Jump to content
TeraBytes

Backdoor.Bot ==> taskbar and networking issues

Recommended Posts

I double clicked a file i downloaded ... the cursor had an hourglass next to it for a few moments and then nothing happenned (I immediatly knew I had just run malware) ... I ran malwarebytes with the lates definitions in QuickScan and it found three Backdoor.Bot instances (I don't have the log anymore but if i remember it was a svhost file, something in registry and another thing) ... when I clicked restart to remove the files, I got an error 372 and the language bar went all the way to the left next to the start button and the wireless and LAN icons dissapeared.

I restarted in safemode and after running avira antivir, it detected:

TR/Dropper.Gen (C:/WINDOWS/x32dett.exe)

TR/Buzus.cqej.0 (C:/WINDOWS/x32dett.exe)

My system seems to be clean now ... but i would like to repair the damage left behind, please help

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:18:54, on 1/25/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Sandboxie\SbieSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Launch Manager\dsiwmis.exe

C:\WINDOWS\system32\hasplms.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe

C:\Program Files\Launch Manager\LManager.exe

C:\WINDOWS\snuvcdsm.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\WINDOWS\vsnp325.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Launch Manager\LMworker.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe

C:\Program Files\Sandboxie\SbieCtrl.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Larousse\Petit Larousse 2010\bin\Hyperappel.exe

C:\WINDOWS\system32\taskmgr.exe

D:\Miscellaneous\Software\Security Software\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=A...84wum5r46n2r739

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=A...84wum5r46n2r739

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...84wum5r46n2r739

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000325.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)

O3 - Toolbar: IMDb Toolbar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files\IMDb Toolbar\IMDbToolbar.9.40.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe

O4 - HKLM\..\Run: [snp2uvc] rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS

O4 - HKLM\..\Run: [snuvcdsm] C:\WINDOWS\snuvcdsm.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme

O4 - HKCU\..\Run: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"

O4 - HKUS\S-1-5-21-1282138258-1060862045-1822439336-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-1282138258-1060862045-1822439336-1006\..\Run: [sRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme (User '?')

O4 - HKUS\S-1-5-21-1282138258-1060862045-1822439336-1006\..\Run: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Hyperappel du Petit Larousse 2010.lnk = C:\Program Files\Larousse\Petit Larousse 2010\bin\Hyperappel.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item:

Share this post


Link to post
Share on other sites

Hello TeraBytes! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Before we go, please visit www.virustotal.com and upload the following file.

C:\WINDOWS\system32\csnp2uvc.dll

Share this post


Link to post
Share on other sites
Before we go, please visit www.virustotal.com and upload the following file.

C:\WINDOWS\system32\csnp2uvc.dll

The infected computer cannot connect to the internet anymore.

I'm accessing the internet from a clean computer

is it wise to transfer csnp2uvc.dll to the clean computer ?

Share this post


Link to post
Share on other sites

As I said, infected computer won't connect to the internet and won't allow me to copy/paste the suspect file onto a USB key so I can send the file from a clean, connected computer.

Let us suppose that the file is malicious ... what do I do next ?

Share this post


Link to post
Share on other sites

Step 1

Please, open HiJackThis and select Do a system scan only.

Check the following entries:

R3 - URLSearchHook: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)

O2 - BHO: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)

O3 - Toolbar: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)

Then, close all open windows except that of HijackThis, and select Fix Checked.

Step 2

Note: You will need to save any work before double clicking the fix.bat file because it will automatically restart your computer

  • Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor):
    @echo off
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset all
    shutdown -r -t 10
    del /f /q %0


  • Once you've done that click on File and select Save As...
  • In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  • Name the file fix.bat (the .bat extension is very important)
  • Save the file to your desktop and double click it to run it.
  • Once it runs it will automatically restart your computer
  • Once your computer boots again, check to see if your internet performance has improved

Please let me know how it went.

Share this post


Link to post
Share on other sites

My USB key is invisible from the "normal windows" ... so i pressed f8 and selected safe mode with networking ... run hjt from usb ... deleted the entries ... ran fix.bat from usb ... said something about cannot access wireles and lan when devices are disconnected ... then it hust kept blinking, it didn't restart on it's own

Share this post


Link to post
Share on other sites

it finally restarted ... the internet still doesn't work, can't see wireless nor lan icons in taskbar, fix.bat dissapeared and got a generic file called "all" on the desktop, i also have a dialog box that says:

HP AiO Device Object Server

RegisterClassObjects failed: hRes = 0x800706BA

The RPC server is unavailable.

Maximum retry attempts exceeded

------

N.B: i've been getting this dialog box even before I starting posting my problem

Share this post


Link to post
Share on other sites

Will I be able to reformat the hardrive through an external dvd-rom drive if this fix doesn't work ... i don't mind reinstalling the programs again (the data is on a clean external harddrive anyway).

See, the infection is on one of those small "emachines" computers that don't come with a built-in cd-rom drive.

Can malware, Backdoor.Bot in particular, infect external dvd-rom drives ?

Share this post


Link to post
Share on other sites
Can malware, Backdoor.Bot in particular, infect external dvd-rom drives ?

In my opinion - no.

  • Download OTL (by OldTimer):
    1. OTL.exe
    2. OTL.com
    3. OTL.scr

    [*]Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.

    [*]When the window appears, underneath Output at the top change it to Minimal Output.

    [*]Under the Standard Registry box change it to All.

    [*]Check the boxes beside LOP Check and Purity Check.

    [*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Share this post


Link to post
Share on other sites

Please bear in mind that I ran OTL from safe mode with networking and directly from my USB key since I can't copy/paste on the infected computer.

OTL logfile created on: 1/26/2011 17:01:08 - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = D:\

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 749.00 Mb Available Physical Memory | 74.00% Memory free

916.00 Mb Paging File | 844.00 Mb Available in Paging File | 92.00% Paging File free

Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 138.05 Gb Total Space | 49.32 Gb Free Space | 35.72% Space Free | Partition Type: NTFS

Drive D: | 14.90 Gb Total Space | 13.74 Gb Free Space | 92.23% Space Free | Partition Type: NTFS

Computer Name: EMACHINE-70C055 | User Name: Waheb | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - D:\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - D:\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (VMnetDHCP) -- C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.)

SRV - (VMware NAT Service) -- C:\WINDOWS\system32\vmnat.exe (VMware, Inc.)

SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)

SRV - (VMUSBArbService) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)

SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)

SRV - (ufad-ws60) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (DsiWMIService) -- C:\Program Files\Launch Manager\dsiwmis.exe (Dritek System Inc.)

SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)

SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (Updater Service) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer Group)

SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)

SRV - (hasplms) -- C:\WINDOWS\System32\hasplms.exe (SafeNet Inc.)

SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)

SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (VBoxNetAdp) -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Oracle Corporation)

DRV - (VBoxDrv) -- C:\WINDOWS\system32\drivers\VBoxDrv.sys (Oracle Corporation)

DRV - (VBoxNetFlt) -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys (Oracle Corporation)

DRV - (VBoxUSBMon) -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys (Oracle Corporation)

DRV - (vmci) -- C:\WINDOWS\system32\drivers\vmci.sys (VMware, Inc.)

DRV - (vmx86) -- C:\WINDOWS\system32\drivers\vmx86.sys (VMware, Inc.)

DRV - (vmkbd) -- C:\WINDOWS\system32\drivers\VMkbd.sys (VMware, Inc.)

DRV - (VMnetBridge) -- C:\WINDOWS\system32\drivers\vmnetbridge.sys (VMware, Inc.)

DRV - (VMnetuserif) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys (VMware, Inc.)

DRV - (hcmon) -- C:\WINDOWS\system32\drivers\hcmon.sys (VMware, Inc.)

DRV - (vmusb) -- C:\WINDOWS\system32\drivers\vmusb.sys (VMware, Inc.)

DRV - (VMnetAdapter) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys (VMware, Inc.)

DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)

DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation)

DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)

DRV - (vstor2-ws60) -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)

DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)

DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)

DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)

DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)

DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)

DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()

DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)

DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)

DRV - (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM) -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys ()

DRV - (hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (SafeNet Inc.)

DRV - (VSPerfDrv100) -- C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation)

DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (aksfridge) -- C:\WINDOWS\system32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)

DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)

DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)

DRV - (RsFx0103) -- C:\WINDOWS\system32\drivers\RsFx0103.sys (Microsoft Corporation)

DRV - (SNP325) USB PC Camera (SNPSTD325) -- C:\WINDOWS\system32\drivers\snp325.sys (Sonix Co. Ltd.)

DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=A...84wum5r46n2r739

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...84wum5r46n2r739

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=A...84wum5r46n2r739

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"

FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12

FF - prefs.js..network.proxy.type: 0

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/10/23 16:48:29 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/10/28 21:38:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/11/13 23:30:43 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/11/29 16:25:43 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/29 16:34:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 18:44:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/11/13 23:30:44 | 000,000,000 | ---D | M]

[2010/11/29 16:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Waheb\Application Data\Mozilla\Extensions

[2010/11/29 16:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Waheb\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/11/29 16:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Waheb\Application Data\Mozilla\Firefox\Profiles\7rc0ftad.default\extensions

[2010/11/29 16:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Waheb\Application Data\Mozilla\Firefox\Profiles\7rc0ftad.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/11/29 16:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Waheb\Application Data\Mozilla\Firefox\Profiles\7rc0ftad.default\extensions\staged-xpis

[2010/12/03 09:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/11/29 16:34:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/10/28 21:38:13 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}

[2010/11/29 16:25:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/11/13 23:30:43 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION

[2010/10/27 09:10:18 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/10/27 09:10:20 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/10/27 09:10:21 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2010/11/06 11:37:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/10/27 07:49:27 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/10/27 07:49:27 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/10/27 07:49:27 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/10/27 07:49:27 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/10/27 07:49:27 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/10/27 07:49:27 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/09/29 14:59:38 | 000,000,846 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2008/04/14 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Copernic Desktop Search - Home Toolbar) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000325.dll (Copernic Inc.)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()

O3 - HKLM\..\Toolbar: (IMDb Toolbar) - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files\IMDb Toolbar\IMDbToolbar.9.40.dll (IMDb)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Copernic Desktop Search - Home Toolbar) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000325.dll (Copernic Inc.)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (Sonix Technology Co., Ltd.)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )

O4 - HKLM..\Run: [snp325] C:\WINDOWS\vsnp325.exe ()

O4 - HKLM..\Run: [snuvcdsm] C:\WINDOWS\snuvcdsm.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)

O4 - HKCU..\Run: [sRS Audio Sandbox] C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe (SRS Labs, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hyperappel du Petit Larousse 2010.lnk = C:\Program Files\Larousse\Petit Larousse 2010\bin\Hyperappel.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: ????? ??? &???? Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: ????? ??? Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1287852160203 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1287852515734 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/05/17 01:01:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{32902a4a-ef57-11df-b3b3-78e40092bb10}\Shell\AutoRun\command - "" = E:\urDrive.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/26 01:46:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Waheb\Recent

[2011/01/25 20:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 3

[2011/01/25 20:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\IObit

[2011/01/25 20:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waheb\Application Data\IObit

[2011/01/24 22:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waheb\Application Data\Avira

[2011/01/24 21:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira

[2011/01/24 21:56:39 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2011/01/24 21:56:37 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2011/01/24 21:56:37 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2011/01/24 21:56:37 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2011/01/24 21:56:37 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2011/01/24 21:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2011/01/24 21:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

[2011/01/24 20:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waheb\Desktop\Winzip Self Extractor 4.1

[2011/01/24 20:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZipEC

[2011/01/24 20:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip Courier

[2011/01/24 20:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip Courier

[2011/01/24 20:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waheb\Desktop\Winzip Courier 3.0

[2011/01/24 20:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZipSE

[2011/01/24 20:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip Self-Extractor

[2011/01/24 20:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip Self-Extractor

[2011/01/24 20:15:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waheb\Desktop\Winzip Self Extractor 4.0

[2011/01/23 13:37:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\lhsp

[2011/01/23 13:36:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech

[2011/01/23 13:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waheb\Start Menu\Programs\Casino Verite

[2011/01/23 13:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\QFIT

[2011/01/23 11:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waheb\Application Data\TreeCardGames

[2011/01/23 11:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sudoku Up

[2011/01/23 11:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\Sudoku Up

[2011/01/23 10:58:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waheb\Application Data\MahJong Suite

[2011/01/23 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MahJong Suite

[2011/01/23 10:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\MahJong Suite

[2011/01/23 10:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip

[2011/01/23 10:51:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waheb\Local Settings\Application Data\WinZip

[2011/01/23 10:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip

[2011/01/23 09:48:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waheb\Application Data\avidemux

[2011/01/23 09:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avidemux

[2011/01/23 09:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\Avidemux 2.5

[2011/01/23 08:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waheb\My Documents\e-Sword

[2011/01/23 08:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\e-Sword

[2011/01/23 08:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EzTools

[2011/01/23 08:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\e-Sword

[2011/01/23 08:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waheb\Local Settings\Application Data\Downloaded Installations

[2011/01/19 20:31:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waheb\Application Data\Microsoft FxCop

[2011/01/19 20:15:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft FxCop

[2011/01/19 20:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft FxCop 1.36

[2011/01/19 20:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waheb\Local Settings\Application Data\assembly

[2011/01/19 20:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waheb\Local Settings\Application Data\Deployment

[2010/12/28 14:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waheb\Application Data\LibreOffice

[2010/12/28 14:29:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LibreOffice 3.3

[2010/12/28 14:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\LibreOffice 3

[2010/05/26 19:25:31 | 000,202,112 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll

[2010/05/26 19:25:29 | 000,245,120 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

[2008/05/06 09:07:28 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnp325.dll

[2005/11/23 05:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp325.dll

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/26 16:57:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/01/26 02:09:50 | 000,001,385 | ---- | M] () -- C:\Documents and Settings\Waheb\Desktop\all

[2011/01/26 00:28:46 | 000,000,064 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2011/01/26 00:28:41 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\Waheb\Desktop\KINGSTON (D).lnk

[2011/01/25 21:39:52 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2011/01/25 20:25:52 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job

[2011/01/25 20:18:49 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk

[2011/01/24 21:56:52 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2011/01/24 20:33:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/01/24 18:44:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/01/24 09:14:58 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/01/23 20:00:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2011/01/23 20:00:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2011/01/23 20:00:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2011/01/23 11:29:03 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sudoku Up.lnk

[2011/01/23 10:58:02 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MahJong Suite.lnk

[2011/01/23 10:05:18 | 003,839,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/01/23 09:43:56 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\Waheb\.drjava

[2011/01/23 07:21:04 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\Waheb\Desktop\The New York Times - Breaking News, World News & Multimedia.url

[2011/01/20 21:25:03 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\Minitab Software Update Manager.job

[2011/01/19 12:08:36 | 000,000,038 | ---- | M] () -- C:\WINDOWS\ChssBase.ini

[2011/01/14 13:41:08 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20110114134107.job

[2011/01/14 08:02:05 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1287896517.job

[2011/01/12 10:56:20 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SolSuite.lnk

[2010/12/27 23:26:55 | 000,001,698 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/26 02:09:46 | 000,001,385 | ---- | C] () -- C:\Documents and Settings\Waheb\Desktop\all

[2011/01/26 00:28:46 | 000,000,064 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2011/01/25 20:25:52 | 000,000,388 | ---- | C] () -- C:\WINDOWS\tasks\AWC Update.job

[2011/01/25 20:18:49 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk

[2011/01/24 21:56:52 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2011/01/23 11:29:03 | 000,000,643 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Sudoku Up

[2011/01/23 11:29:03 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sudoku Up.lnk

[2011/01/23 10:58:02 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MahJong Suite

[2011/01/23 10:58:02 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MahJong Suite.lnk

[2011/01/14 13:41:07 | 000,000,464 | ---- | C] () -- C:\WINDOWS\tasks\WebReg 20110114134107.job

[2010/12/23 10:38:44 | 000,001,698 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini

[2010/12/17 15:36:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI

[2010/12/08 11:40:34 | 001,189,064 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1282138258-1060862045-1822439336-1006-0.dat

[2010/12/08 11:40:34 | 000,581,046 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2010/11/25 16:25:34 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll

[2010/11/25 16:25:34 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll

[2010/10/24 07:50:51 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2010/10/24 07:17:12 | 000,000,038 | ---- | C] () -- C:\WINDOWS\ChssBase.ini

[2010/10/23 19:09:38 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\WMIMPLEX.dll

[2010/10/23 19:09:38 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll

[2010/10/23 19:09:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\maplecompat.dll

[2010/10/23 17:44:52 | 000,268,912 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys

[2010/10/23 15:39:54 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Waheb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/26 19:25:32 | 001,766,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys

[2010/05/26 19:25:32 | 000,034,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys

[2010/05/26 19:25:32 | 000,000,378 | ---- | C] () -- C:\WINDOWS\PidList.ini

[2010/05/17 11:40:23 | 000,000,249 | ---- | C] () -- C:\WINDOWS\System32\NonUnicodeSupport.INI

[2010/05/17 03:56:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/05/17 03:10:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2010/05/17 02:15:09 | 000,361,808 | ---- | C] () -- C:\WINDOWS\EMCRI_E.dll

[2010/05/17 01:04:02 | 000,024,264 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2010/05/17 00:59:05 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2009/10/12 13:50:14 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2008/02/21 09:15:46 | 000,003,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\denoise.sys

[2008/01/15 04:31:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini

[2004/02/27 09:36:18 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snp325.ini

[2003/04/07 09:21:58 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/01/25 21:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/11/25 23:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ChessBase

[2010/05/17 02:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eMachines

[2010/11/26 21:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minitab

[2010/11/13 23:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia

[2010/11/13 23:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache

[2010/11/15 20:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Partner

[2010/11/13 23:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2010/12/08 10:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions

[2010/10/28 23:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe

[2010/11/25 16:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel

[2010/11/25 16:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS

[2010/10/23 17:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRS Labs

[2011/01/23 11:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TreeCardGames

[2010/10/23 21:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UniversalisV15

[2010/12/12 20:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent

[2011/01/23 10:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2011/01/24 20:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipEC

[2011/01/24 20:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE

[2011/01/23 09:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waheb\Application Data\avidemux

[2011/01/20 22:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waheb\Application Data\ChessBase

[2010/10/23 18:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waheb\Application Data\Copernic

[2010/11/25 16:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waheb\Application Data\Eclipse

[2011/01/25 20:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waheb\Application Data\IObit

[2010/12/28 14:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waheb\Application Data\LibreOffice

[2010/10/28 20:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waheb\Application Data\Liteon

[2011/01/23 18:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waheb\Application Data\MahJong Suite

[2010/11/22 14:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waheb\Application Data\Maple

[2010/10/26 08:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waheb\Application Data\Mathsoft

[2010/11/13 23:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waheb\Application Data\Nokia

[2010/11/28 22:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waheb\Application Data\OpenOffice.org

[2010/11/29 16:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waheb\Application Data\Opera

[2010/11/13 23:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waheb\Application Data\PC Suite

[2010/12/03 09:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waheb\Application Data\Search Settings

[2011/01/20 20:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waheb\Application Data\SolSuite

[2011/01/23 11:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waheb\Application Data\TreeCardGames

[2010/12/05 21:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waheb\Application Data\TrueCrypt

[2011/01/24 20:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waheb\Application Data\uTorrent

[2010/12/03 09:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waheb\Application Data\YouTube Downloader

[2011/01/23 20:00:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

[2011/01/23 20:00:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

[2011/01/23 20:00:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job

[2011/01/25 20:25:52 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\AWC Update.job

[2011/01/14 08:02:05 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1287896517.job

[2011/01/20 21:25:03 | 000,000,476 | ---- | M] () -- C:\WINDOWS\Tasks\Minitab Software Update Manager.job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 1/26/2011 17:01:08 - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = D:\

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 749.00 Mb Available Physical Memory | 74.00% Memory free

916.00 Mb Paging File | 844.00 Mb Available in Paging File | 92.00% Paging File free

Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 138.05 Gb Total Space | 49.32 Gb Free Space | 35.72% Space Free | Partition Type: NTFS

Drive D: | 14.90 Gb Total Space | 13.74 Gb Free Space | 92.23% Space Free | Partition Type: NTFS

Computer Name: EMACHINE-70C055 | User Name: Waheb | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server

"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server

"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server

"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe" = C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:

Share this post


Link to post
Share on other sites

Downloaded ComboFix to my USB Key as is through Internet Explorer ... ran it on infected machine from USB Key in safemode with networking ... ComboFix told me something about Recovery Console not installed or up-to-date ... it tried to connect to internet but it couldn't ... so it went on with a 50 step scan ... when it was over, i got back taskbar window thing and am now able to copy/paste on infected (that's how I got c:/combofix.txt to this clean machine) .... however I don't know if I can connect to internet (waiting for your instructions)

ComboFix 11-01-25.05 - Waheb 01/26/2011 19:39:37.1.2 - x86 NETWORK

Running from: D:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Install.exe

c:\windows\system32\lsprst7.dll

c:\windows\system32\svchost

c:\windows\system32\svchost\logg.dat

c:\windows\regedit.exe . . . is infected!!

.

((((((((((((((((((((((((( Files Created from 2010-12-26 to 2011-01-26 )))))))))))))))))))))))))))))))

.

2011-01-25 17:18 . 2011-01-25 17:18 -------- d-----w- c:\program files\IObit

2011-01-25 17:18 . 2011-01-25 17:18 -------- d-----w- c:\documents and settings\Waheb\Application Data\IObit

2011-01-25 12:01 . 2011-01-25 12:01 -------- d-----w- c:\documents and settings\Administrator

2011-01-24 19:03 . 2011-01-24 19:03 -------- d-----w- c:\documents and settings\Waheb\Application Data\Avira

2011-01-24 18:56 . 2010-12-13 05:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-01-24 18:56 . 2010-12-13 05:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-01-24 18:56 . 2010-06-17 11:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2011-01-24 18:56 . 2010-06-17 11:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2011-01-24 18:56 . 2011-01-24 18:56 -------- d-----w- c:\program files\Avira

2011-01-24 18:56 . 2011-01-24 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-01-24 17:32 . 2011-01-24 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZipEC

2011-01-24 17:32 . 2011-01-24 17:32 -------- d-----w- c:\program files\WinZip Courier

2011-01-24 17:20 . 2011-01-24 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZipSE

2011-01-24 17:20 . 2011-01-24 17:20 -------- d-----w- c:\program files\WinZip Self-Extractor

2011-01-23 10:37 . 2011-01-23 10:37 -------- d-----w- c:\windows\lhsp

2011-01-23 10:36 . 2011-01-23 10:36 -------- d-----w- c:\windows\speech

2011-01-23 10:36 . 2011-01-23 10:36 -------- d-----w- c:\program files\QFIT

2011-01-23 08:29 . 2011-01-23 08:29 -------- d-----w- c:\documents and settings\Waheb\Application Data\TreeCardGames

2011-01-23 08:28 . 2011-01-23 08:29 -------- d-----w- c:\program files\Sudoku Up

2011-01-23 07:58 . 2011-01-23 15:32 -------- d-----w- c:\documents and settings\Waheb\Application Data\MahJong Suite

2011-01-23 07:57 . 2011-01-23 09:12 -------- d-----w- c:\program files\MahJong Suite

2011-01-23 07:51 . 2011-01-23 07:51 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\WinZip

2011-01-23 06:48 . 2011-01-23 06:50 -------- d-----w- c:\documents and settings\Waheb\Application Data\avidemux

2011-01-23 06:48 . 2011-01-23 06:48 -------- d-----w- c:\program files\Avidemux 2.5

2011-01-23 05:07 . 2011-01-24 16:11 -------- d-----w- c:\program files\e-Sword

2011-01-23 05:07 . 2011-01-23 05:07 -------- d-----w- c:\program files\Common Files\EzTools

2011-01-23 05:07 . 2011-01-23 05:07 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\Downloaded Installations

2011-01-19 17:31 . 2011-01-19 17:31 -------- d-----w- c:\documents and settings\Waheb\Application Data\Microsoft FxCop

2011-01-19 17:15 . 2011-01-19 17:15 -------- d-----w- c:\program files\Microsoft FxCop 1.36

2011-01-19 17:03 . 2011-01-19 17:03 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\assembly

2011-01-19 17:03 . 2011-01-19 17:03 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\Deployment

2010-12-28 11:31 . 2010-12-28 11:31 -------- d-----w- c:\documents and settings\Waheb\Application Data\LibreOffice

2010-12-28 11:27 . 2010-12-28 11:29 -------- d-----w- c:\program files\LibreOffice 3

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-17 13:02 . 2010-12-17 13:02 100843 ----a-w- c:\windows\SVCFilterDesign Uninstaller.exe

2010-12-17 13:02 . 2010-12-17 13:02 141567 ----a-w- c:\windows\PIEL Uninstaller.exe

2010-12-17 13:01 . 2010-12-17 13:01 126948 ----a-w- c:\windows\MeterBasic Uninstaller.exe

2010-12-17 13:01 . 2010-12-17 13:01 173041 ----a-w- c:\windows\Helical Uninstaller.exe

2010-12-17 13:01 . 2010-12-17 13:01 219975 ----a-w- c:\windows\Diplexer Uninstaller.exe

2010-12-08 08:13 . 2010-12-08 06:55 2478272 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2010-12-08 06:56 . 2010-12-08 06:56 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll

2010-12-01 10:44 . 2010-12-01 10:44 100560 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2010-12-01 10:44 . 2010-12-10 20:26 143248 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2010-12-01 10:44 . 2010-12-10 20:26 41936 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2010-12-01 10:44 . 2010-12-01 10:44 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll

2010-12-01 10:44 . 2010-12-01 10:44 111504 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2010-11-29 13:25 . 2010-11-29 13:25 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-29 13:25 . 2010-10-23 16:25 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-26 20:30 . 2010-11-26 19:04 67 ----a-w- c:\documents and settings\Waheb\update.bat

2010-11-22 11:30 . 2010-10-23 16:09 31744 ----a-w- c:\windows\system32\maplec.dll

2010-11-22 11:30 . 2010-10-23 16:09 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll

2010-11-22 11:30 . 2010-10-23 16:09 20480 ----a-w- c:\windows\system32\maplecompat.dll

2010-11-18 18:12 . 2010-05-16 21:59 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-11 10:48 . 2010-11-11 10:48 70768 ----a-w- c:\windows\system32\drivers\vmci.sys

2010-11-11 10:48 . 2010-11-11 10:48 854128 ----a-w- c:\windows\system32\drivers\vmx86.sys

2010-11-11 10:48 . 2010-12-10 23:07 334448 ----a-w- c:\windows\system32\vmnetdhcp.exe

2010-11-11 10:48 . 2010-12-10 23:07 404080 ----a-w- c:\windows\system32\vmnat.exe

2010-11-11 10:47 . 2010-12-10 23:07 760432 ----a-w- c:\windows\system32\vnetlib.dll

2010-11-11 10:47 . 2010-12-10 23:06 24688 ----a-w- c:\windows\system32\drivers\VMkbd.sys

2010-11-11 10:46 . 2010-11-11 10:46 51312 ----a-w- c:\windows\system32\vmnetbridge.dll

2010-11-11 10:46 . 2010-11-11 10:46 32752 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys

2010-11-11 10:46 . 2010-12-10 23:07 26352 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys

2010-11-11 09:31 . 2010-11-11 09:31 32368 ----a-w- c:\windows\system32\drivers\hcmon.sys

2010-11-11 09:04 . 2010-11-11 09:04 252528 ----a-w- c:\windows\system32\vmnc.dll

2010-11-11 07:04 . 2010-11-11 07:04 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys

2010-11-11 07:04 . 2010-11-11 07:04 59952 ----a-w- c:\windows\system32\vnetinst.dll

2010-11-11 07:04 . 2010-11-11 07:04 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys

2010-11-11 07:04 . 2010-11-11 07:04 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys

2010-11-09 14:52 . 2010-05-17 08:40 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-07 17:17 . 2010-10-23 16:48 333840 ----a-w- c:\windows\system32\mltcpip32.mlp

2010-11-07 17:17 . 2010-10-23 16:48 93712 ----a-w- c:\windows\system32\mltcp32.mlp

2010-11-07 17:17 . 2010-10-23 16:48 88080 ----a-w- c:\windows\system32\mlshm32.mlp

2010-11-07 17:17 . 2010-10-23 16:48 167952 ----a-w- c:\windows\system32\mlmodule32.dll

2010-11-07 17:17 . 2010-10-23 16:48 79376 ----a-w- c:\windows\system32\mlmap32.mlp

2010-11-07 17:16 . 2010-10-23 16:48 369680 ----a-w- c:\windows\system32\ml32i3.dll

2010-11-07 17:16 . 2010-10-23 16:48 260112 ----a-w- c:\windows\system32\ml32i2.dll

2010-11-07 17:16 . 2010-10-23 16:48 253968 ----a-w- c:\windows\system32\ml32i1.dll

2010-11-06 00:26 . 2010-05-17 08:40 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26 . 2010-05-17 08:40 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26 . 2010-05-17 08:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25 . 2010-05-17 08:40 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2010-05-17 08:40 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-11-01 11:27 . 2010-11-01 11:27 217088 ----a-w- c:\windows\system32\DownloadXPro.dll

2010-10-29 05:10 . 2008-08-14 04:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EA582743-9076-4178-9AA6-7393FDF4D5CE}"= "c:\program files\IMDb Toolbar\IMDbToolbar.9.40.dll" [2010-05-06 1026560]

[HKEY_CLASSES_ROOT\clsid\{ea582743-9076-4178-9aa6-7393fdf4d5ce}]

[HKEY_CLASSES_ROOT\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-01-07 3216664]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-16 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-16 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-16 141336]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]

"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]

"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-04-08 908368]

"PLFSetL"="c:\windows\PLFSetL.exe" [2010-02-12 99712]

"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2010-02-12 202112]

"snuvcdsm"="c:\windows\snuvcdsm.exe" [2010-02-12 30080]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-04-13 248440]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-10-29 611712]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-09-23 38840]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-11-11 129648]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-12 607584]

hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]

hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

Hyperappel du Petit Larousse 2010.lnk - c:\program files\Larousse\Petit Larousse 2010\bin\Hyperappel.exe [2010-10-23 237568]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\Maple 13\\jre\\bin\\maple.exe"=

"c:\\Program Files\\eclipse\\eclipse.exe"=

"c:\\Program Files\\Maple 13\\jre\\bin\\java.exe"=

"c:\\Program Files\\Maxima-5.22.1\\bin\\xmaxima.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=

"c:\\Program Files\\Maple 14\\jre\\bin\\maple.exe"=

"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\WinWrapIDE.exe"=

"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\stats.exe"=

"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\stats.com"=

"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\JRE\\bin\\javaw.exe"=

"c:\\WINDOWS\\system32\\hasplms.exe"=

"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\Mathematica.exe"=

"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\MathKernel.exe"=

"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\math.exe"=

"c:\\Program Files\\Opera 11.00 beta\\opera.exe"=

"c:\\Program Files\\Le Petit Robert 2009 (3.2)\\RobertHA.exe"=

"c:\\Program Files\\Le Petit Robert 2009 (3.2)\\prnet.exe"=

"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\Mathematica.exe"=

"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\MathKernel.exe"=

"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\math.exe"=

"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server

"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server

"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-12-01 143248]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-12-01 41936]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-04-08 312400]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 135664]

R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]

R2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]

R2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-11-11 70768]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]

R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-10-29 288112]

R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-17 1691480]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]

R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [2009-01-13 451456]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]

S3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1c51x86.sys [2010-03-04 60456]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-01 100560]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-12-01 111504]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PXHELP20

.

Contents of the 'Scheduled Tasks' folder

2011-01-25 c:\windows\Tasks\AWC Update.job

- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2011-01-25 08:08]

2011-01-14 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8287896517.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 21:52]

2011-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 14:22]

2011-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 14:22]

2011-01-20 c:\windows\Tasks\Minitab Software Update Manager.job

- c:\program files\Common Files\Minitab Shared\Software Manager\SoftwareManager.exe [2010-03-25 06:45]

2011-01-14 c:\windows\Tasks\WebReg 20110114134107.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe [2003-04-05 22:01]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0401&m=em350&r=0xph1010n125l0484wum5r46n2r739

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE:

Share this post


Link to post
Share on other sites

I restarted the infected computer after the scan ... got everything back as before infection (at least in appearance) except for:

- in addition to wireless and lan icons, i have a third icon called "VirtualBox Host-Only Network" (internet works by the way)

- Internet Explorer tells me that it's not the default browser

- hp was installing something, however didn't get task "printer" icon back. maybe I should restart again.

What next ?

Share this post


Link to post
Share on other sites

I ran Combofix again but this time in "normal Windows" (not safemode) with internet on ... it downloaded recovery sp2 ... here's the new log:

ComboFix 11-01-25.05 - Waheb 01/26/2011 22:12:31.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1256.966.1033.18.1013.413 [GMT 3:00]

Running from: d:\miscellaneous\Software\Security Software\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((( Files Created from 2010-12-26 to 2011-01-26 )))))))))))))))))))))))))))))))

.

2011-01-26 18:29 . 2010-12-20 15:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-26 18:29 . 2011-01-26 18:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-26 18:29 . 2010-12-20 15:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-25 17:18 . 2011-01-25 17:18 -------- d-----w- c:\program files\IObit

2011-01-25 17:18 . 2011-01-25 17:18 -------- d-----w- c:\documents and settings\Waheb\Application Data\IObit

2011-01-25 12:01 . 2011-01-25 12:01 -------- d-----w- c:\documents and settings\Administrator

2011-01-24 19:03 . 2011-01-24 19:03 -------- d-----w- c:\documents and settings\Waheb\Application Data\Avira

2011-01-24 18:56 . 2010-12-13 05:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-01-24 18:56 . 2010-12-13 05:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-01-24 18:56 . 2010-06-17 11:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2011-01-24 18:56 . 2010-06-17 11:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2011-01-24 18:56 . 2011-01-24 18:56 -------- d-----w- c:\program files\Avira

2011-01-24 18:56 . 2011-01-24 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-01-24 17:32 . 2011-01-24 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZipEC

2011-01-24 17:32 . 2011-01-24 17:32 -------- d-----w- c:\program files\WinZip Courier

2011-01-24 17:20 . 2011-01-24 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZipSE

2011-01-24 17:20 . 2011-01-24 17:20 -------- d-----w- c:\program files\WinZip Self-Extractor

2011-01-23 10:37 . 2011-01-23 10:37 -------- d-----w- c:\windows\lhsp

2011-01-23 10:36 . 2011-01-23 10:36 -------- d-----w- c:\windows\speech

2011-01-23 10:36 . 2011-01-23 10:36 -------- d-----w- c:\program files\QFIT

2011-01-23 08:29 . 2011-01-23 08:29 -------- d-----w- c:\documents and settings\Waheb\Application Data\TreeCardGames

2011-01-23 08:28 . 2011-01-23 08:29 -------- d-----w- c:\program files\Sudoku Up

2011-01-23 07:58 . 2011-01-23 15:32 -------- d-----w- c:\documents and settings\Waheb\Application Data\MahJong Suite

2011-01-23 07:57 . 2011-01-23 09:12 -------- d-----w- c:\program files\MahJong Suite

2011-01-23 07:51 . 2011-01-23 07:51 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\WinZip

2011-01-23 06:48 . 2011-01-23 06:50 -------- d-----w- c:\documents and settings\Waheb\Application Data\avidemux

2011-01-23 06:48 . 2011-01-23 06:48 -------- d-----w- c:\program files\Avidemux 2.5

2011-01-23 05:07 . 2011-01-24 16:11 -------- d-----w- c:\program files\e-Sword

2011-01-23 05:07 . 2011-01-23 05:07 -------- d-----w- c:\program files\Common Files\EzTools

2011-01-23 05:07 . 2011-01-23 05:07 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\Downloaded Installations

2011-01-19 17:31 . 2011-01-19 17:31 -------- d-----w- c:\documents and settings\Waheb\Application Data\Microsoft FxCop

2011-01-19 17:15 . 2011-01-19 17:15 -------- d-----w- c:\program files\Microsoft FxCop 1.36

2011-01-19 17:03 . 2011-01-19 17:03 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\assembly

2011-01-19 17:03 . 2011-01-19 17:03 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\Deployment

2010-12-28 11:31 . 2010-12-28 11:31 -------- d-----w- c:\documents and settings\Waheb\Application Data\LibreOffice

2010-12-28 11:27 . 2010-12-28 11:29 -------- d-----w- c:\program files\LibreOffice 3

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-17 13:02 . 2010-12-17 13:02 100843 ----a-w- c:\windows\SVCFilterDesign Uninstaller.exe

2010-12-17 13:02 . 2010-12-17 13:02 141567 ----a-w- c:\windows\PIEL Uninstaller.exe

2010-12-17 13:01 . 2010-12-17 13:01 126948 ----a-w- c:\windows\MeterBasic Uninstaller.exe

2010-12-17 13:01 . 2010-12-17 13:01 173041 ----a-w- c:\windows\Helical Uninstaller.exe

2010-12-17 13:01 . 2010-12-17 13:01 219975 ----a-w- c:\windows\Diplexer Uninstaller.exe

2010-12-08 08:13 . 2010-12-08 06:55 2478272 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2010-12-08 06:56 . 2010-12-08 06:56 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll

2010-12-01 10:44 . 2010-12-01 10:44 100560 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2010-12-01 10:44 . 2010-12-10 20:26 143248 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2010-12-01 10:44 . 2010-12-10 20:26 41936 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2010-12-01 10:44 . 2010-12-01 10:44 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll

2010-12-01 10:44 . 2010-12-01 10:44 111504 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2010-11-29 13:25 . 2010-11-29 13:25 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-29 13:25 . 2010-10-23 16:25 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-26 20:30 . 2010-11-26 19:04 67 ----a-w- c:\documents and settings\Waheb\update.bat

2010-11-22 11:30 . 2010-10-23 16:09 31744 ----a-w- c:\windows\system32\maplec.dll

2010-11-22 11:30 . 2010-10-23 16:09 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll

2010-11-22 11:30 . 2010-10-23 16:09 20480 ----a-w- c:\windows\system32\maplecompat.dll

2010-11-18 18:12 . 2010-05-16 21:59 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-11 10:48 . 2010-11-11 10:48 70768 ----a-w- c:\windows\system32\drivers\vmci.sys

2010-11-11 10:48 . 2010-11-11 10:48 854128 ----a-w- c:\windows\system32\drivers\vmx86.sys

2010-11-11 10:48 . 2010-12-10 23:07 334448 ----a-w- c:\windows\system32\vmnetdhcp.exe

2010-11-11 10:48 . 2010-12-10 23:07 404080 ----a-w- c:\windows\system32\vmnat.exe

2010-11-11 10:47 . 2010-12-10 23:07 760432 ----a-w- c:\windows\system32\vnetlib.dll

2010-11-11 10:47 . 2010-12-10 23:06 24688 ----a-w- c:\windows\system32\drivers\VMkbd.sys

2010-11-11 10:46 . 2010-11-11 10:46 51312 ----a-w- c:\windows\system32\vmnetbridge.dll

2010-11-11 10:46 . 2010-11-11 10:46 32752 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys

2010-11-11 10:46 . 2010-12-10 23:07 26352 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys

2010-11-11 09:31 . 2010-11-11 09:31 32368 ----a-w- c:\windows\system32\drivers\hcmon.sys

2010-11-11 09:04 . 2010-11-11 09:04 252528 ----a-w- c:\windows\system32\vmnc.dll

2010-11-11 07:04 . 2010-11-11 07:04 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys

2010-11-11 07:04 . 2010-11-11 07:04 59952 ----a-w- c:\windows\system32\vnetinst.dll

2010-11-11 07:04 . 2010-11-11 07:04 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys

2010-11-11 07:04 . 2010-11-11 07:04 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys

2010-11-09 14:52 . 2010-05-17 08:40 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-07 17:17 . 2010-10-23 16:48 333840 ----a-w- c:\windows\system32\mltcpip32.mlp

2010-11-07 17:17 . 2010-10-23 16:48 93712 ----a-w- c:\windows\system32\mltcp32.mlp

2010-11-07 17:17 . 2010-10-23 16:48 88080 ----a-w- c:\windows\system32\mlshm32.mlp

2010-11-07 17:17 . 2010-10-23 16:48 167952 ----a-w- c:\windows\system32\mlmodule32.dll

2010-11-07 17:17 . 2010-10-23 16:48 79376 ----a-w- c:\windows\system32\mlmap32.mlp

2010-11-07 17:16 . 2010-10-23 16:48 369680 ----a-w- c:\windows\system32\ml32i3.dll

2010-11-07 17:16 . 2010-10-23 16:48 260112 ----a-w- c:\windows\system32\ml32i2.dll

2010-11-07 17:16 . 2010-10-23 16:48 253968 ----a-w- c:\windows\system32\ml32i1.dll

2010-11-06 00:26 . 2010-05-17 08:40 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26 . 2010-05-17 08:40 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26 . 2010-05-17 08:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25 . 2010-05-17 08:40 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2010-05-17 08:40 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-11-01 11:27 . 2010-11-01 11:27 217088 ----a-w- c:\windows\system32\DownloadXPro.dll

2010-10-29 05:10 . 2008-08-14 04:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys

.

((((((((((((((((((((((((((((( SnapShot@2011-01-26_16.59.39 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-01-26 18:50 . 2011-01-26 18:50 16384 c:\windows\temp\Perflib_Perfdata_dd4.dat

+ 2011-01-26 18:51 . 2011-01-26 18:51 16384 c:\windows\temp\Perflib_Perfdata_a10.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EA582743-9076-4178-9AA6-7393FDF4D5CE}"= "c:\program files\IMDb Toolbar\IMDbToolbar.9.40.dll" [2010-05-06 1026560]

[HKEY_CLASSES_ROOT\clsid\{ea582743-9076-4178-9aa6-7393fdf4d5ce}]

[HKEY_CLASSES_ROOT\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-01-07 3216664]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-16 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-16 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-16 141336]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]

"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]

"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-04-08 908368]

"PLFSetL"="c:\windows\PLFSetL.exe" [2010-02-12 99712]

"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2010-02-12 202112]

"snuvcdsm"="c:\windows\snuvcdsm.exe" [2010-02-12 30080]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-04-13 248440]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-10-29 611712]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-09-23 38840]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-11-11 129648]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-12 607584]

hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]

hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

Hyperappel du Petit Larousse 2010.lnk - c:\program files\Larousse\Petit Larousse 2010\bin\Hyperappel.exe [2010-10-23 237568]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\Maple 13\\jre\\bin\\maple.exe"=

"c:\\Program Files\\eclipse\\eclipse.exe"=

"c:\\Program Files\\Maple 13\\jre\\bin\\java.exe"=

"c:\\Program Files\\Maxima-5.22.1\\bin\\xmaxima.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=

"c:\\Program Files\\Maple 14\\jre\\bin\\maple.exe"=

"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\WinWrapIDE.exe"=

"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\stats.exe"=

"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\stats.com"=

"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\JRE\\bin\\javaw.exe"=

"c:\\WINDOWS\\system32\\hasplms.exe"=

"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\Mathematica.exe"=

"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\MathKernel.exe"=

"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\math.exe"=

"c:\\Program Files\\Opera 11.00 beta\\opera.exe"=

"c:\\Program Files\\Le Petit Robert 2009 (3.2)\\RobertHA.exe"=

"c:\\Program Files\\Le Petit Robert 2009 (3.2)\\prnet.exe"=

"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\Mathematica.exe"=

"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\MathKernel.exe"=

"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\math.exe"=

"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server

"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server

"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [12/10/2010 23:26 143248]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [12/10/2010 23:26 41936]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/24/2011 21:56 135336]

R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [5/17/2010 11:40 312400]

R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]

R2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [5/17/2010 02:33 243232]

R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [11/11/2010 13:48 70768]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [11/11/2010 12:31 539248]

R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [5/17/2010 11:40 60456]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/1/2010 13:44 100560]

R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [12/1/2010 13:44 111504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 13:16 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/23/2010 17:22 135664]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 05:46 288112]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/17/2010 02:11 1691480]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [1/21/2010 17:51 30963576]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [11/13/2010 23:29 137344]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [11/13/2010 23:29 8320]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 20:37 4640000]

S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [1/13/2009 03:00 451456]

S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 13:37 517096]

S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [12/8/2009 21:24 48128]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 13:16 753504]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/23/2009 06:08 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 03:09 239336]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 03:23 366936]

.

Contents of the 'Scheduled Tasks' folder

2011-01-14 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8287896517.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 21:52]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 14:22]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 14:22]

2011-01-26 c:\windows\Tasks\Minitab Software Update Manager.job

- c:\program files\Common Files\Minitab Shared\Software Manager\SoftwareManager.exe [2010-03-25 06:45]

2011-01-14 c:\windows\Tasks\WebReg 20110114134107.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe [2003-04-05 22:01]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0401&m=em350&r=0xph1010n125l0484wum5r46n2r739

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE:

Share this post


Link to post
Share on other sites

Now that I can connect to the internet, here's the log you wanted on csnp2uvc.dll from virustotal:

File name: csnp2uvc.dll

Submission date: 2011-01-26 20:12:03 (UTC)

Current status: queued (#87) queued analysing finished

Result: 0/ 43 (0.0%)

Antivirus Version Last Update Result

AhnLab-V3 2011.01.18.00 2011.01.17 -

AntiVir 7.11.2.0 2011.01.26 -

Antiy-AVL 2.0.3.7 2011.01.26 -

Avast 4.8.1351.0 2011.01.26 -

Avast5 5.0.677.0 2011.01.26 -

AVG 10.0.0.1190 2011.01.26 -

BitDefender 7.2 2011.01.26 -

CAT-QuickHeal 11.00 2011.01.25 -

ClamAV 0.96.4.0 2011.01.26 -

Commtouch 5.2.11.5 2011.01.26 -

Comodo 7511 2011.01.26 -

DrWeb 5.0.2.03300 2011.01.26 -

Emsisoft 5.1.0.1 2011.01.26 -

eSafe 7.0.17.0 2011.01.24 -

eTrust-Vet 36.1.8121 2011.01.26 -

F-Prot 4.6.2.117 2011.01.26 -

F-Secure 9.0.16160.0 2011.01.26 -

Fortinet 4.2.254.0 2011.01.26 -

GData 21 2011.01.26 -

Ikarus T3.1.1.97.0 2011.01.26 -

Jiangmin 13.0.900 2011.01.26 -

K7AntiVirus 9.78.3650 2011.01.26 -

Kaspersky 7.0.0.125 2011.01.26 -

McAfee 5.400.0.1158 2011.01.26 -

McAfee-GW-Edition 2010.1C 2011.01.26 -

Microsoft 1.6502 2011.01.26 -

NOD32 5822 2011.01.26 -

Norman 6.06.12 2011.01.26 -

nProtect 2011-01-18.01 2011.01.18 -

Panda 10.0.3.5 2011.01.26 -

PCTools 7.0.3.5 2011.01.26 -

Prevx 3.0 2011.01.26 -

Rising 23.42.02.03 2011.01.26 -

Sophos 4.61.0 2011.01.26 -

SUPERAntiSpyware 4.40.0.1006 2011.01.26 -

Symantec 20101.3.0.103 2011.01.26 -

TheHacker 6.7.0.1.120 2011.01.26 -

TrendMicro 9.120.0.1004 2011.01.26 -

TrendMicro-HouseCall 9.120.0.1004 2011.01.26 -

VBA32 3.12.14.3 2011.01.26 -

VIPRE 8206 2011.01.26 -

ViRobot 2011.1.26.4276 2011.01.26 -

VirusBuster 13.6.166.0 2011.01.26 -

Additional informationShow all

MD5 : f496a87e4fcb078a98348dbf20f2fc2c

SHA1 : d4b4899438a868cf696efdc9db6efb6381203ccc

SHA256: 1722092d7c25dbfc32c5eaf3898ea92d3cce98124f7612f86da28f360e2d644b

ssdeep: 3072:TtVyQ1oCTmXNKLiPa8t0rJiA9Sws5xvcKO:TtJlmXNHUjLYnO

File size : 202112 bytes

First seen: 2010-06-26 15:55:04

Last seen : 2011-01-26 20:12:03

TrID:

Win64 Executable Generic (59.6%)

Win32 Executable MS Visual C++ (generic) (26.2%)

Win32 Executable Generic (5.9%)

Win32 Dynamic Link Library (generic) (5.2%)

Generic Win/DOS Executable (1.3%)

sigcheck:

publisher....:

copyright....: Copyright © 2003-2007

product......: InstallUtil

description..: The utilities for device installation

original name: InstallUtil.dll

internal name: InstallUtil

file version.: 1, 0, 7, 0

comments.....: n/a

signers......: SONIX TECHNOLOGY CO. , LTD

VeriSign Class 3 Code Signing 2009-2 CA

Class 3 Public Primary Certification Authority

signing date.: 9:11 AM 2/12/2010

verified.....: -

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x5466

timedatestamp....: 0x499940C3 (Mon Feb 16 10:32:35 2009)

machinetype......: 0x14c (I386)

[[ 5 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x21201, 0x22000, 6.59, 650ce520a75af53dd94208b9f2d0bf00

.rdata, 0x23000, 0x7311, 0x8000, 5.95, e5d372a13e6e050187b61d4765ce61c7

.data, 0x2B000, 0x2E38, 0x2000, 1.66, 6e557746f61e59737b2a3b88d14dc7ca

.rsrc, 0x2E000, 0x3EC, 0x1000, 3.72, c94cd7b5f7d8874f4e36ceed2d50c6f9

.reloc, 0x2F000, 0x194E, 0x2000, 5.84, 836b8bcc137b95951a64402dd4513d5b

[[ 6 import(s) ]]

SETUPAPI.dll: SetupDiGetDeviceInstanceIdA, SetupDiGetDriverInfoDetailA, SetupDiGetSelectedDriverA, SetupDiGetDeviceInstallParamsA, SetupDiCallClassInstaller, SetupDiSetClassInstallParamsA, SetupDiOpenDevRegKey, CM_Reenumerate_DevNode, CM_Locate_DevNodeA, SetupDiDestroyDeviceInfoList, SetupDiGetDeviceRegistryPropertyA, SetupDiEnumDeviceInfo, SetupOpenInfFileA, SetupDiGetClassDevsA

KERNEL32.dll: GetCurrentProcess, GetPrivateProfileSectionA, GetPrivateProfileSectionNamesA, GetWindowsDirectoryA, GetVersionExA, Sleep, OutputDebugStringA, GetLastError, MultiByteToWideChar, LocalFree, InitializeCriticalSection, GetModuleHandleA, WideCharToMultiByte, lstrcpyW, GetPrivateProfileStringA, GetCurrentDirectoryA, CreateFileA, FlushFileBuffers, SetStdHandle, HeapSize, SetConsoleCtrlHandler, FreeLibrary, InterlockedExchange, LoadLibraryA, GetTimeZoneInformation, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetEndOfFile, ReadFile, GetLocaleInfoW, CompareStringA, CompareStringW, GetProcAddress, GetCPInfo, GetConsoleMode, GetConsoleCP, SetFilePointer, WriteFile, HeapReAlloc, VirtualAlloc, IsValidLocale, EnumSystemLocalesA, RtlUnwind, GetCurrentThreadId, GetCommandLineA, HeapFree, HeapAlloc, GetProcessHeap, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, SetEnvironmentVariableA, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThread, LCMapStringA, LCMapStringW, RaiseException, CloseHandle, EnterCriticalSection, LeaveCriticalSection, ExitProcess, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, GetStringTypeA, GetStringTypeW, FatalAppExitA, GetTimeFormatA, GetDateFormatA, GetUserDefaultLCID, GetLocaleInfoA

USER32.dll: wsprintfA, MessageBoxA, ExitWindowsEx

ADVAPI32.dll: BuildExplicitAccessWithNameA, SetEntriesInAclA, SetNamedSecurityInfoA, RegEnumKeyExA, RegEnumKeyA, RegOpenKeyExA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegCreateKeyExA, RegQueryValueExA, RegSetValueExA, RegCloseKey, GetNamedSecurityInfoA

SHELL32.dll: SHGetSpecialFolderPathA, ShellExecuteA

ole32.dll: CoCreateInstance, CoInitialize, CoSetProxyBlanket, CoUninitialize

[[ 11 export(s) ]]

CoInstaller, CreateAutorunShortcut, DelHwKey, DoShellExecute, GetOSVersion, LoadReg, LoadRegAndReboot, Rescan, ResetCIDS, SetDevInterfName, SwitchHdDma

ExifTool:

file metadata

CharacterSet: Unicode

CodeSize: 139264

CompanyName:

EntryPoint: 0x5466

FileDescription: The utilities for device installation

FileFlagsMask: 0x0017

FileOS: Windows NT 32-bit

FileSize: 197 kB

FileSubtype: 0

FileType: Win32 DLL

FileVersion: 1, 0, 7, 0

FileVersionNumber: 1.0.7.0

ImageVersion: 0.0

InitializedDataSize: 53248

InternalName: InstallUtil

LanguageCode: Chinese (Traditional)

LegalCopyright: Copyright © 2003-2007

LinkerVersion: 8.0

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 4.0

ObjectFileType: Dynamic link library

OriginalFilename: InstallUtil.dll

PEType: PE32

ProductName: InstallUtil

ProductVersion: 1, 0, 7, 0

ProductVersionNumber: 1.0.7.0

Subsystem: Windows GUI

SubsystemVersion: 4.0

TimeStamp: 2009:02:16 11:32:35+01:00

UninitializedDataSize: 0

Share this post


Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

SecCenter::
{7591DB91-41F0-48A3-B128-1A293FD8233D}

Registry::
[-HKEY_CLASSES_ROOT\clsid\{ea582743-9076-4178-9aa6-7393fdf4d5ce}]
[-HKEY_CLASSES_ROOT\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}]

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Share this post


Link to post
Share on other sites

ComboFix 11-01-25.05 - Waheb 01/27/2011 1:08.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1256.966.1033.18.1013.325 [GMT 3:00]

Running from: d:\miscellaneous\Software\Security Software\ComboFix.exe

Command switches used :: c:\documents and settings\Waheb\Desktop\CFScript.txt

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

Infected copy of c:\windows\system32\userinit.exe was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\userinit.exe

.

((((((((((((((((((((((((( Files Created from 2010-12-26 to 2011-01-26 )))))))))))))))))))))))))))))))

.

2011-01-26 21:05 . 2011-01-26 21:05 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\WinZip Courier

2011-01-26 20:26 . 2011-01-26 20:26 -------- d-----w- c:\windows\system32\NtmsData

2011-01-26 18:29 . 2010-12-20 15:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-26 18:29 . 2011-01-26 18:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-26 18:29 . 2010-12-20 15:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-25 17:18 . 2011-01-25 17:18 -------- d-----w- c:\program files\IObit

2011-01-25 17:18 . 2011-01-25 17:18 -------- d-----w- c:\documents and settings\Waheb\Application Data\IObit

2011-01-25 12:01 . 2011-01-25 12:01 -------- d-----w- c:\documents and settings\Administrator

2011-01-24 19:03 . 2011-01-24 19:03 -------- d-----w- c:\documents and settings\Waheb\Application Data\Avira

2011-01-24 18:56 . 2010-12-13 05:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-01-24 18:56 . 2010-12-13 05:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-01-24 18:56 . 2010-06-17 11:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2011-01-24 18:56 . 2010-06-17 11:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2011-01-24 18:56 . 2011-01-24 18:56 -------- d-----w- c:\program files\Avira

2011-01-24 18:56 . 2011-01-24 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-01-24 17:32 . 2011-01-24 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZipEC

2011-01-24 17:32 . 2011-01-24 17:32 -------- d-----w- c:\program files\WinZip Courier

2011-01-24 17:20 . 2011-01-24 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZipSE

2011-01-24 17:20 . 2011-01-24 17:20 -------- d-----w- c:\program files\WinZip Self-Extractor

2011-01-23 10:37 . 2011-01-23 10:37 -------- d-----w- c:\windows\lhsp

2011-01-23 10:36 . 2011-01-23 10:36 -------- d-----w- c:\windows\speech

2011-01-23 10:36 . 2011-01-23 10:36 -------- d-----w- c:\program files\QFIT

2011-01-23 08:29 . 2011-01-23 08:29 -------- d-----w- c:\documents and settings\Waheb\Application Data\TreeCardGames

2011-01-23 08:28 . 2011-01-23 08:29 -------- d-----w- c:\program files\Sudoku Up

2011-01-23 07:58 . 2011-01-23 15:32 -------- d-----w- c:\documents and settings\Waheb\Application Data\MahJong Suite

2011-01-23 07:57 . 2011-01-23 09:12 -------- d-----w- c:\program files\MahJong Suite

2011-01-23 07:51 . 2011-01-23 07:51 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\WinZip

2011-01-23 06:48 . 2011-01-23 06:50 -------- d-----w- c:\documents and settings\Waheb\Application Data\avidemux

2011-01-23 06:48 . 2011-01-23 06:48 -------- d-----w- c:\program files\Avidemux 2.5

2011-01-23 05:07 . 2011-01-24 16:11 -------- d-----w- c:\program files\e-Sword

2011-01-23 05:07 . 2011-01-23 05:07 -------- d-----w- c:\program files\Common Files\EzTools

2011-01-23 05:07 . 2011-01-23 05:07 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\Downloaded Installations

2011-01-19 17:31 . 2011-01-19 17:31 -------- d-----w- c:\documents and settings\Waheb\Application Data\Microsoft FxCop

2011-01-19 17:15 . 2011-01-19 17:15 -------- d-----w- c:\program files\Microsoft FxCop 1.36

2011-01-19 17:03 . 2011-01-19 17:03 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\assembly

2011-01-19 17:03 . 2011-01-19 17:03 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\Deployment

2010-12-28 11:31 . 2010-12-28 11:31 -------- d-----w- c:\documents and settings\Waheb\Application Data\LibreOffice

2010-12-28 11:27 . 2010-12-28 11:29 -------- d-----w- c:\program files\LibreOffice 3

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-17 13:02 . 2010-12-17 13:02 100843 ----a-w- c:\windows\SVCFilterDesign Uninstaller.exe

2010-12-17 13:02 . 2010-12-17 13:02 141567 ----a-w- c:\windows\PIEL Uninstaller.exe

2010-12-17 13:01 . 2010-12-17 13:01 126948 ----a-w- c:\windows\MeterBasic Uninstaller.exe

2010-12-17 13:01 . 2010-12-17 13:01 173041 ----a-w- c:\windows\Helical Uninstaller.exe

2010-12-17 13:01 . 2010-12-17 13:01 219975 ----a-w- c:\windows\Diplexer Uninstaller.exe

2010-12-08 08:13 . 2010-12-08 06:55 2478272 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2010-12-08 06:56 . 2010-12-08 06:56 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll

2010-12-01 10:44 . 2010-12-01 10:44 100560 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2010-12-01 10:44 . 2010-12-10 20:26 143248 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2010-12-01 10:44 . 2010-12-10 20:26 41936 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2010-12-01 10:44 . 2010-12-01 10:44 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll

2010-12-01 10:44 . 2010-12-01 10:44 111504 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2010-11-29 13:25 . 2010-11-29 13:25 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-29 13:25 . 2010-10-23 16:25 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-26 20:30 . 2010-11-26 19:04 67 ----a-w- c:\documents and settings\Waheb\update.bat

2010-11-22 11:30 . 2010-10-23 16:09 31744 ----a-w- c:\windows\system32\maplec.dll

2010-11-22 11:30 . 2010-10-23 16:09 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll

2010-11-22 11:30 . 2010-10-23 16:09 20480 ----a-w- c:\windows\system32\maplecompat.dll

2010-11-18 18:12 . 2010-05-16 21:59 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-11 10:48 . 2010-11-11 10:48 70768 ----a-w- c:\windows\system32\drivers\vmci.sys

2010-11-11 10:48 . 2010-11-11 10:48 854128 ----a-w- c:\windows\system32\drivers\vmx86.sys

2010-11-11 10:48 . 2010-12-10 23:07 334448 ----a-w- c:\windows\system32\vmnetdhcp.exe

2010-11-11 10:48 . 2010-12-10 23:07 404080 ----a-w- c:\windows\system32\vmnat.exe

2010-11-11 10:47 . 2010-12-10 23:07 760432 ----a-w- c:\windows\system32\vnetlib.dll

2010-11-11 10:47 . 2010-12-10 23:06 24688 ----a-w- c:\windows\system32\drivers\VMkbd.sys

2010-11-11 10:46 . 2010-11-11 10:46 51312 ----a-w- c:\windows\system32\vmnetbridge.dll

2010-11-11 10:46 . 2010-11-11 10:46 32752 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys

2010-11-11 10:46 . 2010-12-10 23:07 26352 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys

2010-11-11 09:31 . 2010-11-11 09:31 32368 ----a-w- c:\windows\system32\drivers\hcmon.sys

2010-11-11 09:04 . 2010-11-11 09:04 252528 ----a-w- c:\windows\system32\vmnc.dll

2010-11-11 07:04 . 2010-11-11 07:04 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys

2010-11-11 07:04 . 2010-11-11 07:04 59952 ----a-w- c:\windows\system32\vnetinst.dll

2010-11-11 07:04 . 2010-11-11 07:04 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys

2010-11-11 07:04 . 2010-11-11 07:04 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys

2010-11-09 14:52 . 2010-05-17 08:40 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-07 17:17 . 2010-10-23 16:48 333840 ----a-w- c:\windows\system32\mltcpip32.mlp

2010-11-07 17:17 . 2010-10-23 16:48 93712 ----a-w- c:\windows\system32\mltcp32.mlp

2010-11-07 17:17 . 2010-10-23 16:48 88080 ----a-w- c:\windows\system32\mlshm32.mlp

2010-11-07 17:17 . 2010-10-23 16:48 167952 ----a-w- c:\windows\system32\mlmodule32.dll

2010-11-07 17:17 . 2010-10-23 16:48 79376 ----a-w- c:\windows\system32\mlmap32.mlp

2010-11-07 17:16 . 2010-10-23 16:48 369680 ----a-w- c:\windows\system32\ml32i3.dll

2010-11-07 17:16 . 2010-10-23 16:48 260112 ----a-w- c:\windows\system32\ml32i2.dll

2010-11-07 17:16 . 2010-10-23 16:48 253968 ----a-w- c:\windows\system32\ml32i1.dll

2010-11-06 00:26 . 2010-05-17 08:40 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26 . 2010-05-17 08:40 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26 . 2010-05-17 08:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25 . 2010-05-17 08:40 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2010-05-17 08:40 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-11-01 11:27 . 2010-11-01 11:27 217088 ----a-w- c:\windows\system32\DownloadXPro.dll

2010-10-29 05:10 . 2008-08-14 04:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-01-07 3216664]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-16 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-16 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-16 141336]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]

"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]

"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-04-08 908368]

"PLFSetL"="c:\windows\PLFSetL.exe" [2010-02-12 99712]

"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2010-02-12 202112]

"snuvcdsm"="c:\windows\snuvcdsm.exe" [2010-02-12 30080]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-04-13 248440]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-10-29 611712]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-09-23 38840]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-11-11 129648]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-12 607584]

hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]

hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

Hyperappel du Petit Larousse 2010.lnk - c:\program files\Larousse\Petit Larousse 2010\bin\Hyperappel.exe [2010-10-23 237568]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\Maple 13\\jre\\bin\\maple.exe"=

"c:\\Program Files\\eclipse\\eclipse.exe"=

"c:\\Program Files\\Maple 13\\jre\\bin\\java.exe"=

"c:\\Program Files\\Maxima-5.22.1\\bin\\xmaxima.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=

"c:\\Program Files\\Maple 14\\jre\\bin\\maple.exe"=

"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\WinWrapIDE.exe"=

"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\stats.exe"=

"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\stats.com"=

"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\JRE\\bin\\javaw.exe"=

"c:\\WINDOWS\\system32\\hasplms.exe"=

"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\Mathematica.exe"=

"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\MathKernel.exe"=

"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\math.exe"=

"c:\\Program Files\\Opera 11.00 beta\\opera.exe"=

"c:\\Program Files\\Le Petit Robert 2009 (3.2)\\RobertHA.exe"=

"c:\\Program Files\\Le Petit Robert 2009 (3.2)\\prnet.exe"=

"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\Mathematica.exe"=

"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\MathKernel.exe"=

"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\math.exe"=

"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server

"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server

"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [12/10/2010 23:26 143248]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [12/10/2010 23:26 41936]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/24/2011 21:56 135336]

R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [5/17/2010 11:40 312400]

R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/26/2011 21:29 363344]

R2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [5/17/2010 02:33 243232]

R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [11/11/2010 13:48 70768]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [11/11/2010 12:31 539248]

R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [5/17/2010 11:40 60456]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/26/2011 21:29 20952]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/1/2010 13:44 100560]

R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [12/1/2010 13:44 111504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 13:16 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/23/2010 17:22 135664]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 05:46 288112]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/17/2010 02:11 1691480]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [1/21/2010 17:51 30963576]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [11/13/2010 23:29 137344]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [11/13/2010 23:29 8320]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 20:37 4640000]

S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [1/13/2009 03:00 451456]

S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 13:37 517096]

S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [12/8/2009 21:24 48128]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 13:16 753504]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/23/2009 06:08 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 03:09 239336]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 03:23 366936]

.

Contents of the 'Scheduled Tasks' folder

2011-01-14 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8287896517.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 21:52]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 14:22]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 14:22]

2011-01-26 c:\windows\Tasks\Minitab Software Update Manager.job

- c:\program files\Common Files\Minitab Shared\Software Manager\SoftwareManager.exe [2010-03-25 06:45]

2011-01-14 c:\windows\Tasks\WebReg 20110114134107.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe [2003-04-05 22:01]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0401&m=em350&r=0xph1010n125l0484wum5r46n2r739

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: ????? ??? &???? Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: ????? ??? Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\documents and settings\Waheb\Application Data\Mozilla\Firefox\Profiles\7rc0ftad.default\

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}

FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

- - - - ORPHANS REMOVED - - - -

Toolbar-{EA582743-9076-4178-9AA6-7393FDF4D5CE} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-27 01:39

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1868)

c:\windows\system32\WININET.dll

c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Sandboxie\SbieSvc.exe

c:\windows\system32\hasplms.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\RTHDCPL.EXE

c:\program files\Apoint2K\ApMsgFwd.exe

c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

c:\program files\Apoint2K\Apntex.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\windows\system32\vmnat.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\windows\system32\vmnetdhcp.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\windows\system32\msiexec.exe

c:\program files\Launch Manager\LMworker.exe

c:\windows\system32\wbem\unsecapp.exe

.

**************************************************************************

.

Completion time: 2011-01-27 01:49:13 - machine was rebooted

ComboFix-quarantined-files.txt 2011-01-26 22:49

ComboFix2.txt 2011-01-26 17:06

Pre-Run: 51,774,242,816 bytes free

Post-Run: 51,760,455,680 bytes free

- - End Of File - - 6494F3984F44E97ED9911B9F1155E2D6

Share this post


Link to post
Share on other sites

Go to Start > Run and type in cmd

Click OK.

This will open a command prompt.

Type the following line in the command window:

ipconfig /flushdns

Hit Enter

Exit the command window.

Let me know.

Share this post


Link to post
Share on other sites
not in appearance anyway ... i've been able to connect even before using flushdns

This is very imporant. Now we can do some additional scans:

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Share this post


Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5622

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/27/2011 21:29:47

mbam-log-2011-01-27 (21-29-47).txt

Scan type: Quick scan

Objects scanned: 182360

Time elapsed: 10 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.