Unable to run Malbytes

misterbremer · 09-07-2009 02:44AM

KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, July 8, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, July 09, 2009 00:39:13
Records in database: 2445763

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Tom and Wendy\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 124344
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:19:58

File name / Threat name / Threats count
C:\Program Files\Mozilla Firefox\components\cbccdbcfadc.dll Infected: Trojan-Proxy.Win32.Horst.ggx 1

The selected area was scanned.

misterbremer · 09-07-2009 01:18PM

Did the whole computer Kapersky scan as well...:

KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, July 9, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, July 09, 2009 00:39:13
Records in database: 2445763

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\

\
E:\
F:\
G:\
H:\
I:\
K:\

Scan statistics:
Files scanned: 194082
Threat name: 11
Infected objects: 23
Suspicious objects: 0
Duration of the scan: 03:48:41

File name / Threat name / Threats count
C:\Program Files\Mozilla Firefox\components\cbccdbcfadc.dll/C:\Program Files\Mozilla Firefox\components\cbccdbcfadc.dll Infected: Trojan-Proxy.Win32.Horst.ggx 1
C:\Program Files\Mozilla Firefox\components\cbccdbcfadc.dll Infected: Trojan-Proxy.Win32.Horst.ggx 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\_cadabfbfcbfcc_.dll.zip Infected: Worm.Win32.AutoRun.abyp 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\_cbccdbcfadc_.dll.zip Infected: Worm.Win32.AutoRun.raz 2
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1262\A0125295.dll Infected: Trojan-Proxy.Win32.Horst.ggx 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1262\A0126294.dll Infected: Trojan-Proxy.Win32.Horst.ggx 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1263\A0126366.dll Infected: Trojan-Proxy.Win32.Horst.ggx 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1267\A0126431.dll Infected: Trojan-Proxy.Win32.Horst.ggx 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1278\A0127394.bat Infected: Trojan.Win32.Agent.cfvd 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1278\A0127395.bat Infected: Trojan.Win32.Agent.cfvd 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1301\A0130465.exe Infected: Trojan.Win32.Agent.ceay 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1301\A0130473.exe Infected: Trojan.Win32.Agent.ceay 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1319\A0132469.exe Infected: Trojan.Win32.Agent.ceay 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1319\A0132471.exe Infected: Trojan.Win32.Agent.ceay 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1323\A0133380.exe Infected: Trojan-Downloader.Win32.FraudLoad.veel 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1323\A0133381.exe Infected: Trojan-Downloader.Win32.FraudLoad.veel 1
K:\p1y2.cmd Infected: Trojan-GameThief.Win32.Magania.amqn 1
K:\2u.com Infected: Trojan-GameThief.Win32.Magania.amqn 1
K:\xh319r9b.bat Infected: Trojan-GameThief.Win32.Magania.bcvu 1
K:\6phx.com Infected: Trojan-GameThief.Win32.Magania.bgky 1
K:\yhh.bat Infected: Trojan-GameThief.Win32.OnLineGames.bmdk 1
K:\ix8bmwx.bat Infected: Trojan-GameThief.Win32.Magania.bkbk 1

The selected area was scanned.

ActorSeeksJob · 09-07-2009 03:56PM

hi

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Program Files\Mozilla Firefox\components\cbccdbcfadc.dll
K:\p1y2.cmd
K:\2u.com
K:\xh319r9b.bat
K:\6phx.com
K:\yhh.bat
K:\ix8bmwx.bat

Folder::

Registry::

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

CLICK HERE to download the HijackThis Installer:

Save HJTInstall.exe to your desktop.
Double-click on HJTInstall.exe to run the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis.
Accept the license agreement by clicking the "I Accept" button.
Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
Click "Save log" to save the log file and then the log will open in Notepad.
Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
Come back here to this thread and paste the log in your next reply.
Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

misterbremer · 09-07-2009 09:43PM

ComboFix 09-07-09.02 - Tom and Wendy 07/09/2009 15:13.6.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.516 [GMT -5:00]
Running from: c:\documents and settings\Tom and Wendy\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Tom and Wendy\Desktop\CFScript.txt

FILE ::
"c:\program files\Mozilla Firefox\components\cbccdbcfadc.dll"
"K:\2u.com"
"K:\6phx.com"
"K:\ix8bmwx.bat"
"K:\p1y2.cmd"
"K:\xh319r9b.bat"
"K:\yhh.bat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\components\cbccdbcfadc.dll
K:\2u.com
K:\6phx.com
K:\ix8bmwx.bat
K:\p1y2.cmd
K:\xh319r9b.bat
K:\yhh.bat

.
((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
.

2009-07-08 22:30 . 2009-04-30 22:57 199192 ----a-w- c:\windows\system32\lvci1201278.dll
2009-07-08 22:29 . 2009-07-08 22:31

d

w- c:\windows\LastGood
2009-07-08 20:56 . 2009-07-08 20:56 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-08 20:55 . 2009-07-08 20:55

d

w- c:\documents and settings\Tom and Wendy\Application Data\Malwarebytes
2009-07-08 20:55 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-08 20:55 . 2009-07-08 20:56

d

w- c:\program files\Malwarebytes' Anti-Malware
2009-07-08 20:55 . 2009-07-08 20:55

d

w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-08 20:55 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-08 20:31 . 2009-07-08 20:31

d

w- C:\_OTM
2009-07-08 00:24 . 2009-07-07 03:44 937984 ----a-w- c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-07-08 00:24 . 2009-07-07 03:44 65536 ----a-w- c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-07-08 00:24 . 2009-07-07 03:44 4722688 ----a-w- c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-07-08 00:24 . 2009-07-07 03:44 344064 ----a-w- c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-07-08 00:24 . 2009-07-07 03:44 106496 ----a-w- c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-07-08 00:24 . 2009-07-07 03:44 103424 ----a-w- c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-06-23 20:01 . 2009-06-23 20:01 7040 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2009-06-23 20:01 . 2009-06-23 20:01

d

w- c:\documents and settings\All Users\Application Data\FNET
2009-06-23 20:01 . 2009-06-23 20:01 17792 ----a-w- c:\windows\system32\drivers\FNETTBOH.SYS
2009-06-23 20:01 . 2009-06-23 20:01

d

w- c:\program files\TurboHddUsb
2009-06-22 05:08 . 2009-06-22 05:09

d

w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-22 05:00 . 2009-06-05 16:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-22 04:57 . 2009-06-22 04:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-22 04:55 . 2009-06-22 04:55

d

w- c:\program files\Bonjour
2009-06-18 23:37 . 2009-06-29 23:37 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-18 23:37 . 2009-06-29 23:37 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-18 23:37 . 2009-06-29 23:37 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-18 23:37 . 2009-06-29 23:37 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-18 23:37 . 2009-06-29 23:37 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-18 23:37 . 2009-06-29 23:37 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-18 23:37 . 2009-06-29 23:37 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-18 23:37 . 2009-06-29 23:37 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-18 23:37 . 2009-06-29 23:37 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-18 23:37 . 2009-06-29 23:37 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-18 23:36 . 2009-07-06 23:38 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-18 23:36 . 2009-06-29 23:37 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-18 23:36 . 2009-06-29 23:37 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-18 23:36 . 2009-06-29 23:37 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-11 13:09 . 2009-04-17 21:58 65536 ----a-w- c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\extensions\piclens@cooliris.com-trash\components\coolirisstub.dll
2009-06-11 13:09 . 2009-04-17 21:58 4534272 ----a-w- c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\extensions\piclens@cooliris.com-trash\libs\cooliris19.dll
2009-06-11 13:02 . 2009-06-11 13:02 152576 ----a-w- c:\documents and settings\Tom and Wendy\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-11 12:59 . 2009-04-30 23:01 265496 ----a-w- c:\windows\system32\drivers\lvrs.sys
2009-06-11 12:59 . 2008-12-17 05:55 195096 ----a-w- c:\windows\system32\lvci11901262.dll
2009-06-11 12:58 . 2009-07-08 22:28

d

w- c:\program files\Logitech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-08 23:18 . 2006-10-20 01:11

d

w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-08 23:14 . 2008-01-22 01:26

d

w- c:\documents and settings\Tom and Wendy\Application Data\Skype
2009-07-08 22:31 . 2007-12-11 20:20

d

w- c:\program files\Common Files\LogiShrd
2009-07-08 22:29 . 2007-12-11 21:10 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-07-08 22:29 . 2008-02-09 23:08 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-07-05 19:02 . 2008-11-01 15:07 158764 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-01 22:18 . 2006-11-17 22:49 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-29 23:37 . 2009-05-28 23:37 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-29 23:37 . 2009-05-28 23:36 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-29 23:37 . 2009-05-28 23:36 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-22 05:13 . 2008-11-01 14:47

d

w- c:\program files\Safari
2009-06-22 05:09 . 2007-06-08 16:19

d

w- c:\program files\iTunes
2009-06-22 05:08 . 2006-03-04 15:08

d

w- c:\program files\iPod
2009-06-22 05:08 . 2007-07-20 16:12

d

w- c:\program files\Common Files\Apple
2009-06-22 05:05 . 2007-06-08 16:13

d

w- c:\program files\QuickTime
2009-06-22 05:01 . 2007-07-20 16:12

d

w- c:\documents and settings\All Users\Application Data\Apple
2009-06-19 18:07 . 2007-08-01 13:42 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2009-06-13 22:16 . 2006-02-21 21:27

d

w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-13 22:16 . 2006-02-21 21:27

d

w- c:\program files\Viewpoint
2009-06-13 22:06 . 2008-08-19 20:57

d

w- c:\program files\Unity
2009-06-13 21:54 . 2007-04-11 22:26

d

w- c:\program files\Reaxxion
2009-06-13 21:48 . 2006-02-21 21:23

d--h--w- c:\program files\InstallShield Installation Information
2009-06-13 21:44 . 2007-08-16 15:00

d

w- c:\program files\Macromedia
2009-06-13 21:44 . 2007-08-16 15:00

d

w- c:\program files\Common Files\Macromedia
2009-06-13 21:43 . 2007-07-22 18:15

d

w- c:\program files\IrfanView
2009-06-13 21:43 . 2006-02-21 21:34

d

w- c:\program files\Google
2009-06-13 21:42 . 2006-03-28 15:34

d

w- c:\program files\GIMP-2.0
2009-06-13 21:41 . 2006-02-21 21:28

d

w- c:\program files\Dell
2009-06-13 15:00 . 2006-10-22 22:59

d

w- c:\documents and settings\Tom and Wendy\Application Data\uTorrent
2009-06-11 13:03 . 2006-02-21 21:18

d

w- c:\program files\Java
2009-06-11 12:58 . 2007-12-11 20:19

d

w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-06-07 02:00 . 2009-06-07 02:00

d

r- c:\program files\Skype
2009-06-07 02:00 . 2008-01-22 01:25

d

w- c:\documents and settings\All Users\Application Data\Skype
2009-06-06 05:02 . 2008-01-22 01:29

d

w- c:\documents and settings\Tom and Wendy\Application Data\skypePM
2009-06-05 16:42 . 2007-11-21 03:16 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-28 23:37 . 2009-05-28 23:37 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-28 23:37 . 2009-05-08 01:21 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-16 15:37 . 2006-12-24 21:25 395568 -c--a-w- c:\documents and settings\Haley\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-08 15:39 . 2009-05-08 15:39 296208 ----a-w- c:\documents and settings\All Users\Application Data\LogiShrd\LQCVFX\Filters\VMSEF.dll
2009-05-08 15:36 . 2009-05-08 15:36 6781200 ----a-w- c:\documents and settings\All Users\Application Data\LogiShrd\LQCVFX\Filters\MMSEF.dll
2009-05-08 15:13 . 2009-05-08 15:13 13584 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll
2009-05-07 23:35 . 2009-05-07 23:36 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-07 23:35 . 2009-05-07 23:35 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-07 15:44 . 2005-08-16 10:18 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-30 23:03 . 2007-12-11 21:10 23832 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2009-04-30 23:03 . 2007-12-11 21:10 6754712 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2009-04-30 23:02 . 2007-12-11 21:10 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2009-04-30 23:02 . 2007-12-11 21:10 539160 ----a-w- c:\windows\system32\LVUI2.dll
2009-04-30 22:57 . 2007-12-11 21:10 416280 ----a-w- c:\windows\system32\lvcodec2.dll
2009-04-30 22:39 . 2007-12-11 21:10 34068 ----a-w- c:\windows\system32\Repository.reg
2009-04-30 21:00 . 2009-04-30 21:00 25624 ----a-w- c:\windows\system32\drivers\LVPr2Mon.sys
2009-04-29 04:56 . 2005-08-16 10:18 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2005-08-16 10:18 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2005-08-16 10:18 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2008-08-06 22:05 . 2008-02-10 16:59 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-02-28 00:17 . 2006-02-28 21:41 104 --sh--r- c:\windows\system32\EA0708D47F.sys
2007-02-28 00:18 . 2006-02-28 21:41 6060 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-07-07_20.49.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-08 22:20 . 2009-07-08 22:20 16384 c:\windows\temp\Perflib_Perfdata_7cc.dat
+ 2009-07-08 22:29 . 2008-12-17 06:02 23832 c:\windows\system32\ReinstallBackups\0017\DriverFiles\lvuvcflt.sys
+ 2009-07-08 22:29 . 2004-08-04 04:08 31616 c:\windows\system32\ReinstallBackups\0017\DriverFiles\i386\usbccgp.sys
- 2009-06-11 12:59 . 2007-10-12 02:00 41752 c:\windows\system32\ReinstallBackups\0014\DriverFiles\LVUSBSta.sys
+ 2009-07-08 22:30 . 2008-12-17 06:01 41752 c:\windows\system32\ReinstallBackups\0014\DriverFiles\LVUSBSta.sys
+ 2009-07-08 22:30 . 2004-08-04 05:56 53760 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\vfwwdm32.dll
+ 2009-07-08 22:30 . 2004-08-04 05:56 17408 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\msyuv.dll
+ 2009-07-08 22:30 . 2004-08-04 05:56 47616 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\iyuv_32.dll
+ 2009-07-08 22:30 . 2008-12-17 06:01 41752 c:\windows\system32\ReinstallBackups\0013\DriverFiles\LVUSBSta.sys
+ 2009-07-08 22:30 . 2004-08-10 11:00 23552 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\wdmaud.drv
+ 2009-07-08 22:30 . 2004-08-04 04:07 59264 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\USBAUDIO.sys
+ 2009-07-08 22:30 . 2004-08-04 04:08 48640 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\stream.sys
+ 2009-07-08 22:30 . 2004-08-04 04:08 60288 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\drmk.sys
+ 2009-07-08 22:30 . 2009-04-30 23:01 66456 c:\windows\system32\DRVSTORE\lvPRO5s_2D6E30F74D2E72EA8163B690B05F1BC54597B89C\lvselsus.sys
+ 2009-07-08 22:29 . 2009-04-30 23:03 23832 c:\windows\system32\DRVSTORE\lvPRO5c_952966D5B4F6B5A523B590D564614430AA76DAA1\lvuvcflt.sys
+ 2009-07-08 22:29 . 2009-04-30 22:55 13976 c:\windows\system32\DRVSTORE\lvPEPI2s_99D499EFF87B07D6166F5EA387697BB6072519E5\lv302af.sys
+ 2007-04-14 01:58 . 2007-04-14 01:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4092\_mscorsn.dll
+ 2009-07-08 22:30 . 2004-08-10 11:00 23552 c:\windows\LastGood\system32\wdmaud.drv
+ 2009-07-08 22:31 . 2004-08-04 05:56 53760 c:\windows\LastGood\system32\vfwwdm32.dll
+ 2009-07-08 22:31 . 2004-08-04 05:56 17408 c:\windows\LastGood\system32\msyuv.dll
+ 2009-07-08 22:31 . 2004-08-04 05:56 47616 c:\windows\LastGood\system32\iyuv_32.dll
+ 2009-07-08 22:29 . 2004-08-04 04:08 31616 c:\windows\LastGood\system32\drivers\usbccgp.sys
+ 2009-07-08 22:30 . 2004-08-04 04:07 59264 c:\windows\LastGood\system32\drivers\USBAUDIO.sys
+ 2009-07-08 22:30 . 2004-08-04 04:08 48640 c:\windows\LastGood\system32\drivers\stream.sys
+ 2009-07-08 22:29 . 2008-12-17 06:02 23832 c:\windows\LastGood\system32\drivers\lvuvcflt.sys
+ 2009-07-08 22:30 . 2004-08-04 04:08 60288 c:\windows\LastGood\system32\drivers\drmk.sys
+ 2009-07-08 22:28 . 2009-07-08 22:28 57344 c:\windows\Installer\{AC96671C-2001-432C-9826-5266D84EF1DC}\QuickCamStartMenuS_65895B9BA1A04BCBAB7BF5673B44A0E4.exe
+ 2009-07-08 22:28 . 2009-07-08 22:28 57344 c:\windows\Installer\{AC96671C-2001-432C-9826-5266D84EF1DC}\QuickCamDesktopSho_C0678C37AA5341A4BE4781BAF94DE0CC.exe
+ 2009-07-08 22:28 . 2009-07-08 22:28 57344 c:\windows\Installer\{AC96671C-2001-432C-9826-5266D84EF1DC}\ARPPRODUCTICON.exe
+ 2009-07-08 22:30 . 2001-08-18 03:36 8192 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\tsbyuv.dll
+ 2009-07-08 22:30 . 2004-08-04 06:56 4096 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\ksuser.dll
- 2009-06-11 12:59 . 2004-08-04 06:56 4096 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\ksuser.dll
+ 2009-07-08 22:30 . 2004-08-04 06:56 4096 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\ksuser.dll
+ 2009-07-08 22:31 . 2001-08-18 03:36 8192 c:\windows\LastGood\system32\tsbyuv.dll
+ 2009-07-08 22:30 . 2004-08-04 06:56 4096 c:\windows\LastGood\system32\ksuser.dll
- 2007-12-11 20:22 . 2008-12-17 06:02 145944 c:\windows\twain_32\QuickCam\lvWIAext.dll
+ 2007-12-11 20:22 . 2009-04-30 23:04 145944 c:\windows\twain_32\QuickCam\lvWIAext.dll
+ 2009-07-08 22:30 . 2009-04-30 22:53 460048 c:\windows\system32\ReinstallBackups\0014\DriverFiles\WUApp32.exe
+ 2009-07-08 22:30 . 2009-04-30 23:04 145944 c:\windows\system32\ReinstallBackups\0014\DriverFiles\lvWIAext.dll
+ 2009-07-08 22:30 . 2009-04-30 23:02 539160 c:\windows\system32\ReinstallBackups\0014\DriverFiles\LVUI2RC.dll
+ 2009-07-08 22:30 . 2009-04-30 23:02 539160 c:\windows\system32\ReinstallBackups\0014\DriverFiles\LVUI2.dll
- 2009-06-11 12:59 . 2007-10-12 01:57 195096 c:\windows\system32\ReinstallBackups\0014\DriverFiles\lvcoinst.dll
+ 2009-07-08 22:30 . 2008-12-17 05:55 195096 c:\windows\system32\ReinstallBackups\0014\DriverFiles\lvcoinst.dll
+ 2009-07-08 22:30 . 2009-04-30 22:57 416280 c:\windows\system32\ReinstallBackups\0014\DriverFiles\lvcodec2.dll
+ 2009-07-08 22:30 . 2004-08-04 05:56 294912 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\msh263.drv
+ 2009-07-08 22:30 . 2004-08-04 04:15 140928 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\ks.sys
- 2009-06-11 12:59 . 2004-08-10 11:00 140928 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\ks.sys
+ 2009-07-08 22:30 . 2008-12-17 05:51 443664 c:\windows\system32\ReinstallBackups\0013\DriverFiles\WUApp32.exe
+ 2009-07-08 22:30 . 2008-12-17 06:00 768024 c:\windows\system32\ReinstallBackups\0013\DriverFiles\lvrs.sys
+ 2009-07-08 22:30 . 2008-12-17 05:55 195096 c:\windows\system32\ReinstallBackups\0013\DriverFiles\lvcoinst.dll
+ 2009-07-08 22:30 . 2004-03-16 17:58 136960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\portcls.sys
+ 2009-07-08 22:30 . 2004-08-04 04:15 140928 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\ks.sys
+ 2009-07-08 22:30 . 2009-04-30 22:53 460048 c:\windows\system32\DRVSTORE\lvPRO5v_1A7EB537982BCE55DEA520F73987B7FF65597DB2\WUApp32.exe
+ 2009-07-08 22:30 . 2009-04-30 23:04 145944 c:\windows\system32\DRVSTORE\lvPRO5v_1A7EB537982BCE55DEA520F73987B7FF65597DB2\lvWIAext.dll
+ 2009-07-08 22:30 . 2009-04-30 23:02 539160 c:\windows\system32\DRVSTORE\lvPRO5v_1A7EB537982BCE55DEA520F73987B7FF65597DB2\LVUI2RC.dll
+ 2009-07-08 22:30 . 2009-04-30 23:02 539160 c:\windows\system32\DRVSTORE\lvPRO5v_1A7EB537982BCE55DEA520F73987B7FF65597DB2\LVUI2.dll
+ 2009-07-08 22:30 . 2009-04-30 22:57 199192 c:\windows\system32\DRVSTORE\lvPRO5v_1A7EB537982BCE55DEA520F73987B7FF65597DB2\lvcoinst.dll
+ 2009-07-08 22:30 . 2009-04-30 22:57 416280 c:\windows\system32\DRVSTORE\lvPRO5v_1A7EB537982BCE55DEA520F73987B7FF65597DB2\lvcodec2.dll
+ 2009-07-08 22:30 . 2009-04-30 22:53 460048 c:\windows\system32\DRVSTORE\lvPRO5s_2D6E30F74D2E72EA8163B690B05F1BC54597B89C\WUApp32.exe
+ 2009-07-08 22:30 . 2009-04-30 23:01 265496 c:\windows\system32\DRVSTORE\lvPRO5s_2D6E30F74D2E72EA8163B690B05F1BC54597B89C\lvrs.sys
+ 2009-07-08 22:30 . 2009-04-30 22:59 114712 c:\windows\system32\DRVSTORE\lvPRO5s_2D6E30F74D2E72EA8163B690B05F1BC54597B89C\lvpopflt.sys
+ 2009-07-08 22:30 . 2009-04-30 22:57 199192 c:\windows\system32\DRVSTORE\lvPRO5s_2D6E30F74D2E72EA8163B690B05F1BC54597B89C\lvcoinst.dll
+ 2009-07-08 22:30 . 2009-04-30 22:53 460048 c:\windows\system32\DRVSTORE\lvPEPI2v_4022AD047131F8DA6FCF38A5AF78577F22AF2D50\WUApp32.exe
+ 2009-07-08 22:30 . 2009-04-30 23:04 145944 c:\windows\system32\DRVSTORE\lvPEPI2v_4022AD047131F8DA6FCF38A5AF78577F22AF2D50\lvWIAext.dll
+ 2009-07-08 22:30 . 2009-04-30 23:02 539160 c:\windows\system32\DRVSTORE\lvPEPI2v_4022AD047131F8DA6FCF38A5AF78577F22AF2D50\LVUI2RC.dll
+ 2009-07-08 22:30 . 2009-04-30 23:02 539160 c:\windows\system32\DRVSTORE\lvPEPI2v_4022AD047131F8DA6FCF38A5AF78577F22AF2D50\LVUI2.dll
+ 2009-07-08 22:30 . 2009-04-30 22:57 199192 c:\windows\system32\DRVSTORE\lvPEPI2v_4022AD047131F8DA6FCF38A5AF78577F22AF2D50\lvcoinst.dll
+ 2009-07-08 22:30 . 2009-04-30 22:57 416280 c:\windows\system32\DRVSTORE\lvPEPI2v_4022AD047131F8DA6FCF38A5AF78577F22AF2D50\lvcodec2.dll
+ 2009-07-08 22:29 . 2009-04-30 22:53 460048 c:\windows\system32\DRVSTORE\lvPEPI2s_99D499EFF87B07D6166F5EA387697BB6072519E5\WUApp32.exe
+ 2009-07-08 22:29 . 2009-04-30 23:01 265496 c:\windows\system32\DRVSTORE\lvPEPI2s_99D499EFF87B07D6166F5EA387697BB6072519E5\lvrs.sys
+ 2009-07-08 22:29 . 2009-04-30 22:57 199192 c:\windows\system32\DRVSTORE\lvPEPI2s_99D499EFF87B07D6166F5EA387697BB6072519E5\lvcoinst.dll
+ 2009-07-08 22:29 . 2009-04-30 22:53 460048 c:\windows\system32\DRVSTORE\lvELCHv_C913F138AE598F3E209DDE0B8ECE2F1694FFE1C9\WUApp32.exe
+ 2009-07-08 22:29 . 2009-04-30 23:04 145944 c:\windows\system32\DRVSTORE\lvELCHv_C913F138AE598F3E209DDE0B8ECE2F1694FFE1C9\lvWIAext.dll
+ 2009-07-08 22:29 . 2009-04-30 23:02 539160 c:\windows\system32\DRVSTORE\lvELCHv_C913F138AE598F3E209DDE0B8ECE2F1694FFE1C9\LVUI2RC.dll
+ 2009-07-08 22:29 . 2009-04-30 23:02 539160 c:\windows\system32\DRVSTORE\lvELCHv_C913F138AE598F3E209DDE0B8ECE2F1694FFE1C9\LVUI2.dll
+ 2009-07-08 22:29 . 2009-04-30 22:57 199192 c:\windows\system32\DRVSTORE\lvELCHv_C913F138AE598F3E209DDE0B8ECE2F1694FFE1C9\lvcoinst.dll
+ 2009-07-08 22:29 . 2009-04-30 22:57 416280 c:\windows\system32\DRVSTORE\lvELCHv_C913F138AE598F3E209DDE0B8ECE2F1694FFE1C9\lvcodec2.dll
+ 2009-07-08 22:29 . 2009-04-30 22:56 495768 c:\windows\system32\DRVSTORE\lvELCHv_C913F138AE598F3E209DDE0B8ECE2F1694FFE1C9\LV561AV.sys
+ 2003-02-21 10:42 . 2003-02-21 10:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4092\_msvcr71.dll
+ 2007-04-14 01:56 . 2007-04-14 01:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4092\_mscorjit.dll
+ 2004-07-15 06:24 . 2004-07-15 06:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4092\_fusion.dll
+ 2009-07-08 22:31 . 2009-04-30 23:04 145944 c:\windows\LastGood\TWAIN_32\QuickCam\lvWIAext.dll
+ 2009-07-08 22:31 . 2004-08-04 05:56 294912 c:\windows\LastGood\system32\msh263.drv
+ 2009-07-08 22:31 . 2009-04-30 23:02 539160 c:\windows\LastGood\system32\LVUI2RC.dll
+ 2009-07-08 22:31 . 2009-04-30 23:02 539160 c:\windows\LastGood\system32\LVUI2.dll
+ 2009-07-08 22:31 . 2009-04-30 22:57 416280 c:\windows\LastGood\system32\lvcodec2.dll
+ 2009-07-08 22:31 . 2009-04-30 22:57 199192 c:\windows\LastGood\system32\lvci1201278.dll
+ 2009-07-08 22:30 . 2004-03-16 17:58 136960 c:\windows\LastGood\system32\drivers\portcls.sys
+ 2009-07-08 22:30 . 2008-12-17 06:00 768024 c:\windows\LastGood\system32\drivers\lvrs.sys
+ 2009-07-08 22:30 . 2004-08-04 04:15 140928 c:\windows\LastGood\system32\drivers\ks.sys
+ 2009-07-08 22:30 . 2008-12-17 06:01 6364440 c:\windows\system32\ReinstallBackups\0014\DriverFiles\lvuvc.sys
+ 2009-07-08 22:30 . 2009-04-30 23:03 6754712 c:\windows\system32\DRVSTORE\lvPRO5v_1A7EB537982BCE55DEA520F73987B7FF65597DB2\lvuvc.sys
+ 2009-07-08 22:30 . 2009-04-30 22:55 2687512 c:\windows\system32\DRVSTORE\lvPEPI2v_4022AD047131F8DA6FCF38A5AF78577F22AF2D50\LV302V32.SYS
- 2009-07-07 20:49 . 2007-06-29 22:07 9249736 c:\windows\SoftwareDistribution\Download\Install\NDP1.1sp1-KB928366-X86.exe
+ 2007-04-14 01:57 . 2007-04-14 01:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4092\_mscorwks.dll
+ 2007-04-14 01:50 . 2007-04-14 01:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4092\_mscorlib.dll
+ 2009-07-08 22:31 . 2008-12-17 06:01 6364440 c:\windows\LastGood\system32\drivers\lvuvc.sys
+ 2009-07-08 22:28 . 2009-07-08 22:28 5072384 c:\windows\Installer\2b473.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 68856]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-03-11 24095528]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-06 29744]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-10-25 35328]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2007-08-21 73728]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"BarbieGirlsTray"="c:\program files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe" [2007-03-15 24576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-11 185896]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"TurboHddUsb"="c:\program files\TurboHddUsb\TurboHddUsb.exe" [2009-06-23 3327488]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2008-10-11 136768]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-10 53760]

c:\documents and settings\Tom and Wendy\Start Menu\Programs\Startup\
Monitor.lnk - c:\program files\802.11g Wireless LAN\Monitor.exe [2005-8-2 901120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2007-11-12 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1161296625\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1161296625\\ee\\aim6.exe"=
"c:\\Documents and Settings\\Tom and Wendy\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Sony Online Entertainment\\Q-bert\\Q-bert.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Smartparts\\Smartparts Desktop\\OptiPix.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"6881:TCP"= 6881:TCP:electric sheep

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/7/2009 6:36 PM 64160]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [6/23/2009 3:01 PM 7040]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1029456]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [6/23/2009 3:01 PM 17792]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/21/2006 4:34 PM 29744]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2/9/2008 6:10 PM 17792]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2/9/2008 6:10 PM 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2/9/2008 6:10 PM 40832]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2/9/2008 6:11 PM 21504]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - LVPRCSRV
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 23:37]

2009-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-07-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 13:11]
.
.

Supplementary Scan

.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
TCP: {73541F4C-ED16-4947-9CA1-00CD000BED89} = 68.87.72.130,68.87.77.130
FF - ProfilePath - c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?.home=ytff
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58757&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - component: c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\extensions\{18b8f08d-62fe-4dfc-ad6c-9ce46515d5ec}\components\Engine.dll
FF - component: c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\OverTheEdge\Unity\WebPlayer\loader\npUnityWeb32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 15:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-09 15:26
ComboFix-quarantined-files.txt 2009-07-09 20:26
ComboFix2.txt 2009-07-08 12:54
ComboFix3.txt 2009-07-08 00:22
ComboFix4.txt 2009-07-07 21:01

Pre-Run: 15,570,747,392 bytes free
Post-Run: 15,836,381,184 bytes free

412 --- E O F --- 2009-07-09 08:01

misterbremer · 09-07-2009 09:45PM

and.....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:39 PM, on 7/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Common Files\AOL\1161296625\ee\aolsoftware.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TurboHddUsb\TurboHddUsb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\802.11g Wireless LAN\Monitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [BarbieGirlsTray] C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TurboHddUsb] C:\Program Files\TurboHddUsb\TurboHddUsb.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Monitor.lnk = C:\Program Files\802.11g Wireless LAN\Monitor.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {36D04559-44B7-45E0-BA81-E1508FAB359F} (UnityWebPlayerAX Control) - http://otee.dk/download_webplayer/UnityWebPlayer.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{73541F4C-ED16-4947-9CA1-00CD000BED89}: NameServer = 68.87.72.130,68.87.77.130
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 15543 bytes

ActorSeeksJob · 09-07-2009 11:30PM

Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Below I have included a number of recommendations for how to protect your computer against malware infections.

Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
- NoScript - for blocking ads and other potential website attacks
- McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

Unable to run Malbytes

Comments