None of my browsers seems to connect to the internet.I have tried Internet explorer8, firefox 3 and Wyzo.Wyzo seemed to be working although last week since,but now even that stopped.As soon as i type in any address..the browser just shows stopped and the loading bar doesnt progress.In internet explorer...it shows it cant connect to HTTP(when i tried the diagnose tool).Also sometimes instead of http:// it appears http:/// and then nothing happens.All my firewalls are disabled.Im able to login to gtalk,yahoo when i get connected.However i cant get thru windows live messenger either.Could someone suggest a useful tip?? When i googled for answers...they suggest it might be a virus called "transponder".But therz no easy removal tool for it.I have trend micro Hijack this tool installed...if u want i could upload the log file.
First: Using a clean computer download and burn a rescue disk from here: http://www.free-av.com/en/products/12/av...cue_system.html Then use this guide to clean your machine: http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163 Then: Download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. • If an update is found, it will download and install the latest version. • Once the program has loaded, select Perform full scan, then click Scan. • When the scan is complete, click OK, then Show Results to view the results. • Make sure that everything is checked, and click Remove Selected. <-- Don't forget this. • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt • Please post the MBAM Log and a fresh HJT log in your next reply. 2oG
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:17:12 PM, on 6/19/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\ZTE EV-DO\bin\EV-DO.exe C:\Users\Ash\AppData\Roaming\Google\Google Talk\googletalk.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=73&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=73&bd=Pavilion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] "C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" O4 - HKLM\..\Run: [CognizanceTS] "rundll32.exe" c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" O4 - HKLM\..\Run: [Updater] C:\Windows\system32\updater\explorer.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{BCDC4251-0086-4B3D-AED3-AE0269E16732} O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{508D6C2E-E362-4E83-B039-2E6B0495A66E}: NameServer = 85.255.112.10,85.255.112.133 O17 - HKLM\System\CCS\Services\Tcpip\..\{FAA9FEA6-DB13-43AF-8073-9887F1AB8267}: NameServer = 218.248.240.181 208.67.220.220 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: APSHook.dll O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Conexant Systems, Inc. - (no file) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10858 bytes Malwarebytes' Anti-Malware 1.38 Database version: 2297 Windows 6.0.6001 Service Pack 1 6/20/2009 6:49:18 PM mbam-log-2009-06-20 (18-49-07).txt Scan type: Full Scan (C:\|) Objects scanned: 368964 Time elapsed: 4 hour(s), 35 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 1 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{508d6c2e-e362-4e83-b039-2e6b0495a66e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.10,85.255.112.133 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{508d6c2e-e362-4e83-b039-2e6b0495a66e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.10,85.255.112.133 -> No action taken. Folders Infected: c:\Users\Ash\AppData\Local\Temp\E_4 (Autorun.Worm) -> No action taken. Files Infected: c:\Users\Ash\AppData\Local\Temp\E_4\com.run (Adware.Agent) -> No action taken. c:\Users\Ash\AppData\Local\Temp\E_4\dp1.fne (Autorun.Worm) -> No action taken. c:\Users\Ash\AppData\Local\Temp\E_4\eAPI.fne (Autorun.Worm) -> No action taken. c:\Users\Ash\AppData\Local\Temp\E_4\internet.fne (Autorun.Worm) -> No action taken. c:\Users\Ash\AppData\Local\Temp\E_4\krnln.fnr (Autorun.Worm) -> No action taken. c:\Users\Ash\AppData\Local\Temp\E_4\RegEx.fnr (Autorun.Worm) -> No action taken. c:\Users\Ash\AppData\Local\Temp\E_4\shell.fne (Autorun.Worm) -> No action taken. c:\Users\Ash\AppData\Local\Temp\E_4\spec.fne (Autorun.Worm) -> No action taken. Malware anti-malware did remove the trojans but im still unable to connect through the browser.
Were you able to run the Rescue disk?? Can you download anything?? The explorer.exe you have running is NOT safe. The real explorer.exe (taskbar, start menu,etc) resides in c:\windows not c:\windows\updater Step # 1: Remove Hijackthis Entries • Run HijackThis • Click on the Scan]/b] button Put a check beside all of the items listed below (if present): O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O4 - HKLM\..\Run: [Updater] C:\Windows\system32\updater\explorer.exe O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{508D6C2E-E362-4E83-B039-2E6B0495A66E}: NameServer = 85.255.112.10,85.255.112.133 <- this is a server in Odessa, USSR – if you are not in Russia, probably bad… O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Conexant Systems, Inc. - (no file) • Close all open windows and browsers/email, etc... • Click on the "Fix Checked" button • When completed, close the application. Step # 2: Delete Bad Services Please open Notepad. Ensure that word wrap is turned off. Click on Format and make sure that there is not a tick next to Word Wrap. If there's one, click on Word Wrap to remove it. Copy and paste the following in the quote box into Notepad: Click on File > Save As.... In the File Name box, copy and paste in fix.bat In the Save as type box, select All Files from the drop-down list. Click Save and save it to your Desktop. Double click on fix.bat. A Command Prompt window will open and close quickly. That is normal. See what that will do for you and post back with a fresh HJT Log.. 2oG
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:51:23 PM, on 6/26/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe C:\Windows\system32\taskeng.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\rundll32.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\ehome\ehmsas.exe C:\Windows\Explorer.EXE C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Users\Ash\AppData\Roaming\Microsoft\Windows\SendTo\RemoveOnReboot.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Program Files\AutoCAD 2008\acad.exe C:\Users\Ash\AppData\Local\Temp\AdskCleanup.0001 C:\Program Files\Windows Media Player\wmplayer.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=73&bd=Pavilion&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=73&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=73&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=73&bd=Pavilion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] "C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" O4 - HKLM\..\Run: [CognizanceTS] "rundll32.exe" c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{BCDC4251-0086-4B3D-AED3-AE0269E16732} O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Bluetooth.lnk = ? O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: APSHook.dll O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Conexant Systems, Inc. - (no file) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10795 bytes Malwarebytes' Anti-Malware 1.38 Database version: 2297 Windows 6.0.6001 Service Pack 1 6/23/2009 6:21:41 PM mbam-log-2009-06-23 (18-21-40).txt Scan type: Full Scan (C:\|) Objects scanned: 370998 Time elapsed: 16 hour(s), 4 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I have done the dos fix.bat and still the browsers are unable to connect to the internet.IE still skips to http:/// instead of http://.
gamester0, Well, I’m a little confused as the infection now showing up in your latest HJT Log was not showing in your first Log… Please Fix the following line using HJT.. It can block your IE Browser… R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> Next, reboot your computer and see if you can use your browser to download ComboFix. If not, please use a clean computer and transfer it to the infected machine. 1. Download Combo fix from one of these locations. * IMPORTANT !!! Place combofix.exe on your Desktop http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference. Be sure your Bitdefender is turned off.. 2. Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK. 3. Combo will begin to run DO NOTHING while this is happening. • It will kill a few processes and disconnect you from the internet. • If by chance it stops prematurely you can re-establish your internet connection by restarting your computer. • This needs to be done so the program can work most efficiently for you. Do not attempt to use the internet or anything else while it's doing its job for you. **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. If when it's completed you can not get on the internet just reboot the computer Post the log from comboFix for me located in c:\comboFix.txt And a fresh HJT Log please.. 2oG
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:03:54 AM, on 6/28/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe C:\Windows\system32\taskeng.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\rundll32.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Windows\Explorer.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=73&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=73&bd=Pavilion&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] "C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" O4 - HKLM\..\Run: [CognizanceTS] "rundll32.exe" c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{BCDC4251-0086-4B3D-AED3-AE0269E16732} O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Bluetooth.lnk = ? O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\Windows\System32\APSHook.dll O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Conexant Systems, Inc. - (no file) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9478 bytes ComboFix 09-06-26.02 - Ash 06/28/2009 2:31.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.1222 [GMT 5.5:30] Running from: c:\users\Ash\Desktop\combofix.exe Command switches used :: /killall AV: BitDefender Antivirus *On-access scanning enabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} AV: Kaspersky Internet Security *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} SP: BitDefender Antispyware *enabled* (Outdated) {8B2012EC-32D4-494F-BC03-832DB3BDF911} SP: Kaspersky Internet Security *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Services c:\users\Ash\AppData\Roaming\inst.exe D:\Desktop.ini . ((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 ))))))))))))))))))))))))))))))) . 2009-06-27 21:16 . 2009-06-27 21:22 -------- d-----w- c:\users\Ash\AppData\Local\temp 2009-06-27 21:16 . 2009-06-27 21:16 -------- d-----w- c:\users\Guest\AppData\Local\temp 2009-06-21 15:33 . 2009-06-21 17:45 -------- d-----w- c:\program files\Exterminate It! 2009-06-20 13:31 . 2009-06-20 13:31 -------- d-----w- c:\users\Ash\AppData\Local\Cooliris 2009-06-20 08:14 . 2009-06-20 08:14 -------- d-----w- c:\users\Ash\AppData\Roaming\Malwarebytes 2009-06-20 08:13 . 2009-06-17 05:57 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-20 08:13 . 2009-06-20 08:13 -------- d-----w- c:\programdata\Malwarebytes 2009-06-20 08:13 . 2009-06-17 05:57 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-20 08:13 . 2009-06-20 08:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-15 14:40 . 2009-06-15 14:40 -------- d-----w- c:\program files\Safari 2009-06-15 14:39 . 2009-06-15 14:39 -------- d-----w- c:\users\Ash\AppData\Local\Apple 2009-06-15 14:38 . 2009-06-15 14:38 -------- d-----w- c:\program files\Apple Software Update 2009-06-15 14:36 . 2009-06-15 14:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-06-15 14:36 . 2009-06-15 14:36 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-06-15 13:32 . 2009-06-20 13:31 -------- d-----w- c:\program files\Wyzo 2009-06-12 16:44 . 2009-06-12 16:44 -------- d-----w- c:\program files\Broadcom 2009-06-09 21:56 . 2009-06-09 21:56 -------- d-----w- C:\Binaries 2009-06-09 17:18 . 2009-06-09 17:29 -------- d-----w- c:\program files\Wyzo(96) 2009-06-09 13:33 . 2009-06-09 13:33 -------- d-----w- c:\users\Ash\AppData\Roaming\BitDefender 2009-06-09 13:32 . 2009-06-09 13:46 -------- d-----w- c:\programdata\BitDefender 2009-06-09 13:30 . 2009-06-09 21:08 -------- d-----w- c:\program files\Common Files\BitDefender(2) 2009-06-09 11:31 . 2009-06-09 11:31 -------- d-----w- c:\windows\system32\logs 2009-06-09 08:56 . 2009-06-09 09:15 -------- d-----w- c:\programdata\SpeedBit 2009-06-09 08:56 . 2009-06-09 09:15 -------- d-----w- c:\program files\DAP 2009-06-09 07:27 . 2009-06-27 11:01 -------- d-----w- C:\Films 2009-06-09 06:46 . 2009-06-09 06:53 -------- d-----w- c:\program files\Cablenut 2009-06-08 20:53 . 2009-06-08 20:53 -------- d-----w- c:\program files\Valve(94) 2009-06-05 19:04 . 2009-06-05 19:04 -------- d-----w- c:\users\Ash\AppData\Roaming\Radical Software Ltd 2009-06-05 19:04 . 2009-06-05 19:04 -------- d-----w- c:\users\Ash\AppData\Local\Radical Software Ltd 2009-05-29 06:57 . 2007-07-19 17:24 1521464 ----a-w- c:\windows\WRSetup.dll 2009-05-29 06:38 . 2009-05-29 06:39 -------- d-----w- c:\programdata\Lavasoft 2009-05-29 06:37 . 2009-05-29 06:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-27 21:17 . 2007-12-04 17:27 4132 ----a-w- c:\windows\bthservsdp.dat 2009-06-27 11:44 . 2008-08-15 04:38 -------- d-----w- c:\users\Ash\AppData\Roaming\Abvent_Artlantis2 2009-06-20 13:45 . 2008-03-08 06:27 -------- d-----w- c:\program files\BitDefender 2009-06-19 00:23 . 2008-02-12 00:38 1356 ----a-w- c:\users\Ash\AppData\Local\d3d9caps.dat 2009-06-16 04:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2009-06-16 04:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2009-06-16 04:35 . 2008-10-03 13:08 -------- d-----w- c:\program files\PC Connectivity Solution 2009-06-16 04:35 . 2008-02-11 02:34 -------- d-----w- c:\program files\Bonjour 2009-06-16 04:35 . 2007-08-21 16:47 -------- d-----w- c:\program files\Common Files\LightScribe 2009-06-16 04:35 . 2007-08-21 16:12 -------- d-----w- c:\program files\Common Files\SureThing Shared 2009-06-15 14:40 . 2008-02-12 01:41 -------- d-----w- c:\programdata\Apple Computer 2009-06-12 17:30 . 2008-08-25 14:16 -------- d-----w- c:\program files\Electronic Arts 2009-06-09 21:55 . 2008-03-08 06:24 -------- d-----w- c:\program files\Common Files\BitDefender 2009-06-09 21:43 . 2008-07-18 12:37 -------- d-----w- c:\programdata\Kaspersky Lab 2009-06-09 21:37 . 2008-02-11 21:43 157816 ----a-w- c:\users\Ash\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-09 21:08 . 2008-02-11 02:41 -------- d-----w- c:\programdata\FLEXnet 2009-06-09 21:08 . 2009-04-07 18:28 -------- d-----w- c:\program files\Valve 2009-06-09 09:26 . 2007-08-21 16:10 -------- d-----w- c:\programdata\Roxio 2009-06-09 08:35 . 2009-01-24 18:56 -------- d-----w- c:\users\Ash\AppData\Roaming\FreeCall 2009-06-09 06:57 . 2008-12-29 21:40 -------- d-----w- c:\program files\BitComet 2009-06-03 15:31 . 2009-06-03 15:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-05-23 17:33 . 2008-02-19 14:40 -------- d-----w- c:\users\Ash\AppData\Roaming\PC Suite 2009-05-20 13:21 . 2007-08-21 15:48 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-10 18:20 . 2009-05-10 18:20 -------- d-----w- c:\programdata\Office Genuine Advantage 2009-05-10 17:11 . 2008-02-11 14:03 -------- d-----w- c:\programdata\Microsoft Help 2009-05-10 08:45 . 2009-05-10 08:35 -------- d-----w- c:\program files\Windows Live 2009-05-10 08:42 . 2009-05-10 08:42 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-05-10 08:37 . 2009-05-10 08:37 -------- d-----w- c:\program files\Microsoft 2009-05-10 08:36 . 2009-05-10 08:36 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-05-10 08:29 . 2009-04-20 11:41 3888 ----a-w- c:\windows\system32\ealregsnapshot1.reg 2009-05-10 08:08 . 2009-05-10 08:08 -------- d-----w- c:\program files\Common Files\Windows Live 2009-05-05 22:32 . 2008-12-18 06:39 -------- d-----w- c:\users\Ash\AppData\Roaming\Vso 2009-05-02 22:46 . 2008-02-12 02:59 -------- d-----w- c:\program files\Google 2009-05-02 08:00 . 2009-05-02 07:47 -------- d-----w- c:\program files\RegCure 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-04-12 16:34 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-04-12 15:48 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2009-04-12 15:48 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll 2009-04-09 16:37 . 2009-04-09 16:37 27649 ----a-w- c:\programdata\nvModes.dat 2009-04-07 20:15 . 2008-02-11 23:13 27145 ----a-w- c:\users\Ash\AppData\Roaming\nvModes.dat 2008-08-13 13:32 . 2008-08-13 13:32 35840 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704] "RunSpySweeperScheduleAtStartup"="c:\windows\system32\msfeedssync.exe" [2009-03-08 13312] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128] "CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-03 13556256] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-03 92704] "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2008-08-14 716800] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632] c:\users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\APSHook.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ASWLNPkg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DriveGuard.lnk] backup=c:\windows\pss\DriveGuard.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DSLMON.lnk] backup=c:\windows\pss\DSLMON.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NkbMonitor.exe.lnk] backup=c:\windows\pss\NkbMonitor.exe.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^StupAssist.lnk] backup=c:\windows\pss\StupAssist.lnk.CommonStartup backupExtension=.CommonStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Msn Messsenger HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{F1583250-A947-4E67-9187-7DFD82F23002}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{1814C686-E39A-4CA1-8807-5981DAB4501E}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{1C59B878-495D-4E20-979F-2A777B0AC7EF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{FCF9CDBC-B511-4A87-9C36-397D048A90CE}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{FF3799FC-DA63-453E-9A07-AAF74FEA3A23}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{5E0CC975-0811-4A99-BEEF-100EF59AAF8F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{91F73F53-08CF-4CE4-A2F8-107F07655545}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{BD859022-8A54-4885-9B03-DAD00B35D798}c:\\program files\\graphisoft\\archicad 10\\archicad.exe"= UDP:c:\program files\graphisoft\archicad 10\archicad.exe:ArchiCAD 10.0.0 Component "UDP Query User{2CEDF1E0-2DA9-4A39-9FBD-9B1F35AD8B15}c:\\program files\\graphisoft\\archicad 10\\archicad.exe"= TCP:c:\program files\graphisoft\archicad 10\archicad.exe:ArchiCAD 10.0.0 Component "{1ABCE089-23CD-48B3-AC36-FAA6DD134F11}"= UDP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit "{7D2907CD-DA61-41E0-9772-8D1D8674660A}"= TCP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit "{4C9D5990-6BD6-4944-8E8D-7FEA9EC6A722}"= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor "{664419A9-D66D-4600-921A-2761760ACA96}"= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor "{33E09711-175F-4337-B227-DB392DA2974F}"= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager "{7DC804F9-CCF6-4E2B-B81C-C312EFA20A97}"= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager "{71E19082-FDB1-4729-B173-7CF3E008F31A}"= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server "{184C8105-DE91-4D7E-A7EC-EAF6BB1859A0}"= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server "{3BC11FD2-23B8-429A-82AA-216D3E4C9A1D}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{9876BBC5-2142-4EDE-9A65-B97725608C77}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{3AA38537-43DE-4479-B1CD-DE5E3D37D465}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{52E896A3-6FC7-46AF-86CD-7F65B7BAED23}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "TCP Query User{852628F5-10CE-4275-8F74-4802648452DF}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{0B1E7901-252F-4FEB-A59A-6AB98A85D311}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent "{36188950-15F7-4CF5-9A1C-011DEEDFD1D2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{1E9A432D-587B-4B07-8D55-D106CA0E8CB0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{135F8B49-F66A-4FC6-8EDC-7F1CDD53EDB2}"= UDP:c:\windows\System32\PnkBstrA.exenkBstrA "{85105036-B37C-474D-A35C-3CF13421E908}"= TCP:c:\windows\System32\PnkBstrA.exenkBstrA "{B7925EDD-D777-4E5D-8FE8-1CEB5F005568}"= UDP:c:\windows\System32\PnkBstrB.exenkBstrB "{3F56F89A-623E-4642-B051-94073D6FBD13}"= TCP:c:\windows\System32\PnkBstrB.exenkBstrB "{1C4C3CC7-1AFE-4690-B679-AE446FF556E5}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{062883D9-3435-46A5-8872-F286D9BFBBE5}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{CED51D0E-8A6D-4D94-851F-16552FE1AFEF}"= UDP:c:\program files\DNA\btdna.exeNA "{1A7872A5-C9B0-4A5D-88F4-A3A061E7CC4E}"= TCP:c:\program files\DNA\btdna.exeNA "{C69994E4-1AD8-46E0-AC8F-99370017F2A4}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent "{1358819D-7383-47ED-A09D-2092B0E9994A}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent "{A53433F3-47E1-41E2-B60C-8E051A851675}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In) "{C7593A97-5FCE-49F4-912E-4FC008F9C75C}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In) "{3588A44B-50B5-4779-AD85-5D8C5E8C21DE}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{F48B0013-1EF8-41B8-8C8D-732362B5F008}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{DB8B6874-849C-4C1D-B414-15B33760444F}"= UDP:c:\program files\DNA\btdna.exeNA (TCP-In) "{73A26418-616A-461F-91A0-CC855AF63D2F}"= TCP:c:\program files\DNA\btdna.exeNA (UDP-In) "{4C18101E-5EE7-41E9-A5A0-C1ABB81F3FB2}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [3/16/2008 3:23 PM 261680] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [4/10/2009 1:47 AM 21504] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [4/10/2009 1:47 AM 21504] R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [7/2/2008 1:07 PM 82568] R3 bdfm;BDFM;c:\windows\System32\drivers\bdfm.sys [8/12/2008 6:40 PM 108864] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [8/14/2008 6:54 PM 102208] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/12/2008 4:24 PM 109616] R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [10/30/2007 9:25 PM 37936] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [7/17/2008 1:06 PM 118784] S3 HssTrayService;Hotspot Shield Tray Service; [x] S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\System32\drivers\CT_ZTEMT_U_USBSER.sys [9/1/2008 4:41 PM 104320] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ Cognizance REG_MULTI_SZ ASBroker ASChannel bdx REG_MULTI_SZ scan [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-06-27 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2008-04-21 07:19] 2009-06-25 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2008-04-21 07:19] 2009-06-27 c:\windows\Tasks\User_Feed_Synchronization-{BCDC4251-0086-4B3D-AED3-AE0269E16732}.job - c:\windows\system32\msfeedssync.exe [2009-05-10 11:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=73&bd=Pavilion&pf=laptop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=73&bd=Pavilion&pf=laptop . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-28 02:52 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2781736169-3570764144-3380849088-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*[*£*W%\OpenWithList] @Class="Shell" [HKEY_USERS\S-1-5-21-2781736169-3570764144-3380849088-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8B8437FB-F3F6-939D-5575-C5AC8ABAA198}*] "bbkhnhjcikmhfggegnekjkmkafgdklkdhkkd"=hex:61,62,66,65,6f,61,6b,66,62,67,66,6c, 69,68,65,69,6f,6c,6d,6b,70,65,65,62,6c,70,6e,62,6d,62,6c,62,69,6d,00,00 "abkhnhjcikmhfggegnfkgiodmmiljmionc"=hex:61,62,69,65,69,62,61,63,70,6c,6f,6e, 6f,6d,6d,6b,6d,64,70,61,68,62,65,65,6f,65,6e,62,67,61,6c,70,6f,70,00,00 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0019\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(720) c:\program files\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll - - - - - - - > 'Explorer.exe'(4236) c:\windows\system32\APSHook.dll c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll c:\windows\system32\btmmhook.dll c:\windows\system32\btncopy.dll c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\program files\WIDCOMM\Bluetooth Software\btkeyind.dll c:\program files\BitDefender\BitDefender 2009\bdfvsctx.dll c:\windows\system32\txmlutil.dll c:\program files\BitDefender\BitDefender 2009\ENU\bdfvsctx.ui c:\windows\system32\nvcpl.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\nvvsvc.exe c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe c:\program files\BitDefender\BitDefender 2009\vsserv.exe c:\windows\System32\audiodg.exe c:\windows\System32\rundll32.exe c:\windows\System32\wlanext.exe c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe c:\windows\System32\PSIService.exe c:\windows\System32\drivers\XAudio.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Bioscrypt\VeriSoft\Bin\asghost.exe c:\windows\System32\rundll32.exe c:\windows\ehome\ehmsas.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe c:\windows\System32\WUDFHost.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe c:\program files\BitDefender\BitDefender 2009\seccenter.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\System32\dllhost.exe . ************************************************************************** . Completion time: 2009-06-27 3:01 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-27 21:31 Pre-Run: 29,317,971,968 bytes free Post-Run: 29,544,157,184 bytes free 432 --- E O F --- 2009-05-10 17:11 Here are the logs of Combofix & HJT as u requested.Hope this time it works.
Oh nooooo....its still the same.IE still shows "unable to set up port on World Wide Web(HTTP)".Im able to login to gtalk as earlier.
Hi gamester0 2oldgeek is busy currently, but don't worry; it's my turn to help you. There's still some nasty stuff left on your computer. Let's clear that up. 1. • Download TFC to your desktop, or other location. • Save any unsaved work. TFC will close all open application windows. • Double-click TFC.exe to run the program. • If prompted, click "Yes" to reboot. Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot. 2. • Exit all programs, including Internet Explorer (if it is running). • If you use Windows XP, click Start, and then click Run. Type inetcpl.cpl in the Open box, and then press Enter. • If you use Windows Vista, click Start. Type inetcpl.cpl in the Start Search box, and then press Enter. • The Internet Options dialog box will appear. • Click the Advanced tab. • Under Reset Internet Explorer settings, click Reset. Then click Reset again. • When Internet Explorer finishes resetting the settings, click Close in the Reset Internet Explorer Settings dialog box. • Start Internet Explorer again. 3. • Please open Notepad. • Ensure that Format>Word Wrap is unchecked. • Copy and paste the following into Notepad: Code: @echo off ping google.com >> check.txt ping yahoo.com >> check.txt del check.bat check.txt exit • Save this as check.bat onto your Desktop. • Double click on check.bat. • A Command Prompt window will open and close quickly. This is normal. • A notepad window will open. Post its contents here. 4. • Please download RSIT from here. • Please download the HijackThis zip file and unzip HijackThis.exe into the same folder as RSIT.exe. We will need it later. • Run RSIT.exe and follow the prompts. • When the scan is finished, two notepad windows will pop up; log.txt and info.txt. They are also located at C:\rsit. • Post log.txt and info.txt here. Things I'll need in your next post: 1. Log from check.bat 2. RSIT logs Best Regards
check.bat Ping request could not find host google.com. Please check the name and try again. Ping request could not find host yahoo.com. Please check the name and try again. info.txt logfile of random's system information tool 1.06 2009-07-01 01:50:37 ======Uninstall list====== -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 3dsmax ancillary install-->MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C} ABBYY FineReader 8.0 Professional Edition-->MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07} Abvent SketchUp 6.0 ATL Exporter-->"C:\Program Files\Google\Google SketchUp 6\Exporters\uninstallskp2atl.exe" ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E} Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E} Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191} Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02} Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF} Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4} Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F} Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100} Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C} Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C} Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353} Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F} Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003} Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1} Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C} Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A} Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4} AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B} ArchiCAD 10 R1 INT-->C:\Program Files\Graphisoft\ArchiCAD 10\Uninstall.AC\uninstaller.exe Artlantis Studio 2 2.0.2-->C:\Program Files\Artlantis Studio 2\uninst.exe AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /I{B61B6668-A674-4A06-8405-51944D5CCDDD} AutoCAD 2008 - English-->C:\Program Files\AutoCAD 2008\Setup\Setup.exe /P {5783F2D7-6001-0409-0002-0060B0CE6BBA} /M ACAD AutoCAD Architecture 2008-->C:\Program Files\AutoCAD Architecture 2008\Setup\Setup.exe /P {5783F2D7-6004-0409-0002-0060B0CE6BBA} /M ACAD Autodesk 3ds Max 9 32-bit-->MsiExec.exe /I{E96D4088-AAC5-437F-9E39-EC0E387897B4} Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057} Autodesk Impression-->MsiExec.exe /I{46BADC50-B350-4E97-BB98-BE97ABBF7B3E} Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379} BitDefender Definitions Update-->MsiExec.exe /X{E26005C0-25E2-43FA-8740-D4596E8EC460} BitDefender Total Security 2009-->MsiExec.exe /X{8ACF317C-CA66-4363-AEBF-A073B124AA1A} Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver" Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} CINEMA 4D Release 10 Architecture Edition-->C:\Windows\unvise32.exe C:\Program Files\MAXON\CINEMA 4D R10\uninstal_C4D.log Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IQv30CFza.INF ConvertXtoDVD 3.3.0.96-->"C:\Program Files\VSO\ConvertX\3\unins000.exe" Corel Painter X-->MsiExec.exe /I{05D60953-9012-44DF-A1A6-9DD97AD6580A} Counter Strike Source Final-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3805C7B-0C75-48A2-8BEC-F39283785CBD}\setup.exe" -l0x9 -removeonly DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033 ESU for Microsoft Vista-->MsiExec.exe /X{54F7A791-38DE-4439-AB3F-B3F7DDA89C75} FBX Plugin 2006.08 for Max 9.0-->C:\Program Files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe FreeCall-->"C:\Program Files\FreeCall.com\FreeCall\unins000.exe" GLOBEtrotter FLEXid Drivers-->C:\Windows\IsUninst.exe -f"C:\Program Files\GLOBEtrotter Software Inc.\GLOBEtrotter FLEXid Drivers\Uninst.isu" Google SketchU 6 Materials Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4EA60C47-CAF2-427E-86EC-68700EFBE037}\setup.exe" -l0x9 -removeonly Google SketchUp 6 Exporters-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}\setup.exe" -l0x9 -removeonly Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly Google SketchUp LayOut 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C12D609B-EB71-411B-82C3-9BE6D40435D7}\setup.exe" -l0x9 -removeonly Google SketchUp Pro 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\setup.exe" -l0x9 -removeonly Google SketchUp Pro 7-->MsiExec.exe /I{48E15C9C-E25C-40AD-A46B-AB270729B9B9} HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IwqcVenz.inf HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" HP Active Support Library 32 bit components-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68} HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409 HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F} HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly HP Help and Support-->MsiExec.exe /I{9061CEF2-51F5-42C9-8A70-9ED351C6597A} HP Integrated Module with Bluetooth wireless technology 6.0.1.4900-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D} HP Photosmart Essential 2.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat HP Quick Launch Buttons 6.20 B1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst HP QuickPlay 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134} HP User Guides 0057-->MsiExec.exe /I{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC} HP Wireless Assistant-->MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8} HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367} Hypercosm Teleporter for SketchUp6 1.1-->"C:\Program Files\Hypercosm\Hypercosm Teleporter for SketchUp6\unins000.exe" Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Maya 8.5-->MsiExec.exe /I{A1E0E88A-F5E9-4414-A0D7-31940E965EC5} Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft VC80 Support DLLs-->MsiExec.exe /I{342F5437-C87D-4BB5-89B9-B23E16C6A395} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} Mozilla Firefox (3.0)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MpcStar 2.9-->C:\Program Files\MpcStar\uninst.exe MSCU for Microsoft Vista-->MsiExec.exe /I{F7F3B252-E772-48AA-93EB-7964BC326067} MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27} MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} Need for Speed™ Most Wanted-->C:\Program Files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88} Nokia Connectivity Cable Driver-->MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48} Nokia PC Suite-->C:\ProgramData\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Nokia_PC_Suite_rel_7_0_8_2_eng_us_web.exe Nokia PC Suite-->MsiExec.exe /I{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82} Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34} NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{B148AB4B-C8FA-474B-B981-F2943C5B5BCD} PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C} PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9} Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe" PictureProject-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL PowerArchiver 2007-->MsiExec.exe /I{B6826FA8-04C8-4147-AA3C-5B900AB887A1} PowerISO-->"C:\Program Files\PowerISO\uninstall.exe" Prince of Persia T2T-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}\setup.exe" -l0x9 -removeonly PSP Video 9 2.25-->C:\Program Files\Red Kawa\Video Converter\uninstaller.exe QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033 RegCure 1.5.0.1-->C:\Program Files\RegCure\uninst.exe Revit Architecture 2008-->MsiExec.exe /X{4A11206C-4377-49E8-911E-B11548658FF3} Rhinoceros 4.0 SR1-->MsiExec.exe /I{D6F64D4F-B539-448E-A5D7-B57EE89193B8} Rhinoceros 4.0 SR2-->MsiExec.exe /I{761EC7CE-E646-4A8C-95DA-A24C6CDACF3F} Rhinoceros 4.0-->MsiExec.exe /I{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87} Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82} Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C} Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048} Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87} Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B} Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF} Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72} Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF} Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740} Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C} Sentinel System Driver-->C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q SketchUp Add-On AC10 INT-->C:\Program Files\Graphisoft\ArchiCAD 10\Uninstall.SU\uninstaller.exe SmartAudio-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio /F1"C:\Program Files\InstallShield Installation Information\{E621DCAF-82F7-4F6D-B563-B6A4004B2397}\setup.iss" /S Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Time-Save Standards for Architectural Design Data-->C:\PROGRA~1\TSSADD\UNWISE.EXE C:\PROGRA~1\TSSADD\INSTALL.LOG Ubuntu-->C:\ubuntu\Uninstall-Ubuntu.exe Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42} Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987} Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9} Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63} Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245} Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47} Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876} Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F} Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C} Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726} Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D} VeriSoft Access Manager-->rundll32.exe "c:\Program Files\Bioscrypt\VeriSoft\Bin\SetupHelper.dll",ExecMain /Uninstall {0ABA40AF-288D-41F1-B735-C5155692CD7D} V-Ray for SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D7BD6EE-C597-4375-B07F-A91FC78991C7}\setup.exe" -l0x9 -removeonly WIBU-KEY Setup (WIBU-KEY Remove)-->C:\Program Files\WIBUKEY\Setup\Setup32.exe /R:{00060000-0000-1004-8002-0000C06B5161} Windows Driver Package - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ce5ad925\nokia_bluetooth.inf Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_674398ba\nokbtmdm.inf Windows Driver Package - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_5e0e55c3\nokia_bluetooth.inf Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_dcd936c5\nokbtmdm.inf Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536} Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C} Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194} Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5} Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5} Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG ZTE EV-DO-->"C:\Program Files\ZTE EV-DO\unins000.exe" =====HijackThis Backups===== O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-06-23] O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe [2009-06-23] O4 - HKLM\..\Run: [Updater] C:\Windows\system32\updater\explorer.exe [2009-06-23] O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Conexant Systems, Inc. - (no file) [2009-06-23] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> [2009-06-28] ======Security center information====== AV: BitDefender Antivirus (disabled) (outdated) AV: Kaspersky Internet Security (outdated) AV: Norton Internet Security FW: Norton Internet Security FW: Kaspersky Internet Security (disabled) FW: BitDefender Firewall AS: BitDefender Antispyware (outdated) AS: Windows Defender AS: Kaspersky Internet Security AS: Norton Internet Security ======System event log====== Computer Name: Gamester Event Code: 7000 Message: The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Record Number: 1843449 Source Name: Service Control Manager Time Written: 20090630200005.000000-000 Event Type: Error User: Computer Name: Gamester Event Code: 7000 Message: The adfs service failed to start due to the following error: The system cannot find the file specified. Record Number: 1843450 Source Name: Service Control Manager Time Written: 20090630200005.000000-000 Event Type: Error User: Computer Name: Gamester Event Code: 7000 Message: The DS1410D service failed to start due to the following error: The system cannot find the device specified. Record Number: 1843455 Source Name: Service Control Manager Time Written: 20090630200005.000000-000 Event Type: Error User: Computer Name: Gamester Event Code: 7022 Message: The CyberLink Background Capture Service (CBCS) service hung on starting. Record Number: 1843490 Source Name: Service Control Manager Time Written: 20090630200054.000000-000 Event Type: Error User: Computer Name: Gamester Event Code: 7001 Message: The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state. Record Number: 1843491 Source Name: Service Control Manager Time Written: 20090630200054.000000-000 Event Type: Error User: =====Application event log===== Computer Name: Gamester Event Code: 3013 Message: The entry <C:\USERS\ASH\DESKTOP\DOCUMENTATION-DETAILING.DWG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Record Number: 26341 Source Name: Microsoft-Windows-Search Time Written: 20090625100925.000000-000 Event Type: Error User: Computer Name: Gamester Event Code: 3013 Message: The entry <C:\USERS\ASH\DESKTOP\DOCUMENTATION-DETAILING.DWG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Record Number: 26342 Source Name: Microsoft-Windows-Search Time Written: 20090625100925.000000-000 Event Type: Error User: Computer Name: Gamester Event Code: 1002 Message: The program SketchUp.exe version 6.4.112.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 11a8 Start Time: 01c9f59a9a86bd20 Termination Time: 0 Record Number: 26348 Source Name: Application Hang Time Written: 20090625151858.000000-000 Event Type: Error User: Computer Name: Gamester Event Code: 3013 Message: The entry <C:\USERS\ASH\DESKTOP\5 STAR HOTEL\HOTEL PREFINALS.DWG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Record Number: 26354 Source Name: Microsoft-Windows-Search Time Written: 20090626125335.000000-000 Event Type: Error User: Computer Name: Gamester Event Code: 1000 Message: Faulting application acad.exe, version 23.1.51.0, time stamp 0x45cffe3b, faulting module MFC80U.DLL, version 8.0.50727.762, time stamp 0x45713438, exception code 0xc0000005, fault offset 0x00036099, process id 0x948, application start time 0x01c9f7712d80e6c3. Record Number: 26455 Source Name: Application Error Time Written: 20090627221149.000000-000 Event Type: Error User: =====Security event log===== Computer Name: Gamester Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 41582 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090630202033.259298-000 Event Type: Audit Failure User: Computer Name: Gamester Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 41583 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090630202033.303298-000 Event Type: Audit Failure User: Computer Name: Gamester Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 41584 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090630202033.345298-000 Event Type: Audit Failure User: Computer Name: Gamester Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 41585 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090630202033.387298-000 Event Type: Audit Failure User: Computer Name: Gamester Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 41586 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090630202033.431298-000 Event Type: Audit Failure User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Autodesk\Maya8.5\bin;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;c:\Program Files\Bioscrypt\VeriSoft\bin;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\Autodesk\Backburner "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=6801 "NUMBER_OF_PROCESSORS"=2 "PLATFORM"=MCD "PCBRAND"=Pavilion "OnlineServices"=Online Services "RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\ "USERPART"=E: "CLASSPATH"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip -----------------EOF----------------- Logfile of random's system information tool 1.06 (written by random/random) Run by Ash at 2009-07-01 01:50:31 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 29 GB (12%) free of 231 GB Total RAM: 2046 MB (50% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:50:33 AM, on 7/1/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\rundll32.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Ash\Desktop\RSIT.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\Ash.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=73&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=73&bd=Pavilion&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] "C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" O4 - HKLM\..\Run: [CognizanceTS] "rundll32.exe" c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{BCDC4251-0086-4B3D-AED3-AE0269E16732} O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Bluetooth.lnk = ? O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\Windows\System32\APSHook.dll O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Conexant Systems, Inc. - (no file) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9542 bytes ======Scheduled tasks folder====== C:\Windows\tasks\RegCure Program Check.job C:\Windows\tasks\RegCure.job C:\Windows\tasks\User_Feed_Synchronization-{BCDC4251-0086-4B3D-AED3-AE0269E16732}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}] VeriSoft Access Manager - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll [2006-11-22 71192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2008-08-13 90112] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800] "QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-04-24 176128] "QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-14 159744] "HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-13 50696] "hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-02 472776] "WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-11 317128] "CognizanceTS"=c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll [2003-12-22 17920] "SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] "MSConfig"=C:\Windows\system32\msconfig.exe [2008-01-19 227840] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-04 13556256] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-04 92704] "BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2008-08-14 716800] "BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2008-08-10 69632] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] "PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-08-11 1124352] "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608] "Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704] "RunSpySweeperScheduleAtStartup"=C:\Windows\system32\msfeedssync.exe [2009-03-08 13312] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2kadiras] 2kadiras.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9xadiras] 9xadiras.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adiras] adiras.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoclk] autoclk.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] C:\Users\Ash\AppData\Roaming\Google\Google Talk\googletalk.exe [2007-01-02 3739648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-10 86960] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [2008-01-20 217088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunSpySweeperScheduleAtStartup] C:\Windows\system32\msfeedssync.exe [2009-03-08 13312] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe /a /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2007-05-11 738968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DriveGuard.lnk] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DSLMON.lnk] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NkbMonitor.exe.lnk] C:\PROGRA~1\Nikon\PICTUR~1\NKBMON~1.EXE [2006-10-16 118784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^StupAssist.lnk] C:\PROGRA~1\COMMON~1\Nikon\UTILIT~1\STUPAS~1.EXE [2004-04-29 31744] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\Windows\System32\APSHook.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli ASWLNPkg [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* .scr - open - "C:\Windows\system32\notepad.exe" "%1" .scr - install - .scr - config - ======List of files/folders created in the last 1 months====== 2009-07-01 01:50:31 ----D---- C:\rsit 2009-06-30 23:46:42 ----D---- C:\ubuntu 2009-06-28 03:01:52 ----A---- C:\ComboFix.txt 2009-06-28 02:59:52 ----SHD---- C:\$RECYCLE.BIN 2009-06-28 02:29:36 ----A---- C:\Windows\zip.exe 2009-06-28 02:29:36 ----A---- C:\Windows\SWXCACLS.exe 2009-06-28 02:29:36 ----A---- C:\Windows\SWSC.exe 2009-06-28 02:29:36 ----A---- C:\Windows\SWREG.exe 2009-06-28 02:29:36 ----A---- C:\Windows\sed.exe 2009-06-28 02:29:36 ----A---- C:\Windows\PEV.exe 2009-06-28 02:29:36 ----A---- C:\Windows\NIRCMD.exe 2009-06-28 02:29:36 ----A---- C:\Windows\grep.exe 2009-06-28 02:29:27 ----SD---- C:\ComboFix 2009-06-28 02:29:27 ----D---- C:\Windows\ERDNT 2009-06-28 02:28:00 ----D---- C:\Qoobox 2009-06-21 21:03:57 ----D---- C:\Program Files\Exterminate It! 2009-06-20 13:44:04 ----D---- C:\Users\Ash\AppData\Roaming\Malwarebytes 2009-06-20 13:43:50 ----D---- C:\ProgramData\Malwarebytes 2009-06-20 13:43:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-06-15 20:10:31 ----D---- C:\Program Files\Safari 2009-06-15 20:08:47 ----D---- C:\Program Files\Apple Software Update 2009-06-15 20:06:35 ----D---- C:\ProgramData\Spybot - Search & Destroy 2009-06-15 20:06:35 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-06-12 22:14:57 ----D---- C:\Program Files\Broadcom 2009-06-10 03:26:11 ----D---- C:\Program Files\Common Files\MSSoap 2009-06-10 03:26:11 ----D---- C:\Binaries 2009-06-09 22:48:03 ----D---- C:\Program Files\Wyzo(96) 2009-06-09 19:03:59 ----D---- C:\Users\Ash\AppData\Roaming\BitDefender 2009-06-09 19:02:16 ----D---- C:\ProgramData\BitDefender 2009-06-09 19:00:57 ----D---- C:\Program Files\Common Files\BitDefender(2) 2009-06-09 17:01:13 ----D---- C:\Windows\system32\logs 2009-06-09 14:26:30 ----AD---- C:\ProgramData\TEMP 2009-06-09 14:26:19 ----D---- C:\ProgramData\SpeedBit 2009-06-09 14:26:16 ----D---- C:\Program Files\DAP 2009-06-09 12:57:07 ----D---- C:\Films 2009-06-09 12:16:22 ----D---- C:\Program Files\Cablenut 2009-06-09 02:23:13 ----D---- C:\Program Files\Valve(94) 2009-06-06 00:34:23 ----D---- C:\Users\Ash\AppData\Roaming\Radical Software Ltd ======List of files/folders modified in the last 1 months====== 2009-07-01 01:50:33 ----D---- C:\Windows\Prefetch 2009-07-01 01:49:46 ----D---- C:\Windows\Temp 2009-07-01 01:35:47 ----D---- C:\Windows\System32 2009-07-01 01:35:47 ----D---- C:\Windows\inf 2009-07-01 01:35:47 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-07-01 01:29:05 ----D---- C:\Windows 2009-07-01 01:17:53 ----SHD---- C:\System Volume Information 2009-06-30 23:44:50 ----D---- C:\Users\Ash\AppData\Roaming\Adobe 2009-06-28 22:45:27 ----D---- C:\My space 2009-06-28 03:15:56 ----D---- C:\Program Files\Mozilla Firefox 2009-06-28 03:15:42 ----RD---- C:\Program Files 2009-06-28 03:01:57 ----D---- C:\Windows\system32\en-US 2009-06-28 03:01:55 ----D---- C:\Windows\system32\drivers 2009-06-28 02:52:24 ----A---- C:\Windows\system.ini 2009-06-28 02:46:10 ----HD---- C:\ProgramData 2009-06-28 02:41:53 ----D---- C:\Windows\AppPatch 2009-06-28 02:41:50 ----D---- C:\Program Files\Common Files 2009-06-27 17:14:12 ----D---- C:\Users\Ash\AppData\Roaming\Abvent_Artlantis2 2009-06-23 00:21:01 ----D---- C:\Windows\system32\catroot2 2009-06-22 01:54:28 ----D---- C:\Downloads 2009-06-20 19:17:26 ----SHD---- C:\Windows\Installer 2009-06-20 19:15:34 ----D---- C:\Program Files\BitDefender 2009-06-20 18:54:52 ----D---- C:\Windows\SMINST 2009-06-17 00:05:06 ----D---- C:\Architecture 2009-06-16 10:06:13 ----D---- C:\Windows\system32\config 2009-06-16 10:06:00 ----D---- C:\Windows\system32\wbem 2009-06-16 10:06:00 ----D---- C:\Windows\servicing 2009-06-16 10:06:00 ----D---- C:\Windows\ehome 2009-06-16 10:06:00 ----D---- C:\Program Files\Windows Sidebar 2009-06-16 10:06:00 ----D---- C:\Program Files\Windows Media Player 2009-06-16 10:06:00 ----D---- C:\Program Files\Windows Defender 2009-06-16 10:05:58 ----D---- C:\Windows\Tasks 2009-06-16 10:05:58 ----D---- C:\Windows\system32\updater 2009-06-16 10:05:58 ----D---- C:\Windows\system32\spool 2009-06-16 10:05:58 ----D---- C:\Windows\system32\Msdtc 2009-06-16 10:05:58 ----D---- C:\Windows\system32\CodeIntegrity 2009-06-16 10:05:58 ----D---- C:\Program Files\PC Connectivity Solution 2009-06-16 10:05:58 ----D---- C:\Program Files\Common Files\SureThing Shared 2009-06-16 10:05:58 ----D---- C:\Program Files\Common Files\LightScribe 2009-06-16 10:05:58 ----D---- C:\Program Files\Bonjour 2009-06-16 10:05:49 ----D---- C:\Windows\registration 2009-06-15 20:10:31 ----D---- C:\ProgramData\Apple Computer 2009-06-15 20:09:05 ----D---- C:\Windows\system32\Tasks 2009-06-12 23:00:19 ----D---- C:\Program Files\Electronic Arts 2009-06-12 22:16:08 ----D---- C:\Windows\system32\catroot 2009-06-10 03:28:14 ----D---- C:\Windows\winsxs 2009-06-10 03:25:09 ----D---- C:\Program Files\Common Files\BitDefender 2009-06-10 03:13:34 ----D---- C:\ProgramData\Kaspersky Lab 2009-06-10 02:38:58 ----D---- C:\ProgramData\FLEXnet 2009-06-10 02:38:56 ----D---- C:\Program Files\Valve 2009-06-09 14:56:51 ----D---- C:\ProgramData\Roxio 2009-06-09 14:05:24 ----D---- C:\Users\Ash\AppData\Roaming\FreeCall 2009-06-09 12:27:31 ----D---- C:\Program Files\BitComet ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-08-14 132800] R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-01-22 385072] R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [2008-02-13 261680] R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-01-20 33292] R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-12-01 43696] R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-10-30 191536] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2008-02-25 278728] R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568] R2 Hardlock;hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2005-07-28 685056] R2 Haspnt;Haspnt; \??\C:\Windows\system32\drivers\Haspnt.sys [2008-02-25 47616] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2008-02-25 25416] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376] R2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2001-06-21 73728] R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\Windows\SYSTEM32\DRIVERS\WibuKey.sys [2006-05-11 70144] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704] R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-03-28 140424] R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016] R3 bdfm;BDFM; C:\Windows\system32\drivers\bdfm.sys [2008-08-12 108864] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-08-14 102208] R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2008-08-12 228672] R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [2008-02-26 8448] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208] R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 188416] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-01-22 109616] R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896] R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-04 7606688] R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 12032] R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-12-18 47360] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576] R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2007-10-30 12848] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-02-12 123952] R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2007-10-30 145968] R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2007-10-30 39856] R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2007-10-30 37936] R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-10-30 27696] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472] R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [] S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\Windows\System32\Drivers\adildr.sys [] S2 DS1410D;DS1410D; \??\C:\Windows\system32\drivers\ds1410d.sys [1998-07-10 7328] S3 adiusbaw;ADSL USB MODEM WAN ADAPTER; C:\Windows\system32\DRIVERS\adiusbaw.sys [] S3 ahj9wryv;ahj9wryv; C:\Windows\system32\drivers\ahj9wryv.sys [] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016] S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-19 19456] S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160] S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160] S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184] S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-04-18 79664] S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-04-18 81200] S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-18 16432] S3 catchme;catchme; \??\C:\Users\Ash\AppData\Local\Temp\catchme.sys [] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328] S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-04-12 160768] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704] S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080315.003\NAVENG.SYS [2008-03-15 82256] S3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080315.003\NAVEX15.SYS [2008-03-15 895408] S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-07 17536] S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-07 20864] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [2007-07-12 12800] S3 ProtoWall;ProtoWall Defender; C:\Windows\system32\DRIVERS\ProtoWall.sys [] S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664] S3 Sntnlusb;Rainbow USB SuperPro; C:\Windows\system32\DRIVERS\SNTNLUSB.SYS [2001-06-21 20032] S3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-12-01 279088] S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-12-01 317616] S3 tapvpn;TAP VPN Adapter; C:\Windows\system32\DRIVERS\tapvpn.sys [2007-06-08 27136] S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [2007-07-10 36736] S3 TSP;TSP; \??\C:\Windows\system32\drivers\klif.sys [] S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064] S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2008-01-19 28160] S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936] S3 zteusbser;ZTE USB Device for Legacy Serial Communication; C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [2008-09-01 104320] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ASBroker;Logon Session Broker; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 ASChannel;Local Communication Channel; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-04-02 79360] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-04-24 262243] R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-15 62984] R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-03 135168] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-20 75304] R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-08-13 393216] R2 mi-raysat_3dsmax9_32;mental ray 3.5 Satellite (32-bit); C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [2006-09-29 65536] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-04 203296] R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656] R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2008-08-15 1523712] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560] R3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-19 21504] R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488] S2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-04-24 106593] S2 SymAppCore;Symantec AppCore Service; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-05 47712] S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784] S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-01-10 110592] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-15 655624] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-08 136120] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640] S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656] -----------------EOF-----------------
Hey gamester0 First, try the System File Checker as outlined here: http://www.howtogeek.com/howto/windows-vista/verify-the-integrity-of-windows-vista-system-files/ You may need your Vista installation cd. Are you still able to log into GTalk? Best Regards
Helooooo????? I think we r deviating from the topic.Yes i can login to gtalk,yahoo.My internet connection is stable.Only my browsers dont connect. As I told ,IE instantly changes to http;/// even as i type in www.google.com or any other site for that matter.The other browsers WYzon and firefox dont connect.
Hey gamster Sorry for the late reply... I understand what your issue is; it's just that the logs you produced indicated a bad internet connection..., so I was wondering if GTalk still worked for you. Now that you've confirmed it does indeed, it clears things up!! Sorry for not clarifying what I believe your problem is. Omitting the technical details, this is the summary: Your logs are clean. Even though this does not necessarily mean a clean system, I have reason to believe that the malware is gone from your system, but some settings by the malware are crippling your system. I have some new instructions for you: 1. Run the System File Checker as previously outlined in my previous post. 2. Following the instructions from my first post regarding check.bat, use this code instead. Post the log here: Code: @echo off ping afterdawn.com > check.txt ping 209.62.87.157 >> check.txt del check.bat check.txt exit 3. I see that you have all Kaspersky, Bitdefender, and Norton security products. Are all three registered and fully functional versions? Are any trial versions? 4. Please reboot your computer into Safe Mode With Networking by doing the following: • Restart your computer • After pressing the power button, repeatedly tap the F8 key. • Instead of Windows loading as normal, the Advanced Options Menu should appear; • Select the option to run Windows in Safe Mode With Networking, then press Enter. • Choose the administrator's account. Does Internet Explorer work in Safe Mode With Networking? One more thing; open Task Manager. Do you see svchost.exe there? Hope your problem gets fixed! Best Regards
Im not able to connect in safemode as i use a portable usb internet device....which while connecting gets stuck.Dono y.
Hey gamester0 Could you read through all the instructions in my previous post? Thanks! One more thing; let's try to reset some internet protocols on your computer: • Please open Notepad. • Ensure that Format>Word Wrap is unchecked. • Copy and paste the following into Notepad: Code: @echo off netsh winsock reset catalog netsh int ip reset c:\resetlog.txt del C:\resetlog.txt del fix.bat exit • Save this as fix.bat onto your Desktop. • Double click on fix.bat. • A Command Prompt window will open and close quickly. This is normal. • Restart your computer. Does this work? Best Regards
Here's the report of the check.bat file u wanted in the previous post. Pinging afterdawn.com [209.62.87.157] with 32 bytes of data: Reply from 209.62.87.157: bytes=32 time=785ms TTL=50 Reply from 209.62.87.157: bytes=32 time=784ms TTL=50 Reply from 209.62.87.157: bytes=32 time=1203ms TTL=50 Reply from 209.62.87.157: bytes=32 time=799ms TTL=50 Ping statistics for 209.62.87.157: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 784ms, Maximum = 1203ms, Average = 892ms Pinging 209.62.87.157 with 32 bytes of data: Reply from 209.62.87.157: bytes=32 time=731ms TTL=50 Reply from 209.62.87.157: bytes=32 time=810ms TTL=50 Reply from 209.62.87.157: bytes=32 time=1189ms TTL=50 Reply from 209.62.87.157: bytes=32 time=1039ms TTL=50 Ping statistics for 209.62.87.157: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 731ms, Maximum = 1189ms, Average = 942ms And yeah i told u i cant connect my wirless internet device in safemode....dono y.So i wasnt able to check if the browser works in safemode either.I did check on vista file integrity.They said there wernt any problems. I did try using fix.bat as u mentioned in the recent post.But still therez no hope. I just wanted to inform.....i had ""trojanDNS changer"" earlier,but i removed using malwarebytes antimalware.Could this be the reason y i cant connect to the browsers???And could u plz direct me hw to remove the files of Norton antivirus and kaspersky(used last yr).I currently use only bitdefender.
Hey gamester0 Sorry for the late reply, and I also apologize that I will be travelling soon and will not be able to continue to help you... will contact 2oldgeek to resume this thread if possible. As for your problem, it is a most frustrating one and will not have an easy solution as I see it... other people on the internet have not found solutions either, when I google your problem. All I can suggest right now is to find uninstallers for Kaspersky and Norton, and fully unistall all those products. They may be the source of the problems. Sorry for the inconvenience, and if you still need help when I return (one week later), feel free to private message me. Best Regards
