 . 2012-02-12 04:38 88586 c:\windows\system32\perfc009.dat
    - 2005-08-30 21:07 . 2012-02-12 02:30 88586 c:\windows\system32\perfc009.dat
    + 2004-08-09 21:00 . 2004-08-04 04:15 64896 c:\windows\system32\dllcache\serial.sys
    + 2012-02-12 05:11 . 2012-02-12 05:12 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
    - 2012-02-12 03:24 . 2012-02-12 03:25 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
    + 2011-12-21 18:41 . 2012-02-12 05:20 268164 c:\windows\system32\pghash.dat
    + 2005-08-30 21:07 . 2012-02-12 04:38 504792 c:\windows\system32\perfh009.dat
    - 2005-08-30 21:07 . 2012-02-12 02:30 504792 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
    "TBPanel"="c:\program files\Vtune\TBPanel.exe" [2010-09-02 2158592]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
    "!1_ProcessGuard_Startup"="c:\program files\ProcessGuard\procguard.exe" [2005-01-20 280064]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "DriverMax"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-01-19 8563624]
    "DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-01-19 8563624]
    "SplitCam"="c:\program files\SplitCam\SplitCam.exe" [2011-04-19 2809856]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-04 6497592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
    "NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
    "Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2010-02-03 5756544]
    "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
    "Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2011-10-22 3065568]
    "!1_pgaccount"="c:\program files\ProcessGuard\pgaccount.exe" [2005-01-20 184320]
    "StartupDelayer"="c:\program files\Startup Delayer\Startup Launcher GUI.exe" [2009-03-08 147456]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-08-15 659200]
    .
    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-19 27136]
    PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-19 27136]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\DISC\\DISCover.exe"=
    "c:\\Program Files\\DISC\\DiscStreamHub.exe"=
    "c:\\Program Files\\DISC\\myFTP.exe"=
    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
    "c:\\Program Files\\Internet\\Cerberus FTP\\Cerberus.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\ICQ6\\ICQ.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\msncall.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
    "c:\\Program Files\\Curse\\CurseClient.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
    "c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Internet\\BitComet\\BitComet.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Program Files\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "23327:TCP"= 23327:TCP:BitComet 23327 TCP
    "23327:UDP"= 23327:UDP:BitComet 23327 UDP
    "85:TCP"= 85:TCP:BroadWave Web Server
    "5191:TCP"= 5191:TCP:The Browser Highlighter XCOM
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "57575:TCP"= 57575:TCP:pando Media Booster
    "57575:UDP"= 57575:UDP:pando Media Booster
    "56833:TCP"= 56833:TCP:pando Media Booster
    "56833:UDP"= 56833:UDP:pando Media Booster
    "19540:UDP"= 19540:UDP:SXUPTP
    "443:UDP"= 443:UDP:eek:oVoo UDP port 443
    "37674:TCP"= 37674:TCP:eek:oVoo TCP port 37674
    "37674:UDP"= 37674:UDP:eek:oVoo UDP port 37674
    "37675:UDP"= 37675:UDP:eek:oVoo UDP port 37675
    "135:TCP"= 135:TCP:DCOM(135)
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
    R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [10/5/2009 1:31 PM 3712]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/30/2011 3:45 PM 64512]
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2/4/2012 3:16 PM 51984]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2/4/2012 3:16 PM 69392]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 248656]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 297168]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1/24/2012 5:39 PM 242240]
    R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [4/22/2010 12:46 AM 123856]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [4/22/2010 12:46 AM 41680]
    R2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [10/24/2009 12:53 AM 1127944]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/9/2004 4:00 PM 14336]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/31/2012 3:02 PM 7391072]
    R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [1/19/2011 2:07 PM 152064]
    R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [1/19/2011 2:07 PM 49152]
    R2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [10/31/2010 5:48 PM 16976]
    R2 DCSPGSRV;DiamondCS Process Guard Service v3.000;c:\program files\ProcessGuard\DCSUserProt.exe [12/20/2011 4:10 PM 69632]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
    R2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [10/26/2010 4:25 PM 319568]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/16/2011 6:58 PM 12184]
    R2 PFNet;Privacyware network service;c:\program files\Privacyware\Privatefirewall 7.0\pfsvc.exe [10/21/2011 9:57 PM 379328]
    R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [12/20/2011 4:10 PM 24911]
    R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [12/5/2010 7:13 PM 354176]
    R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\SXUPTP.SYS [1/19/2011 2:07 PM 16976]
    R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [1/24/2010 11:34 PM 70952]
    R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 27216]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [1/22/2010 12:21 PM 59904]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [1/22/2010 12:21 PM 139648]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/21/2012 1:49 AM 100456]
    R3 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [12/18/2011 7:10 PM 130360]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2/4/2012 3:16 PM 33552]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [12/3/2010 1:56 PM 2127728]
    S1 PDIDRV;PDIDRV; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2010 5:51 PM 136176]
    S2 NFService;Fastream IQ Web/FTP Server;c:\progra~1\FASTRE~2\IQWebFTPServerEngine.exe --> c:\progra~1\FASTRE~2\IQWebFTPServerEngine.exe [?]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [8/19/2011 7:43 PM 30312]
    S3 cpuz135;cpuz135;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [?]
    S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; [x]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2010 5:51 PM 136176]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [7/17/2010 2:02 AM 24576]
    S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [6/20/2011 10:31 AM 2152152]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [6/20/2011 10:31 AM 15232]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [4/30/2011 7:00 AM 42648]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [4/30/2011 7:00 AM 12184]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/28/2007 7:01 PM 42512]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 npkycryp;npkycryp; [x]
    S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [8/4/2011 2:27 AM 86016]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [1/19/2011 12:08 PM 590080]
    S3 SjyPkt;SjyPkt; [x]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [8/19/2011 7:43 PM 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\SSADMDFL.SYS [8/19/2011 7:43 PM 16976]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\SSADMDM.SYS [8/19/2011 7:43 PM 16976]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    S3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys --> c:\windows\system32\DRIVERS\C-itnt.sys [?]
    S4 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
    S4 sptd;sptd;c:\windows\system32\drivers\SPTD.SYS [11/11/2006 1:54 AM 16976]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - PGFILTER
    *Deregistered* - mchInjDrv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    MRESP50a64
    wps
    MSFWDrv
    point32
    MTC0001_ESB
    se59mgmt
    queuemgr
    cmdmon
    Nsynas32
    mirrorv3
    GTPTSER
    x10nets
    houdinilicenseserver
    sfhlp02
    mgabgexe
    int15
    wmconnectcds
    issimon
    NWFILTER
    s116nd5
    lusbaudio
    clmtomcatstartersvc
    foldersize
    ikfilesec
    centennialclientagent
    SaiH040B
    imap4d32
    nmindexingservice
    pclepci
    CAM1210
    portmapper
    lxbx_device
    dwusbdnt
    mcusrmgr
    SQTECH9080
    s117mdm
    iPassPeriodicUpdateApp
    SMCB000
    sthda
    st330service
    icraplus
    com0com
    lxbt_device
    cpqnicmgmt
    SaiNtHid
    toscosrv
    NuidFltr
    k56
    infrastructure
    vwlogger
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2011-01-19 20:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 07:40]
    .
    2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 22:51]
    .
    2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 22:51]
    .
    2012-02-10 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
    .
    2011-02-12 c:\windows\Tasks\switchShakeIcon.job
    - c:\program files\NCH Swift Sound\Switch\switch.exe [2010-05-08 21:58]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.atcomet.com/b/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: &D&ownload &with BitComet - c:\program files\Internet\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files\Internet\BitComet\BitComet.exe/AddAllLink.htm
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: Download all by NetXfer - c:\program files\Internet\NetXfer\NXAddList.html
    IE: Download by NetXfer - c:\program files\Internet\NetXfer\NXAddLink.html
    IE: Free YouTube Download - c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
    IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    IE: {{A3A0268C-3146-431d-84EE-2789B750ABD2} - {4E2E9E0B-6C23-45e9-A8A3-6A5581779451} - c:\program files\Bubbles\BubblesHBO.dll
    LSP: mswsock.dll
    Trusted Zone: trymedia.com
    TCP: DhcpNameServer = 192.168.2.1
    DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Internet\Mozilla Firefox 3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    FF - Ext: Link Alert: linkalert.conlan@addons.mozilla.com - %profile%\extensions\linkalert.conlan@addons.mozilla.com
    FF - Ext: VacuumPlaces Extension: VacuumPlaces@revertron.com - %profile%\extensions\VacuumPlaces@revertron.com
    FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com
    FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
    FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
    FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
    FF - Ext: Clear Cache Button: {563e4790-7e70-11da-a72b-0800200c9a66} - %profile%\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
    FF - Ext: Walnut for Firefox: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} - %profile%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
    FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    FF - Ext: View Cookies: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21} - %profile%\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
    FF - Ext: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
    FF - Ext: AvantGarde Rosepetal: {9f94fab0-58a2-11dd-ae16-0800200c9a66} - %profile%\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
    FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
    FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: Lazarus: Form Recovery: lazarus@interclue.com - %profile%\extensions\lazarus@interclue.com
    FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
    FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com
    FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    FF - Ext: Show my Password: {cd617372-6743-4ee4-bac4-fbf60f35719e} - %profile%\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
    FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
    FF - Ext: Better Facebook!: betterfacebook@mattkruse.com - %profile%\extensions\betterfacebook@mattkruse.com
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG10\Firefox
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-12 00:13
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\windows\$NtUninstallKB62280$:SummaryInformation 0 bytes hidden from API
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mchInjDrv]
    "ImagePath"="\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\mc21.tmp"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySQL]
    "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ThreatFire]
    "AlternateImagePath"=""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3220704123-1705262036-168104783-1007\Software\SecuROM\License information*]
    "datasecu"=hex:56,6a,f9,4a,a2,74,63,e0,5a,b2,45,7b,2d,a8,b5,b1,a5,61,80,30,ec,
    fd,11,38,6a,03,80,0d,de,c9,ca,7e,8e,96,76,21,57,e0,db,41,fb,69,67,95,2f,13,\
    "rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
    .
    [HKEY_LOCAL_MACHINE\software\’t*’0 ’ ’X*’p*’ \’0 ’O*’i*’*’N*’o*’g*’9 ’I*’t*’0 ’C*’  Ç*0 Á*’V*’i*’`’I*2*]
    "ShortcutName"="ƒ‰ƒOƒiƒƒNƒoƒgƒ‹ƒIƒtƒ‰ƒCƒ“’ljÁƒVƒiƒŠƒI2"
    .
    [HKEY_LOCAL_MACHINE\software\’t*’0 ’ ’X*’p*’ \’0 ’O*’i*’*’N*’o*’g*’9 ’I*’t*’0 ’C*’  Ç*0 Á*’V*’i*’`’I*3*]
    "ShortcutName"="ƒ‰ƒOƒiƒƒNƒoƒgƒ‹ƒIƒtƒ‰ƒCƒ“’ljÁƒVƒiƒŠƒI3"
    DUMPHIVE0.003 (REGF)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(364)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\ThreatFire\TFNI.dll
    c:\program files\ThreatFire\TFWAH.dll
    .
    - - - - - - - > 'lsass.exe'(628)
    c:\program files\ThreatFire\TFWAH.dll
    .
    - - - - - - - > 'Explorer.EXE'(1792)
    c:\program files\TortoiseSVN\bin\tortoisesvn.dll
    c:\windows\system32\MSWSOCK.dll
    mswsock.dll 71a50000 258048 \\?\globalroot\systemroot\system32\mswsock.dll
    c:\program files\TortoiseSVN\bin\intl3_svn.dll
    c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\ThreatFire\TFNI.dll
    c:\program files\ThreatFire\TFWAH.dll
    c:\program files\SuperCopier2\SC2Hook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\AVG\AVG10\avgrsx.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
    c:\windows\arservice.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\tbh\base\bin\tbhDaemon.exe
    c:\program files\ThreatFire\TFService.exe
    c:\program files\TortoiseSVN\bin\TSVNCache.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\hp\KBD\KBD.EXE
    c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    c:\windows\ARPWRMSG.EXE
    c:\windows\ehome\ehtray.exe
    c:\windows\eHome\ehmsas.exe
    c:\program files\DU Meter\DUMeter.exe
    c:\documents and settings\HP_Administrator\Local Settings\Apps\F.lux\flux.exe
    c:\windows\system\hpsysdrv.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-12 00:26:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-12 05:26
    ComboFix2.txt 2012-02-12 03:49
    .
    Pre-Run: 45,566,722,048 bytes free
    Post-Run: 45,534,126,080 bytes free
    .
    - - End Of File - - 1233420B88EC34D5162C577D803EDDA9
     
  14. rubydreamer

    rubydreamer TS Rookie Topic Starter Posts: 41

    Going to sleep, will be back around 9-10 AM likely.

    Thanks so much for the help so far!
     
  15. Broni

    Broni Malware Annihilator Posts: 46,863   +254

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
    NOTE. Make sure to reverse the above changes, when done with this step.
    Upload following files to http://www.virustotal.com/ for security check:
    - c:\windows\system32\drivers\serial.sys
    If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
     
  16. rubydreamer

    rubydreamer TS Rookie Topic Starter Posts: 41

    SHA256: d9fc869fa9a6b9574a1fce70e7b919d8f79e02b28967e49f6def83a84520ecdf
    SHA1: 32273de2107668e25e500ba3d9c3f18d85c1855c
    MD5: cd9404d115a00d249f70a371b46d5a26
    File size: 63.4 KB ( 64896 bytes )
    File name: serial.sys
    File type: Win32 EXE
    Detection ratio: 0 / 43
    Analysis date: 2012-02-12 15:17:44 UTC ( 0 minutes ago )
    0
    0
    Antivirus Result Update
    AhnLab-V3 - 20120212
    AntiVir - 20120210
    Antiy-AVL - 20120212
    Avast - 20120212
    AVG - 20120212
    BitDefender - 20120212
    ByteHero - 20120210
    CAT-QuickHeal - 20120212
    ClamAV - 20120211
    Commtouch - 20120211
    Comodo - 20120212
    DrWeb - 20120212
    Emsisoft - 20120212
    eSafe - 20120212
    eTrust-Vet - 20120211
    F-Prot - 20120211
    F-Secure - 20120212
    Fortinet - 20120212
    GData - 20120212
    Ikarus - 20120212
    Jiangmin - 20120212
    K7AntiVirus - 20120211
    Kaspersky - 20120212
    McAfee - 20120212
    McAfee-GW-Edition - 20120211
    Microsoft - 20120212
    NOD32 - 20120212
    Norman - 20120212
    nProtect - 20120212
    Panda - 20120212
    PCTools - 20120207
    Prevx - 20120212
    Rising - 20120210
    Sophos - 20120212
    SUPERAntiSpyware - 20120206
    Symantec - 20120212
    TheHacker - 20120212
    TrendMicro - 20120212
    TrendMicro-HouseCall - 20120212
    VBA32 - 20120210
    VIPRE - 20120212
    ViRobot - 20120212
    VirusBuster - 20120211

    Waiting to see if the few issues I had will still linger, or if this is really over...
     
  17. rubydreamer

    rubydreamer TS Rookie Topic Starter Posts: 41

    Nope, just got a popup from
    http://113594url.displayadfeed.com/...bookmarks_apps&fb_bmpos=1_0&amp;context=urgen care hours baptist&amp;selectedKeyword=apps.facebook.com/thesimssocial&amp;selectedListingId=7841516&amp;qs=JQwDFAMXaSFTVkVKQ0JZSQ1ORURuXVRGXlQQdV5FBhAdEVReXRMYEWVcXkFVQ1Q8HgZPSEBSCAs6WFFEYSQMAFFVBjcPFxdEQFpZX1oWFAcwG1BAQlUQcF5TVBcSSVlBXhETGWZPBgdRBFA1HU0UGBMRCwABSg9CPARIQgoRSCAdCh8KAxsKBg9NB1MaDVBEClYXIApVRUsVQAhaDxERFWdYXhRUAxdjHQ8dDU1ETxsdUlVANAAJTV5QEHZcU0RKVhMMABpARkg3VF9GXlIZYwMCBhoYEQ0tFxxiBz8ACU1bXRR0W1JEXxMdDVJcFhAXZVlLFB5YEGteU0dJQFIcHQIcSVUnGUhDDUASI0tRFBYWEgwdHVFXDzoHCx9JV0YoGw8GEFVGDwIbTVVIZjYMH0IVSDVLUBQYFBsHSl1FQFEjGkMWDQZFJwEMGVcTGwRKXBQTRycBCAMFCFM2AQAbGBwrWF5dFBgV

    Somethings still here, it was just hiding...
     
  18. Broni

    Broni Malware Annihilator Posts: 46,863   +254

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\$NtUninstallKB62280$
    
    Folder::
    c:\windows\$NtUninstallKB62280$
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  19. rubydreamer

    rubydreamer TS Rookie Topic Starter Posts: 41

    Ok took a while since today was a busy day at court but now there's no internet on my pc. Ping reports "unable to contact ip driver, error code 2"

    No idea how to post a log w/o internet...
     
  20. Broni

    Broni Malware Annihilator Posts: 46,863   +254

    Transfer the log to the computer you're posting from using USB flash drive.

    Then....

    Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  21. rubydreamer

    rubydreamer TS Rookie Topic Starter Posts: 41

    Farbar Service Scanner Version: 13-02-2012
    Ran by HP_Administrator (administrator) on 13-02-2012 at 19:46:24
    Running from "C:\Documents and Settings\HP_Administrator\Desktop"
    Microsoft Windows XP Professional Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============
    Dnscache Service is not running. Checking service configuration:
    The start type of Dnscache service is OK.
    The ImagePath of Dnscache service is OK.
    The ServiceDll of Dnscache service is OK.

    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.

    Tcpip Service is not running. Checking service configuration:
    The start type of Tcpip service is OK.
    The ImagePath of Tcpip service is OK.


    Connection Status:
    ==============
    Localhost is blocked.
    There is no connection to network.
    Attempt to access Google IP returned error: Other errors
    Attempt to access Yahoo IP returend error: Other errors


    Windows Firewall:
    =============
    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is OK.
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.


    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll
    [2004-08-09 16:00] - [2006-05-19 07:59] - 0111616 ____N (Microsoft Corporation) EF545E1A4B043DA4C84E230DD471C55F

    C:\WINDOWS\system32\Drivers\afd.sys
    [2004-08-09 16:00] - [2008-08-14 04:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

    C:\WINDOWS\system32\Drivers\netbt.sys
    [2012-02-12 20:42] - [2004-08-09 16:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

    C:\WINDOWS\system32\Drivers\tcpip.sys
    [2004-08-09 16:00] - [2008-06-20 05:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

    C:\WINDOWS\system32\Drivers\ipsec.sys
    [2004-08-09 16:00] - [2004-08-09 16:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

    C:\WINDOWS\system32\dnsrslvr.dll
    [2004-08-09 16:00] - [2008-02-20 00:32] - 0045568 ____A (Microsoft Corporation) AAC8FFBFD61E784FA3BAC851D4A0BD5F

    C:\WINDOWS\system32\ipnathlp.dll
    [2004-08-09 16:00] - [2004-08-09 16:00] - 0331264 ____N (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

    C:\WINDOWS\system32\netman.dll
    [2004-08-09 16:00] - [2005-08-22 13:29] - 0197632 ____A (Microsoft Corporation) 36739B39267914BA69AD0610A0299732

    C:\WINDOWS\system32\wbem\WMIsvc.dll
    [2004-08-09 16:00] - [2004-08-09 16:00] - 0144896 ____N (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

    C:\WINDOWS\system32\srsvc.dll
    [2004-08-09 16:00] - [2004-08-09 16:00] - 0170496 ____N (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

    C:\WINDOWS\system32\Drivers\sr.sys
    [2004-08-09 16:00] - [2004-08-09 16:00] - 0073472 ____N (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

    C:\WINDOWS\system32\wscsvc.dll
    [2004-08-09 16:00] - [2004-08-09 16:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

    C:\WINDOWS\system32\wbem\WMIsvc.dll
    [2004-08-09 16:00] - [2004-08-09 16:00] - 0144896 ____N (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

    C:\WINDOWS\system32\wuauserv.dll
    [2004-08-09 16:00] - [2004-08-09 16:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

    C:\WINDOWS\system32\qmgr.dll
    [2004-08-09 16:00] - [2004-08-09 16:00] - 0382464 ____N (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

    C:\WINDOWS\system32\es.dll
    [2004-08-09 16:00] - [2008-07-07 15:32] - 0253952 ____A (Microsoft Corporation) 60D1A6342238378BFB7545C81EE3606C

    C:\WINDOWS\system32\cryptsvc.dll
    [2004-08-09 16:00] - [2004-08-09 16:00] - 0060416 ____N (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

    C:\WINDOWS\system32\svchost.exe
    [2004-08-09 16:00] - [2004-08-09 16:00] - 0014336 ____N (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

    C:\WINDOWS\system32\rpcss.dll
    [2004-08-09 16:00] - [2009-02-09 05:20] - 0399360 ____A (Microsoft Corporation) 01095FEBF33BEEA00C2A0730B9B3EC28

    C:\WINDOWS\system32\services.exe
    [2004-08-09 16:00] - [2009-02-06 12:14] - 0110592 ____N (Microsoft Corporation) 37561F8D4160D62DA86D24AE41FAE8DE


    Extra List:
    =======
    Avgtdix(10) Bridge(12) BridgeMP(11) Gpc(6) IPSec(4) NetBT(5) PSched(7) pwipf6(13) Tcpip(3)
    0x0D00000004000000010000000200000003000000080000000A000000050000000600000007000000090000000B0000000C0000000D000000
    IpSec Tag value is correct.

    **** End of log ****
    ComboFix 12-02-11.03 - HP_Administrator 02/13/2012 17:45:01.3.6 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2645 [GMT -5:00]
    Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\cfscript.txt
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    FW: Privatefirewall *Disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}

    FILE ::
    "c:\windows\$NtUninstallKB62280$"
     
  22. Broni

    Broni Malware Annihilator Posts: 46,863   +254

    Combofix log is incomplete.
    Repost or redo.
     
  23. rubydreamer

    rubydreamer TS Rookie Topic Starter Posts: 41

    Ok, internet works again.

    ComboFix 12-02-11.03 - HP_Administrator 02/13/2012 20:33:53.4.6 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2660 [GMT -5:00]
    Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    FW: Privatefirewall *Disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}
    * Created a new restore point
    .
    FILE ::
    "c:\windows\$NTUninstallKB62280$"
    .
    The following files were disabled during the run:
    c:\program files\SuperCopier2\SC2Hook.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\$NtUninstallKB62280$\950507762
    c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
    .
    Infected copy of c:\windows\system32\drivers\dtsoftbus01.sys was found and disinfected
    Restored copy from - The cat found it :)
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-14 to 2012-02-14 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-14 01:31 . 2012-02-14 02:15 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-14 01:23 . 2012-01-24 22:43 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-02-13 01:42 . 2004-08-09 21:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-02-12 05:26 . 2012-02-12 05:26 -------- d-s---w- c:\windows\Cookies
    2012-02-12 04:37 . 2004-08-04 03:59 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
    2012-02-12 04:37 . 2004-08-04 03:59 36096 ----a-w- c:\windows\system32\dllcache\intelppm.sys
    2012-02-09 11:22 . 2012-02-09 11:22 -------- d-----w- C:\found.001
    2012-02-04 21:25 . 2012-02-04 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
    2012-02-04 21:25 . 2012-02-04 21:39 -------- d-----w- c:\program files\Security Task Manager
    2012-02-04 20:16 . 2011-02-22 18:57 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
    2012-02-04 20:16 . 2011-02-22 18:57 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
    2012-02-04 20:16 . 2011-02-22 18:57 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
    2012-02-04 20:16 . 2012-02-04 20:17 -------- d-----w- c:\program files\ThreatFire
    2012-02-04 20:16 . 2012-02-04 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2012-02-02 17:40 . 2012-02-02 17:44 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
    2012-01-29 20:26 . 2012-01-29 21:46 -------- d-----w- c:\program files\Argente - Uninstall Manager
    2012-01-24 22:38 . 2012-01-27 19:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DAEMON Tools Lite
    2012-01-24 22:22 . 2012-01-24 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
    2012-01-21 06:49 . 2011-11-09 11:21 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
    2012-01-21 06:49 . 2010-11-11 23:10 26216 ----a-w- c:\windows\system32\nvhdap32.dll
    2012-01-21 06:49 . 2010-11-11 23:10 100456 ----a-w- c:\windows\system32\drivers\nvhda32.sys
    2012-01-21 06:49 . 2004-08-04 04:15 140928 ----a-w- c:\windows\system32\drivers\ks.sys
    2012-01-21 06:49 . 2004-08-04 04:08 48640 ----a-w- c:\windows\system32\drivers\stream.sys
    2012-01-21 06:49 . 2004-08-04 04:08 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
    2012-01-21 06:49 . 2004-08-04 07:56 23552 ----a-w- c:\windows\system32\wdmaud.drv
    2012-01-21 06:49 . 2004-08-04 05:56 4096 ----a-w- c:\windows\system32\ksuser.dll
    2012-01-21 06:49 . 2004-08-04 05:56 130048 ----a-w- c:\windows\system32\ksproxy.ax
    2012-01-21 06:49 . 2004-03-16 17:58 136960 ----a-w- c:\windows\system32\drivers\portcls.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-26 17:33 . 2011-06-14 01:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-31 07:33 . 2011-12-31 07:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-12-27 08:00 . 2011-07-16 23:59 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2011-12-23 20:52 . 2011-08-20 00:43 16976 ----a-w- c:\windows\system32\drivers\SSADMDM.SYS
    2011-12-23 20:52 . 2011-08-20 00:43 16976 ----a-w- c:\windows\system32\drivers\SSADMDFL.SYS
    2011-12-23 20:52 . 2011-01-19 19:07 16976 ----a-w- c:\windows\system32\drivers\SXUPTP.SYS
    2011-12-23 20:52 . 2010-10-31 22:48 16976 ----a-w- c:\windows\system32\drivers\BT848.SYS
    2011-12-10 20:24 . 2008-07-30 21:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-14 20:01 . 2010-08-06 09:16 1618432 ----a-w- c:\program files\Default Programs Editor.exe
    2006-05-03 09:06 163328 --sha-r- c:\windows\system32\flvDX.dll
    2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 12:30 216064 --sha-r- c:\windows\system32\nbDX.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-02-12_03.29.53 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-02-14 02:15 . 2012-02-14 02:15 16384 c:\windows\Temp\Perflib_Perfdata_bc.dat
    + 2012-02-14 01:30 . 2012-02-14 01:30 16384 c:\windows\Temp\Perflib_Perfdata_1f4.dat
    + 2012-02-14 02:15 . 2012-02-14 02:15 16384 c:\windows\Temp\Perflib_Perfdata_164.dat
    - 2005-08-30 21:07 . 2012-02-12 02:30 88586 c:\windows\system32\perfc009.dat
    + 2005-08-30 21:07 . 2012-02-12 04:38 88586 c:\windows\system32\perfc009.dat
    - 2004-08-09 21:00 . 2004-08-09 21:00 64896 c:\windows\system32\drivers\serial.sys
    + 2004-08-09 21:00 . 2004-08-04 04:15 64896 c:\windows\system32\drivers\serial.sys
    + 2004-08-09 21:00 . 2004-08-04 04:15 64896 c:\windows\system32\dllcache\serial.sys
    - 2005-08-30 21:02 . 2012-02-07 04:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2005-08-30 21:02 . 2012-02-12 20:47 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2005-08-30 13:51 . 2012-02-07 04:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2005-08-30 13:51 . 2012-02-12 20:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2005-08-30 13:51 . 2012-02-07 04:12 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2012-02-12 20:47 . 2012-02-12 20:47 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2012-02-12 05:26 . 2012-02-12 05:13 16384 c:\windows\Cookies\index.dat
    + 2012-02-14 02:16 . 2012-02-14 02:16 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
    - 2012-02-12 03:24 . 2012-02-12 03:25 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
    + 2011-12-21 18:41 . 2012-02-14 02:26 272748 c:\windows\system32\pghash.dat
    + 2005-08-30 21:07 . 2012-02-12 04:38 504792 c:\windows\system32\perfh009.dat
    - 2005-08-30 21:07 . 2012-02-12 02:30 504792 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
    "TBPanel"="c:\program files\Vtune\TBPanel.exe" [2010-09-02 2158592]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
    "!1_ProcessGuard_Startup"="c:\program files\ProcessGuard\procguard.exe" [2005-01-20 280064]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "DriverMax"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-01-19 8563624]
    "DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-01-19 8563624]
    "SplitCam"="c:\program files\SplitCam\SplitCam.exe" [2011-04-19 2809856]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-04 6497592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
    "NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
    "Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2010-02-03 5756544]
    "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
    "Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2011-10-22 3065568]
    "!1_pgaccount"="c:\program files\ProcessGuard\pgaccount.exe" [2005-01-20 184320]
    "StartupDelayer"="c:\program files\Startup Delayer\Startup Launcher GUI.exe" [2009-03-08 147456]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-08-15 659200]
    .
    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-19 27136]
    PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-19 27136]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\DISC\\DISCover.exe"=
    "c:\\Program Files\\DISC\\DiscStreamHub.exe"=
    "c:\\Program Files\\DISC\\myFTP.exe"=
    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
    "c:\\Program Files\\Internet\\Cerberus FTP\\Cerberus.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\ICQ6\\ICQ.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\msncall.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
    "c:\\Program Files\\Curse\\CurseClient.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
    "c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Internet\\BitComet\\BitComet.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Program Files\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "23327:TCP"= 23327:TCP:BitComet 23327 TCP
    "23327:UDP"= 23327:UDP:BitComet 23327 UDP
    "85:TCP"= 85:TCP:BroadWave Web Server
    "5191:TCP"= 5191:TCP:The Browser Highlighter XCOM
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "57575:TCP"= 57575:TCP:pando Media Booster
    "57575:UDP"= 57575:UDP:pando Media Booster
    "56833:TCP"= 56833:TCP:pando Media Booster
    "56833:UDP"= 56833:UDP:pando Media Booster
    "19540:UDP"= 19540:UDP:SXUPTP
    "443:UDP"= 443:UDP:eek:oVoo UDP port 443
    "37674:TCP"= 37674:TCP:eek:oVoo TCP port 37674
    "37674:UDP"= 37674:UDP:eek:oVoo UDP port 37674
    "37675:UDP"= 37675:UDP:eek:oVoo UDP port 37675
    "135:TCP"= 135:TCP:DCOM(135)
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
    R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [10/5/2009 1:31 PM 3712]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/30/2011 3:45 PM 64512]
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2/4/2012 3:16 PM 51984]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2/4/2012 3:16 PM 69392]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 248656]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 297168]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2/13/2012 8:23 PM 242240]
    R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [4/22/2010 12:46 AM 123856]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [4/22/2010 12:46 AM 41680]
    R2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [10/24/2009 12:53 AM 1127944]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/9/2004 4:00 PM 14336]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/31/2012 3:02 PM 7391072]
    R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [1/19/2011 2:07 PM 152064]
    R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [1/19/2011 2:07 PM 49152]
    R2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [10/31/2010 5:48 PM 16976]
    R2 DCSPGSRV;DiamondCS Process Guard Service v3.000;c:\program files\ProcessGuard\DCSUserProt.exe [12/20/2011 4:10 PM 69632]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
    R2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [10/26/2010 4:25 PM 319568]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/16/2011 6:58 PM 12184]
    R2 PFNet;Privacyware network service;c:\program files\Privacyware\Privatefirewall 7.0\pfsvc.exe [10/21/2011 9:57 PM 379328]
    R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [12/20/2011 4:10 PM 24911]
    R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [12/5/2010 7:13 PM 354176]
    R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\SXUPTP.SYS [1/19/2011 2:07 PM 16976]
    R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [1/24/2010 11:34 PM 70952]
    R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 27216]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [1/22/2010 12:21 PM 59904]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [1/22/2010 12:21 PM 139648]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/21/2012 1:49 AM 100456]
    R3 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [12/18/2011 7:10 PM 130360]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2/4/2012 3:16 PM 33552]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [12/3/2010 1:56 PM 2127728]
    S1 PDIDRV;PDIDRV; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2010 5:51 PM 136176]
    S2 NFService;Fastream IQ Web/FTP Server;c:\progra~1\FASTRE~2\IQWebFTPServerEngine.exe --> c:\progra~1\FASTRE~2\IQWebFTPServerEngine.exe [?]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [8/19/2011 7:43 PM 30312]
    S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; [x]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2010 5:51 PM 136176]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [7/17/2010 2:02 AM 24576]
    S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [6/20/2011 10:31 AM 2152152]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [6/20/2011 10:31 AM 15232]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [4/30/2011 7:00 AM 42648]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [4/30/2011 7:00 AM 12184]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/28/2007 7:01 PM 42512]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 npkycryp;npkycryp; [x]
    S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [8/4/2011 2:27 AM 86016]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [1/19/2011 12:08 PM 590080]
    S3 SjyPkt;SjyPkt; [x]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [8/19/2011 7:43 PM 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\SSADMDFL.SYS [8/19/2011 7:43 PM 16976]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\SSADMDM.SYS [8/19/2011 7:43 PM 16976]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    S3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys --> c:\windows\system32\DRIVERS\C-itnt.sys [?]
    S4 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
    S4 sptd;sptd;c:\windows\system32\drivers\SPTD.SYS [11/11/2006 1:54 AM 16976]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - PGFILTER
    *Deregistered* - mchInjDrv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    MRESP50a64
    wps
    MSFWDrv
    point32
    MTC0001_ESB
    se59mgmt
    queuemgr
    cmdmon
    Nsynas32
    mirrorv3
    GTPTSER
    x10nets
    houdinilicenseserver
    sfhlp02
    mgabgexe
    int15
    wmconnectcds
    issimon
    NWFILTER
    s116nd5
    lusbaudio
    clmtomcatstartersvc
    foldersize
    ikfilesec
    centennialclientagent
    SaiH040B
    imap4d32
    nmindexingservice
    pclepci
    CAM1210
    portmapper
    lxbx_device
    dwusbdnt
    mcusrmgr
    SQTECH9080
    s117mdm
    iPassPeriodicUpdateApp
    SMCB000
    sthda
    st330service
    icraplus
    com0com
    lxbt_device
    cpqnicmgmt
    SaiNtHid
    toscosrv
    NuidFltr
    k56
    infrastructure
    vwlogger
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2011-01-19 20:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 07:40]
    .
    2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 22:51]
    .
    2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 22:51]
    .
    2012-02-12 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
    .
    2011-02-12 c:\windows\Tasks\switchShakeIcon.job
    - c:\program files\NCH Swift Sound\Switch\switch.exe [2010-05-08 21:58]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.atcomet.com/b/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: &D&ownload &with BitComet - c:\program files\Internet\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files\Internet\BitComet\BitComet.exe/AddAllLink.htm
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: Download all by NetXfer - c:\program files\Internet\NetXfer\NXAddList.html
    IE: Download by NetXfer - c:\program files\Internet\NetXfer\NXAddLink.html
    IE: Free YouTube Download - c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
    IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    IE: {{A3A0268C-3146-431d-84EE-2789B750ABD2} - {4E2E9E0B-6C23-45e9-A8A3-6A5581779451} - c:\program files\Bubbles\BubblesHBO.dll
    LSP: mswsock.dll
    Trusted Zone: trymedia.com
    TCP: DhcpNameServer = 192.168.2.1
    DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Internet\Mozilla Firefox 3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    FF - Ext: Link Alert: linkalert.conlan@addons.mozilla.com - %profile%\extensions\linkalert.conlan@addons.mozilla.com
    FF - Ext: VacuumPlaces Extension: VacuumPlaces@revertron.com - %profile%\extensions\VacuumPlaces@revertron.com
    FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com
    FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
    FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
    FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
    FF - Ext: Clear Cache Button: {563e4790-7e70-11da-a72b-0800200c9a66} - %profile%\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
    FF - Ext: Walnut for Firefox: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} - %profile%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
    FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    FF - Ext: View Cookies: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21} - %profile%\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
    FF - Ext: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
    FF - Ext: AvantGarde Rosepetal: {9f94fab0-58a2-11dd-ae16-0800200c9a66} - %profile%\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
    FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
    FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: Lazarus: Form Recovery: lazarus@interclue.com - %profile%\extensions\lazarus@interclue.com
    FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
    FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com
    FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    FF - Ext: Show my Password: {cd617372-6743-4ee4-bac4-fbf60f35719e} - %profile%\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
    FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
    FF - Ext: Better Facebook!: betterfacebook@mattkruse.com - %profile%\extensions\betterfacebook@mattkruse.com
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG10\Firefox
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-13 21:18
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\windows\$NtUninstallKB62280$:SummaryInformation 0 bytes hidden from API
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.dtsoftbus01]
    "ImagePath"="\?"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mchInjDrv]
    "ImagePath"="\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\mc23.tmp"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySQL]
    "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ThreatFire]
    "AlternateImagePath"=""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3220704123-1705262036-168104783-1007\Software\SecuROM\License information*]
    "datasecu"=hex:56,6a,f9,4a,a2,74,63,e0,5a,b2,45,7b,2d,a8,b5,b1,a5,61,80,30,ec,
    fd,11,38,6a,03,80,0d,de,c9,ca,7e,8e,96,76,21,57,e0,db,41,fb,69,67,95,2f,13,\
    "rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
    .
    [HKEY_LOCAL_MACHINE\software\’t*’0 ’ ’X*’p*’ \’0 ’O*’i*’*’N*’o*’g*’9 ’I*’t*’0 ’C*’  Ç*0 Á*’V*’i*’`’I*2*]
    "ShortcutName"="ƒ‰ƒOƒiƒƒNƒoƒgƒ‹ƒIƒtƒ‰ƒCƒ“’ljÁƒVƒiƒŠƒI2"
    .
    [HKEY_LOCAL_MACHINE\software\’t*’0 ’ ’X*’p*’ \’0 ’O*’i*’*’N*’o*’g*’9 ’I*’t*’0 ’C*’  Ç*0 Á*’V*’i*’`’I*3*]
    "ShortcutName"="ƒ‰ƒOƒiƒƒNƒoƒgƒ‹ƒIƒtƒ‰ƒCƒ“’ljÁƒVƒiƒŠƒI3"
    DUMPHIVE0.003 (REGF)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(324)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\ThreatFire\TFNI.dll
    c:\program files\ThreatFire\TFWAH.dll
    .
    - - - - - - - > 'lsass.exe'(592)
    c:\windows\system32\mswsock.dll
    mswsock.dll 71a50000 258048 \\.\globalroot\systemroot\system32\mswsock.dll
    c:\program files\ThreatFire\TFWAH.dll
    .
    - - - - - - - > 'Explorer.EXE'(1716)
    c:\program files\TortoiseSVN\bin\tortoisesvn.dll
    c:\windows\system32\MSWSOCK.dll
    mswsock.dll 71a50000 258048 \\?\globalroot\systemroot\system32\mswsock.dll
    c:\program files\TortoiseSVN\bin\intl3_svn.dll
    c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\ThreatFire\TFNI.dll
    c:\program files\ThreatFire\TFWAH.dll
    c:\program files\SuperCopier2\SC2Hook.dll
    c:\program files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll
    c:\program files\Avi2Dvd\Programs\Filters\Haali media splitter\mkunicode.dll
    c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\AVG\AVG10\avgrsx.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
    c:\windows\arservice.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\ThreatFire\TFService.exe
    c:\program files\tbh\base\bin\tbhDaemon.exe
    c:\program files\TortoiseSVN\bin\TSVNCache.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\hp\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    c:\program files\Common Files\InstallShield\UpdateService\agent.exe
    c:\program files\Java\jre1.5.0_06\bin\jusched.exe
    c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    c:\windows\ARPWRMSG.EXE
    c:\windows\ehome\ehtray.exe
    c:\windows\eHome\ehmsas.exe
    c:\program files\DU Meter\DUMeter.exe
    c:\program files\DISC\DiscUpdMgr.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-13 21:42:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-14 02:42
    ComboFix2.txt 2012-02-12 05:26
    ComboFix3.txt 2012-02-12 03:49
    .
    Pre-Run: 45,386,985,472 bytes free
    Post-Run: 45,372,592,128 bytes free
    .
    - - End Of File - - 37AADC7BFA95583B27554543CF09E145
     
  24. Broni

    Broni Malware Annihilator Posts: 46,863   +254

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\dds_trash_log.cmd
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    
    Folder::
    c:\windows\$NtUninstallKB62280$
    
    Driver::
    
    Registry::
    [-HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mchInjDrv]
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  25. rubydreamer

    rubydreamer TS Rookie Topic Starter Posts: 41

    ComboFix 12-02-11.03 - HP_Administrator 02/14/2012 13:00:30.5.6 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2642 [GMT -5:00]
    Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    FW: Privatefirewall *Disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\$NtUninstallKB62280$\1921239767
    c:\windows\$NtUninstallKB62280$\485945278\@
    c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
    c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
    c:\windows\$NtUninstallKB62280$\485945278\L\aqaeidou
    c:\windows\$NtUninstallKB62280$\485945278\oemid
    c:\windows\$NtUninstallKB62280$\485945278\U\00000001.@
    c:\windows\$NtUninstallKB62280$\485945278\U\00000002.@
    c:\windows\$NtUninstallKB62280$\485945278\U\00000004.@
    c:\windows\$NtUninstallKB62280$\485945278\U\80000000.@
    c:\windows\$NtUninstallKB62280$\485945278\U\80000004.@
    c:\windows\$NtUninstallKB62280$\485945278\U\80000032.@
    c:\windows\$NtUninstallKB62280$\485945278\version
    c:\windows\$NtUninstallKB62280$\485945278\cfg.ini . . . . Failed to delete
    c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
    .
    Infected copy of c:\windows\system32\drivers\serial.sys was found and disinfected
    Restored copy from - The cat found it :)
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-14 to 2012-02-14 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-14 06:33 . 2004-08-04 04:15 64896 ----a-w- c:\windows\system32\drivers\serial.sys
    2012-02-14 01:31 . 2012-02-14 17:51 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-14 01:23 . 2012-01-24 22:43 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-02-13 01:42 . 2004-08-09 21:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-02-12 05:26 . 2012-02-12 05:26 -------- d-s---w- c:\windows\Cookies
    2012-02-12 04:37 . 2004-08-04 03:59 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
    2012-02-12 04:37 . 2004-08-04 03:59 36096 ----a-w- c:\windows\system32\dllcache\intelppm.sys
    2012-02-09 11:22 . 2012-02-09 11:22 -------- d-----w- C:\found.001
    2012-02-04 21:25 . 2012-02-04 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
    2012-02-04 21:25 . 2012-02-04 21:39 -------- d-----w- c:\program files\Security Task Manager
    2012-02-04 20:16 . 2011-02-22 18:57 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
    2012-02-04 20:16 . 2011-02-22 18:57 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
    2012-02-04 20:16 . 2011-02-22 18:57 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
    2012-02-04 20:16 . 2012-02-04 20:17 -------- d-----w- c:\program files\ThreatFire
    2012-02-04 20:16 . 2012-02-04 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2012-02-02 17:40 . 2012-02-02 17:44 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
    2012-01-29 20:26 . 2012-01-29 21:46 -------- d-----w- c:\program files\Argente - Uninstall Manager
    2012-01-24 22:38 . 2012-01-27 19:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DAEMON Tools Lite
    2012-01-24 22:22 . 2012-01-24 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
    2012-01-21 06:49 . 2011-11-09 11:21 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
    2012-01-21 06:49 . 2010-11-11 23:10 26216 ----a-w- c:\windows\system32\nvhdap32.dll
    2012-01-21 06:49 . 2010-11-11 23:10 100456 ----a-w- c:\windows\system32\drivers\nvhda32.sys
    2012-01-21 06:49 . 2004-08-04 04:15 140928 ----a-w- c:\windows\system32\drivers\ks.sys
    2012-01-21 06:49 . 2004-08-04 04:08 48640 ----a-w- c:\windows\system32\drivers\stream.sys
    2012-01-21 06:49 . 2004-08-04 04:08 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
    2012-01-21 06:49 . 2004-08-04 07:56 23552 ----a-w- c:\windows\system32\wdmaud.drv
    2012-01-21 06:49 . 2004-08-04 05:56 4096 ----a-w- c:\windows\system32\ksuser.dll
    2012-01-21 06:49 . 2004-08-04 05:56 130048 ----a-w- c:\windows\system32\ksproxy.ax
    2012-01-21 06:49 . 2004-03-16 17:58 136960 ----a-w- c:\windows\system32\drivers\portcls.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-26 17:33 . 2011-06-14 01:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-31 07:33 . 2011-12-31 07:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-12-27 08:00 . 2011-07-16 23:59 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2011-12-23 20:52 . 2011-08-20 00:43 16976 ----a-w- c:\windows\system32\drivers\SSADMDM.SYS
    2011-12-23 20:52 . 2011-08-20 00:43 16976 ----a-w- c:\windows\system32\drivers\SSADMDFL.SYS
    2011-12-23 20:52 . 2011-01-19 19:07 16976 ----a-w- c:\windows\system32\drivers\SXUPTP.SYS
    2011-12-23 20:52 . 2010-10-31 22:48 16976 ----a-w- c:\windows\system32\drivers\BT848.SYS
    2011-12-10 20:24 . 2008-07-30 21:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-14 20:01 . 2010-08-06 09:16 1618432 ----a-w- c:\program files\Default Programs Editor.exe
    2006-05-03 09:06 163328 --sha-r- c:\windows\system32\flvDX.dll
    2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 12:30 216064 --sha-r- c:\windows\system32\nbDX.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-02-12_03.29.53 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-02-14 18:29 . 2012-02-14 18:29 16384 c:\windows\Temp\Perflib_Perfdata_304.dat
    + 2012-02-14 18:29 . 2012-02-14 18:29 16384 c:\windows\Temp\Perflib_Perfdata_194.dat
    + 2005-08-30 21:07 . 2012-02-12 04:38 88586 c:\windows\system32\perfc009.dat
    - 2005-08-30 21:07 . 2012-02-12 02:30 88586 c:\windows\system32\perfc009.dat
    + 2004-08-09 21:00 . 2004-08-04 04:15 64896 c:\windows\system32\dllcache\serial.sys
    + 2005-08-30 21:02 . 2012-02-12 20:47 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2005-08-30 21:02 . 2012-02-07 04:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2005-08-30 13:51 . 2012-02-07 04:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2005-08-30 13:51 . 2012-02-12 20:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2012-02-12 05:26 . 2012-02-14 02:18 16384 c:\windows\Cookies\index.dat
    - 2012-02-12 03:24 . 2012-02-12 03:25 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
    + 2012-02-14 18:29 . 2012-02-14 18:30 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
    + 2011-12-21 18:41 . 2012-02-14 18:37 274276 c:\windows\system32\pghash.dat
    - 2005-08-30 21:07 . 2012-02-12 02:30 504792 c:\windows\system32\perfh009.dat
    + 2005-08-30 21:07 . 2012-02-12 04:38 504792 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
    "TBPanel"="c:\program files\Vtune\TBPanel.exe" [2010-09-02 2158592]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
    "!1_ProcessGuard_Startup"="c:\program files\ProcessGuard\procguard.exe" [2005-01-20 280064]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "DriverMax"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-01-19 8563624]
    "DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-01-19 8563624]
    "SplitCam"="c:\program files\SplitCam\SplitCam.exe" [2011-04-19 2809856]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-04 6497592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
    "NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
    "Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2010-02-03 5756544]
    "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
    "Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2011-10-22 3065568]
    "!1_pgaccount"="c:\program files\ProcessGuard\pgaccount.exe" [2005-01-20 184320]
    "StartupDelayer"="c:\program files\Startup Delayer\Startup Launcher GUI.exe" [2009-03-08 147456]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-08-15 659200]
    .
    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-19 27136]
    PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-19 27136]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\DISC\\DISCover.exe"=
    "c:\\Program Files\\DISC\\DiscStreamHub.exe"=
    "c:\\Program Files\\DISC\\myFTP.exe"=
    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
    "c:\\Program Files\\Internet\\Cerberus FTP\\Cerberus.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\ICQ6\\ICQ.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\msncall.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
    "c:\\Program Files\\Curse\\CurseClient.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
    "c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Internet\\BitComet\\BitComet.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Program Files\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "23327:TCP"= 23327:TCP:BitComet 23327 TCP
    "23327:UDP"= 23327:UDP:BitComet 23327 UDP
    "85:TCP"= 85:TCP:BroadWave Web Server
    "5191:TCP"= 5191:TCP:The Browser Highlighter XCOM
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "57575:TCP"= 57575:TCP:pando Media Booster
    "57575:UDP"= 57575:UDP:pando Media Booster
    "56833:TCP"= 56833:TCP:pando Media Booster
    "56833:UDP"= 56833:UDP:pando Media Booster
    "19540:UDP"= 19540:UDP:SXUPTP
    "443:UDP"= 443:UDP:eek:oVoo UDP port 443
    "37674:TCP"= 37674:TCP:eek:oVoo TCP port 37674
    "37674:UDP"= 37674:UDP:eek:oVoo UDP port 37674
    "37675:UDP"= 37675:UDP:eek:oVoo UDP port 37675
    "135:TCP"= 135:TCP:DCOM(135)
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
    R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [10/5/2009 1:31 PM 3712]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/30/2011 3:45 PM 64512]
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2/4/2012 3:16 PM 51984]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2/4/2012 3:16 PM 69392]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 248656]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 297168]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2/13/2012 8:23 PM 242240]
    R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [4/22/2010 12:46 AM 123856]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [4/22/2010 12:46 AM 41680]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/9/2004 4:00 PM 14336]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/31/2012 3:02 PM 7391072]
    R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [1/19/2011 2:07 PM 152064]
    R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [1/19/2011 2:07 PM 49152]
    R2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [10/31/2010 5:48 PM 16976]
    R2 DCSPGSRV;DiamondCS Process Guard Service v3.000;c:\program files\ProcessGuard\DCSUserProt.exe [12/20/2011 4:10 PM 69632]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
    R2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [10/26/2010 4:25 PM 319568]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/16/2011 6:58 PM 12184]
    R2 PFNet;Privacyware network service;c:\program files\Privacyware\Privatefirewall 7.0\pfsvc.exe [10/21/2011 9:57 PM 379328]
    R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [12/20/2011 4:10 PM 24911]
    R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [12/5/2010 7:13 PM 354176]
    R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\SXUPTP.SYS [1/19/2011 2:07 PM 16976]
    R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [1/24/2010 11:34 PM 70952]
    R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 27216]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [1/22/2010 12:21 PM 59904]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [1/22/2010 12:21 PM 139648]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/21/2012 1:49 AM 100456]
    R3 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [12/18/2011 7:10 PM 130360]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2/4/2012 3:16 PM 33552]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [12/3/2010 1:56 PM 2127728]
    S1 PDIDRV;PDIDRV; [x]
    S2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [10/24/2009 12:53 AM 1127944]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2010 5:51 PM 136176]
    S2 NFService;Fastream IQ Web/FTP Server;c:\progra~1\FASTRE~2\IQWebFTPServerEngine.exe --> c:\progra~1\FASTRE~2\IQWebFTPServerEngine.exe [?]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [8/19/2011 7:43 PM 30312]
    S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; [x]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2010 5:51 PM 136176]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [7/17/2010 2:02 AM 24576]
    S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [6/20/2011 10:31 AM 2152152]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [6/20/2011 10:31 AM 15232]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [4/30/2011 7:00 AM 42648]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [4/30/2011 7:00 AM 12184]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/28/2007 7:01 PM 42512]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 npkycryp;npkycryp; [x]
    S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [8/4/2011 2:27 AM 86016]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [1/19/2011 12:08 PM 590080]
    S3 SjyPkt;SjyPkt; [x]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [8/19/2011 7:43 PM 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\SSADMDFL.SYS [8/19/2011 7:43 PM 16976]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\SSADMDM.SYS [8/19/2011 7:43 PM 16976]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    S3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys --> c:\windows\system32\DRIVERS\C-itnt.sys [?]
    S4 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
    S4 sptd;sptd;c:\windows\system32\drivers\SPTD.SYS [11/11/2006 1:54 AM 16976]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mchInjDrv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    MRESP50a64
    wps
    MSFWDrv
    point32
    MTC0001_ESB
    se59mgmt
    queuemgr
    cmdmon
    Nsynas32
    mirrorv3
    GTPTSER
    x10nets
    houdinilicenseserver
    sfhlp02
    mgabgexe
    int15
    wmconnectcds
    issimon
    NWFILTER
    s116nd5
    lusbaudio
    clmtomcatstartersvc
    foldersize
    ikfilesec
    centennialclientagent
    SaiH040B
    imap4d32
    nmindexingservice
    pclepci
    CAM1210
    portmapper
    lxbx_device
    dwusbdnt
    mcusrmgr
    SQTECH9080
    s117mdm
    iPassPeriodicUpdateApp
    SMCB000
    sthda
    st330service
    icraplus
    com0com
    lxbt_device
    cpqnicmgmt
    SaiNtHid
    toscosrv
    NuidFltr
    k56
    infrastructure
    vwlogger
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2011-01-19 20:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 07:40]
    .
    2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 22:51]
    .
    2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 22:51]
    .
    2012-02-12 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
    .
    2011-02-12 c:\windows\Tasks\switchShakeIcon.job
    - c:\program files\NCH Swift Sound\Switch\switch.exe [2010-05-08 21:58]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.atcomet.com/b/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: &D&ownload &with BitComet - c:\program files\Internet\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files\Internet\BitComet\BitComet.exe/AddAllLink.htm
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: Download all by NetXfer - c:\program files\Internet\NetXfer\NXAddList.html
    IE: Download by NetXfer - c:\program files\Internet\NetXfer\NXAddLink.html
    IE: Free YouTube Download - c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
    IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    IE: {{A3A0268C-3146-431d-84EE-2789B750ABD2} - {4E2E9E0B-6C23-45e9-A8A3-6A5581779451} - c:\program files\Bubbles\BubblesHBO.dll
    Trusted Zone: trymedia.com
    DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Internet\Mozilla Firefox 3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    FF - Ext: Link Alert: linkalert.conlan@addons.mozilla.com - %profile%\extensions\linkalert.conlan@addons.mozilla.com
    FF - Ext: VacuumPlaces Extension: VacuumPlaces@revertron.com - %profile%\extensions\VacuumPlaces@revertron.com
    FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com
    FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
    FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
    FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
    FF - Ext: Clear Cache Button: {563e4790-7e70-11da-a72b-0800200c9a66} - %profile%\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
    FF - Ext: Walnut for Firefox: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} - %profile%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
    FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    FF - Ext: View Cookies: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21} - %profile%\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
    FF - Ext: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
    FF - Ext: AvantGarde Rosepetal: {9f94fab0-58a2-11dd-ae16-0800200c9a66} - %profile%\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
    FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
    FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: Lazarus: Form Recovery: lazarus@interclue.com - %profile%\extensions\lazarus@interclue.com
    FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
    FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com
    FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    FF - Ext: Show my Password: {cd617372-6743-4ee4-bac4-fbf60f35719e} - %profile%\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
    FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
    FF - Ext: Better Facebook!: betterfacebook@mattkruse.com - %profile%\extensions\betterfacebook@mattkruse.com
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG10\Firefox
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-14 13:31
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\windows\$NtUninstallKB62280$:SummaryInformation 0 bytes hidden from API
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.dtsoftbus01]
    "ImagePath"="\?"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mchInjDrv]
    "ImagePath"="\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\mc21.tmp"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySQL]
    "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ThreatFire]
    "AlternateImagePath"=""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3220704123-1705262036-168104783-1007\Software\SecuROM\License information*]
    "datasecu"=hex:56,6a,f9,4a,a2,74,63,e0,5a,b2,45,7b,2d,a8,b5,b1,a5,61,80,30,ec,
    fd,11,38,6a,03,80,0d,de,c9,ca,7e,8e,96,76,21,57,e0,db,41,fb,69,67,95,2f,13,\
    "rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
    .
    [HKEY_LOCAL_MACHINE\software\’t*’0 ’ ’X*’p*’ \’0 ’O*’i*’*’N*’o*’g*’9 ’I*’t*’0 ’C*’  Ç*0 Á*’V*’i*’`’I*2*]
    "ShortcutName"="ƒ‰ƒOƒiƒƒNƒoƒgƒ‹ƒIƒtƒ‰ƒCƒ“’ljÁƒVƒiƒŠƒI2"
    .
    [HKEY_LOCAL_MACHINE\software\’t*’0 ’ ’X*’p*’ \’0 ’O*’i*’*’N*’o*’g*’9 ’I*’t*’0 ’C*’  Ç*0 Á*’V*’i*’`’I*3*]
    "ShortcutName"="ƒ‰ƒOƒiƒƒNƒoƒgƒ‹ƒIƒtƒ‰ƒCƒ“’ljÁƒVƒiƒŠƒI3"
    DUMPHIVE0.003 (REGF)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(336)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\ThreatFire\TFWAH.dll
    c:\program files\ThreatFire\TFNI.dll
    .
    - - - - - - - > 'lsass.exe'(608)
    c:\program files\ThreatFire\TFWAH.dll
    .
    - - - - - - - > 'Explorer.EXE'(2472)
    c:\program files\TortoiseSVN\bin\tortoisesvn.dll
    c:\program files\TortoiseSVN\bin\intl3_svn.dll
    c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
    c:\program files\ThreatFire\TFWAH.dll
    c:\program files\ThreatFire\TFNI.dll
    c:\windows\system32\WSOCK32.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\SuperCopier2\SC2Hook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\AVG\AVG10\avgrsx.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
    c:\windows\arservice.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\ThreatFire\TFService.exe
    c:\program files\tbh\base\bin\tbhDaemon.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\TortoiseSVN\bin\TSVNCache.exe
    c:\hp\KBD\KBD.EXE
    c:\windows\system32\RUNDLL32.EXE
    c:\windows\system\hpsysdrv.exe
    c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    c:\windows\ARPWRMSG.EXE
    c:\windows\ehome\ehtray.exe
    c:\windows\eHome\ehmsas.exe
    c:\program files\DU Meter\DUMeter.exe
    c:\program files\DISC\DiscUpdMgr.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-14 13:43:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-14 18:43
    ComboFix2.txt 2012-02-14 02:42
    ComboFix3.txt 2012-02-12 05:26
    ComboFix4.txt 2012-02-12 03:49
    .
    Pre-Run: 45,356,290,048 bytes free
    Post-Run: 45,311,131,648 bytes free
    .
    - - End Of File - - 2CAB57BAFEE0C43E61FFC8D7C252E5F1
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.