lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Possible Virus? - sdra64.exe Infection

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules


Register


Reply
Page 1 of 2 1 2
 
Thread Tools
  #1  
Old 29th Jul 2009, 09:26
Member Group
  
I had sdra64.exe infection, which I removed as suggested on several sites.
However, all is not well. Norton refuses to scan and each CD drive shows up twice.

Help please!
Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:08, on 29/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [OTFSDMS] C:\Program Files\AddinForUNCFAT\UNCFATDMS.exe /p
O4 - HKLM\..\Run: [EPGServiceTool] C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: L33TSig 2.lnk = C:\Program Files\L33TSig2\L33TSig2.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Collins Primary (CollinsPrimary) - Apache Software Foundation - C:\Program Files\Collins Education\Collins Primary\Apache\bin\apache.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9e211474e3cfc) (gupdate1c9e211474e3cfc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32\nvSCPAPISvr.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 8628 bytes
  #2  
Old 29th Jul 2009, 10:24
Member Group
  
Combofix Log:


ComboFix 09-07-28.06 - Michael 29/07/2009 17:51.1.4 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.3326.2755 [GMT 1:00]
Running from: c:\users\Michael\Desktop\Combo-Fix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
/wow section not completed

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_iprip


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
.

2009-07-29 16:08 . 2009-07-29 16:09 -------- d-----w- C:\SDFix
2009-07-29 15:41 . 2009-07-29 15:41 35 ----a-w- c:\users\Michael\AppData\Roaming\SetValue.bat
2009-07-29 15:29 . 2009-07-29 15:41 2330 ----a-w- c:\windows\system32\tmp.reg
2009-07-29 15:14 . 2009-07-29 15:39 -------- d-sh--w- c:\windows\system32\lowsec
2009-07-29 15:11 . 2009-07-29 16:16 117760 ----a-w- c:\users\Michael\AppData\Roaming\SUPERAntiSpyware. com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-29 15:10 . 2009-07-29 15:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-07-29 15:10 . 2009-07-29 15:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-29 15:10 . 2009-07-29 15:10 -------- d-----w- c:\users\Michael\AppData\Roaming\SUPERAntiSpyware. com
2009-07-29 15:02 . 2009-07-29 15:02 -------- d-----w- c:\program files\Trend Micro
2009-07-29 13:15 . 2009-07-29 13:15 -------- d-----w- c:\program files\Adobe Media Player
2009-07-29 12:58 . 2009-07-29 13:11 -------- d-----w- c:\users\Michael\AppData\Roaming\cspa
2009-07-29 10:52 . 2009-07-13 08:00 87888 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009072 8.067\NAVENG.SYS
2009-07-29 10:52 . 2009-07-13 08:00 875728 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009072 8.067\NAVEX15.SYS
2009-07-29 10:52 . 2009-05-30 08:52 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009072 8.067\EECTRL.SYS
2009-07-29 10:52 . 2009-05-30 08:52 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009072 8.067\ECMSVR32.DLL
2009-07-29 10:52 . 2009-05-30 08:52 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009072 8.067\CCERASER.DLL
2009-07-29 10:52 . 2009-05-30 08:52 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009072 8.067\NAVENG32.DLL
2009-07-29 10:52 . 2009-05-30 08:52 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009072 8.067\NAVEX32A.DLL
2009-07-29 10:52 . 2009-05-30 08:52 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009072 8.067\ERASER.SYS
2009-07-27 21:05 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722. 001\IDSXpx86.sys
2009-07-27 21:05 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722. 001\IDSvix86.sys
2009-07-27 21:05 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722. 001\Scxpx86.dll
2009-07-27 21:05 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722. 001\IDSxpx86.dll
2009-07-27 21:05 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722. 001\IDSviA64.sys
2009-07-26 10:13 . 2009-07-26 10:13 -------- d-----w- c:\programdata\Electronic Arts
2009-07-26 10:09 . 2008-09-05 00:22 447752 ----a-w- c:\windows\system32\vp6vfw.dll
2009-07-26 10:09 . 2009-07-26 10:09 10134 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Install er\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-07-26 10:09 . 2009-07-26 10:09 -------- d-----w- c:\program files\Microsoft WSE
2009-07-18 18:51 . 2009-07-18 18:51 -------- d-----w- c:\program files\ConvertHelper
2009-07-18 18:50 . 2009-07-20 20:06 -------- d-----w- c:\users\Michael\dwhelper
2009-07-18 16:32 . 2009-07-18 16:32 -------- d-----w- c:\program files\iPod
2009-07-18 16:32 . 2009-07-18 16:32 -------- d-----w- c:\program files\iTunes
2009-07-18 16:28 . 2009-07-18 16:28 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-17 17:52 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715. 003\IDSXpx86.sys
2009-07-17 17:52 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715. 003\Scxpx86.dll
2009-07-17 17:52 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715. 003\IDSvix86.sys
2009-07-17 17:52 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715. 003\IDSxpx86.dll
2009-07-17 17:52 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715. 003\IDSviA64.sys
2009-07-16 13:34 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-16 13:34 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-16 13:34 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-16 13:34 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-16 13:34 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 15:09 . 2009-07-14 15:09 108600 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-07-13 10:00 . 2009-07-13 10:00 -------- d-----w- c:\users\Andrew\AppData\Roaming\GARMIN
2009-07-13 09:58 . 2009-07-13 09:58 65536 ----a-r- c:\users\Andrew\AppData\Roaming\Microsoft\Installe r\{950B8BBC-0827-4206-9BE5-64AB7280428B}\i_read___Year_5.exe2_950B8BBC0827420 69BE564AB7280428B.exe
2009-07-13 09:58 . 2009-07-13 09:58 65536 ----a-r- c:\users\Andrew\AppData\Roaming\Microsoft\Installe r\{950B8BBC-0827-4206-9BE5-64AB7280428B}\i_read___Year_5.exe1_950B8BBC0827420 69BE564AB7280428B.exe
2009-07-13 09:58 . 2009-07-13 09:58 65536 ----a-r- c:\users\Andrew\AppData\Roaming\Microsoft\Installe r\{950B8BBC-0827-4206-9BE5-64AB7280428B}\i_read___Year_5.exe_950B8BBC08274206 9BE564AB7280428B.exe
2009-07-13 09:58 . 2009-07-13 09:58 25214 ----a-r- c:\users\Andrew\AppData\Roaming\Microsoft\Installe r\{950B8BBC-0827-4206-9BE5-64AB7280428B}\ARPPRODUCTICON.exe
2009-07-12 22:16 . 2009-07-12 22:16 -------- d-----w- c:\users\Andrew\1330.tmp
2009-07-12 22:00 . 2009-07-12 22:15 -------- d-----w- c:\users\Andrew\i-read - Year 5
2009-07-12 22:00 . 2009-07-12 22:04 -------- d--h--w- c:\users\Andrew\Zero G Registry
2009-07-12 22:00 . 2009-07-12 22:04 -------- d-----w- c:\users\Andrew\8702.tmp
2009-07-12 21:51 . 2009-07-14 19:23 737280 ----a-w- c:\windows\iun6002.exe
2009-07-12 21:22 . 2009-07-12 21:22 -------- d-----w- c:\windows\system32\Textease Updates
2009-07-12 21:16 . 2009-07-12 21:20 -------- d-----w- c:\program files\Textease
2009-07-12 21:16 . 2009-07-12 21:16 -------- d-----w- c:\programdata\Research Machines
2009-07-12 21:16 . 2009-07-12 21:16 -------- d-----w- c:\program files\directx
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID SXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID Svix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Sc xpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID Sxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID SviA64.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-29 17:14 . 2008-08-04 19:30 41082 ----a-w- c:\windows\system32\perfc00A.dat
2009-07-29 17:14 . 2008-08-04 19:30 108546 ----a-w- c:\windows\system32\perfh00A.dat
2009-07-29 16:20 . 2008-08-07 11:47 169936 ----a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\P rofiles\ayvs4mas.default\FlashGot.exe
2009-07-29 16:16 . 2008-09-01 11:50 1356 ----a-w- c:\users\Michael\AppData\Local\d3d9caps.dat
2009-07-29 16:01 . 2009-03-17 21:00 -------- d-----w- c:\program files\WinTV
2009-07-29 16:01 . 2008-08-04 17:16 -------- d-----w- c:\programdata\NVIDIA
2009-07-29 16:01 . 2009-07-19 13:05 32061 ----a-w- c:\programdata\nvModes.dat
2009-07-29 15:41 . 2009-07-29 15:41 691 ----a-w- c:\users\Michael\AppData\Roaming\GetValue.vbs
2009-07-29 15:09 . 2008-10-02 17:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-29 14:35 . 2008-08-09 09:29 -------- d-----w- c:\users\Michael\AppData\Roaming\LimeWire
2009-07-29 13:53 . 2009-06-02 19:39 -------- d-----w- c:\users\Michael\AppData\Roaming\vlc
2009-07-29 13:05 . 2008-08-06 17:32 -------- d-----w- c:\program files\MediaMonkey
2009-07-28 21:46 . 2009-05-31 20:40 -------- d-----w- c:\users\Michael\AppData\Roaming\Azureus
2009-07-28 21:46 . 2009-05-31 20:36 -------- d-----w- c:\program files\Vuze
2009-07-26 10:13 . 2008-10-02 17:47 -------- d-----w- c:\program files\Games
2009-07-26 10:00 . 2008-08-04 17:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 21:52 . 2009-07-29 13:17 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 13:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 13:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 13:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-20 20:59 . 2008-08-04 19:49 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-18 18:55 . 2008-08-08 11:01 -------- d-----w- c:\users\Michael\AppData\Roaming\Free Download Manager
2009-07-18 16:32 . 2008-08-12 09:44 -------- d-----w- c:\program files\Common Files\Apple
2009-07-18 15:25 . 2008-08-04 18:55 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-16 18:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-16 18:04 . 2008-08-04 18:07 -------- d-----w- c:\programdata\Microsoft Help
2009-07-14 19:23 . 2008-11-20 19:07 -------- d-----w- c:\program files\Collins
2009-07-14 15:09 . 2008-08-04 19:32 8224 ----a-w- c:\users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-12 21:48 . 2008-08-04 17:07 108600 ----a-w- c:\users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-12 21:40 . 2008-11-06 18:21 -------- d-----w- c:\program files\Softease
2009-07-06 20:46 . 2008-08-06 17:19 20 ---h--w- c:\programdata\PKP_DLec.DAT
2009-07-06 20:46 . 2008-08-06 17:15 20 ---h--w- c:\programdata\PKP_DLds.DAT
2009-06-28 18:28 . 2008-08-13 12:13 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2009-06-28 18:20 . 2008-08-13 12:15 20 ---h--w- c:\programdata\PKP_DLdw.DAT
2009-06-25 16:53 . 2009-03-28 14:40 -------- d-----w- c:\users\Michael\AppData\Roaming\uTorrent
2009-06-21 18:38 . 2008-11-23 16:28 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-21 18:38 . 2009-06-21 18:38 -------- d-----w- c:\program files\Java
2009-06-18 18:46 . 2009-06-18 18:45 -------- d-----w- c:\program files\ReNamer
2009-06-13 15:36 . 2008-10-11 13:18 -------- d-----w- c:\program files\SpeedFan
2009-06-13 15:21 . 2009-06-13 15:21 -------- d-----w- c:\programdata\McAfee
2009-06-12 13:49 . 2009-06-12 13:49 25214 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Install er\{27E9B845-5E9B-41CE-8C50-7F6BDC019308}\ARPPRODUCTICON.exe
2009-06-12 13:47 . 2009-06-12 13:47 -------- d-----w- c:\program files\Microsoft Math Add-in for Word 2007
2009-06-12 13:44 . 2009-06-12 13:40 -------- d-----w- c:\program files\USMT301
2009-06-12 13:40 . 2009-06-12 13:40 -------- d-----w- c:\program files\Microsoft Corporation
2009-06-12 13:40 . 2009-06-12 13:40 10134 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Install er\{45EA11B5-874D-480E-89B9-2545505BBE3E}\ARPPRODUCTICON.exe
2009-06-12 13:40 . 2009-06-12 13:40 -------- d-----w- c:\program files\OpenType Extension
2009-06-11 19:44 . 2009-06-11 19:44 -------- d-----w- c:\users\Michael\AppData\Roaming\BBCiPlayerDesktop .61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2009-06-11 19:44 . 2009-06-11 19:44 -------- d-----w- c:\program files\BBC iPlayer Desktop
2009-06-11 19:42 . 2009-06-11 19:42 -------- d-----w- c:\program files\BBC
2009-06-11 19:40 . 2009-06-11 19:39 -------- d-----w- c:\programdata\Kontiki
2009-06-10 07:35 . 2009-06-10 07:35 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-06-10 07:35 . 2009-06-10 07:35 1296928 ----a-w- c:\windows\system32\nvsvs.dll
2009-06-10 07:34 . 2009-06-10 07:34 3123744 ----a-w- c:\windows\system32\nvwss.dll
2009-06-10 07:34 . 2009-06-10 07:34 4045344 ----a-w- c:\windows\system32\nvvitvs.dll
2009-06-10 07:34 . 2009-06-10 07:34 4028960 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 07:34 . 2009-06-10 07:34 3516960 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 07:34 . 2009-06-10 07:34 211488 ----a-w- c:\windows\system32\nvvsvc.exe
2009-06-10 07:34 . 2009-06-10 07:34 195104 ----a-w- c:\windows\system32\nvmccss.dll
2009-06-10 07:34 . 2009-06-10 07:34 1288736 ----a-w- c:\windows\system32\nvmobls.dll
2009-06-10 07:34 . 2009-06-10 07:34 92704 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 07:34 . 2009-06-10 07:34 768544 ----a-w- c:\windows\system32\nvsvc.dll
2009-06-10 07:34 . 2009-06-10 07:34 143360 ----a-w- c:\windows\system32\nvshext.dll
2009-06-10 07:34 . 2009-06-10 07:34 13785632 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 05:33 . 2009-06-10 05:33 244736 ----a-w- c:\windows\system32\nvStInst.exe
2009-06-10 05:33 . 2009-06-10 05:33 467968 ----a-w- c:\windows\system32\nvstlink.exe
2009-06-10 05:33 . 2009-06-10 05:33 3953152 ----a-w- c:\windows\system32\nvstwiz.exe
2009-06-10 05:33 . 2009-06-10 05:33 141824 ----a-w- c:\windows\system32\nvStereoApiI.dll
2009-06-10 05:33 . 2009-06-10 05:33 171520 ----a-w- c:\windows\system32\nvStereoApiI64.dll
2009-06-10 05:33 . 2009-06-10 05:33 232960 ----a-w- c:\windows\system32\nvSCPAPISvr.exe
2009-06-10 05:32 . 2009-06-10 05:32 257536 ----a-w- c:\windows\system32\nvSCPAPI.dll
2009-06-10 05:32 . 2009-06-10 05:32 301568 ----a-w- c:\windows\system32\nvSCPAPI64.dll
2009-06-10 05:32 . 2009-06-10 05:32 3293184 ----a-w- c:\windows\system32\nvstres.dll
2009-06-10 05:32 . 2009-06-10 05:32 5847 ----a-w- c:\windows\system32\oglstreg.reg
2009-06-10 05:31 . 2009-06-10 05:31 167424 ----a-w- c:\windows\system32\nvstreg.exe
2009-06-10 05:31 . 2009-06-10 05:31 1718272 ----a-w- c:\windows\system32\nvsttest.exe
2009-06-10 05:31 . 2009-06-10 05:31 1034752 ----a-w- c:\windows\system32\nvstview.exe
2009-06-10 05:31 . 2009-06-10 05:31 89088 ----a-w- c:\windows\system32\nvimage.dll
2009-06-10 05:29 . 2009-06-10 05:29 1656 ----a-w- c:\windows\system32\nvstdef.reg
2009-06-10 05:03 . 2009-06-10 05:03 9899296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-06-10 05:03 . 2009-06-10 05:03 678432 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 05:03 . 2009-06-10 05:03 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 05:03 . 2009-06-10 05:03 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-06-10 05:03 . 2009-06-10 05:03 3148288 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-06-10 05:03 . 2009-06-10 05:03 1704960 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 05:03 . 2009-06-10 05:03 151552 ----a-w- c:\windows\system32\nvcod155.dll
2009-06-10 05:03 . 2009-06-10 05:03 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 05:03 . 2009-06-10 05:03 1317408 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 05:03 . 2009-06-10 05:03 10379264 ----a-w- c:\windows\system32\nvoglv32.dll
2009-06-10 05:03 . 2008-09-13 10:30 989696 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 05:03 . 2008-09-13 10:30 7611904 ----a-w- c:\windows\system32\nvd3dum.dll
2009-06-09 19:18 . 2009-06-09 19:18 -------- d-----w- c:\programdata\Trymedia
2009-06-07 12:14 . 2009-06-07 12:14 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-07 12:13 . 2009-06-07 12:13 -------- d-----w- c:\program files\eRightSoft
2009-06-07 11:24 . 2008-08-07 14:46 -------- d-----w- c:\program files\DivX
2009-06-07 11:23 . 2009-03-14 19:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-06 12:08 . 2006-11-02 12:35 -------- d-----w- c:\program files\Microsoft Games
2009-06-06 11:39 . 2008-09-17 20:39 -------- d-----w- c:\program files\QuickTime
2009-06-04 15:39 . 2008-08-04 17:14 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-04 10:06 . 2009-06-04 10:03 -------- d-----w- c:\users\Michael\AppData\Roaming\L33TSig2
2009-06-04 10:03 . 2009-06-04 10:03 -------- d-----w- c:\program files\L33TSig2
2009-07-18 14:45 . 2009-07-07 09:58 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 10:06 . 2009-06-07 12:13 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-06-07 12:13 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-06-07 12:13 216064 --sh--r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\NB HShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-08-08 10:28 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2009-01-06 117280]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"OTFSDMS"="c:\program files\AddinForUNCFAT\UNCFATDMS.exe" [2008-06-19 129024]
"EPGServiceTool"="c:\progra~1\WinTV\EPG Services\System\EPGClient.exe" [2008-05-15 688128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13785632]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-23 4423680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\Michael\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\
L33TSig 2.lnk - c:\program files\L33TSig2\L33TSig2.exe [2009-6-4 6476800]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2009-3-17 110647]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:F *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
backup=c:\windows\pss\Nikon Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=c:\windows\pss\NkbMonitor.exe.lnk.CommonSta rtup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Michael^AppData^Roam ing^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
backup=c:\windows\pss\Nikon Monitor.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):5c,ac,59,e3,f9,e1,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-281940041-3398336767-906908273-1000]
"EnableNotificationsRef"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-281940041-3398336767-906908273-1001]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{8975C1D4-F7D7-44E0-9EC5-3AD77592BC20}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C1F30CCF-0950-4B40-8528-8400BAB2756A}"= UDP:8507:BitComet 8507 TCP
"{4C9DC629-F64C-4847-BCD4-B3DA0A49248D}"= TCP:8507:BitComet 8507 UDP
"{B231B0E2-CC6A-4B81-866F-D3C1A16FB804}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{337B8348-6C45-49C8-8F59-B4210BBE03D0}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{FF430A4F-3453-4A20-9DEE-9F81B99F74BD}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{6A8AD8D1-198B-4791-B0C8-5CDC1028F5AD}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{E1750A48-6CC3-4C8B-9B6F-F572AE5BFBCB}"= UDP:16730:BitComet 16730 TCP
"{30A47A6D-E9B8-40F7-997D-65F88E633C46}"= TCP:16730:BitComet 16730 UDP
"{1FF3044C-4B50-450A-B926-D06AA15744FB}"= UDP:c:\program files\Sony\Media Manager for PSP\MediaManager.exe:Media Manager for PSP 3.0
"{AB40FB45-A3B7-4D5E-9A85-BE82F183F46A}"= TCP:c:\program files\Sony\Media Manager for PSP\MediaManager.exe:Media Manager for PSP 3.0
"{74B59296-40F5-4132-A904-A50E14387F6E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{85105336-34FF-43A0-873F-021707891C4B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EC779815-7E0F-4FF5-B76C-6B4C4E6D2709}"= UDP:5353:Adobe CSI CS4
"{BA992C13-7AF4-447B-B38B-9E979EAEF44A}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
"{7342329A-68E3-4371-9209-7D3AE122AF4A}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
"{06EBF954-FF29-4207-B27C-BA7DF7CE32A9}"= UDP:3703:Adobe Version Cue CS4 Server
"{B363D11D-0B63-4631-B2B9-7478A76E5FCF}"= UDP:3704:Adobe Version Cue CS4 Server
"{44FD9A32-AD70-47D8-A7AD-686FC7593F94}"= UDP:51000:Adobe Version Cue CS4 Server
"{4CB996AC-B1DA-45A8-A628-02914B0614ED}"= UDP:51001:Adobe Version Cue CS4 Server
"{03AA1029-3F49-4E7F-9B46-CE227E3F664B}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{AF226D1D-30D1-4741-86A0-0D547408BD5A}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{D7F6A1AF-A7E1-4CFE-A29A-C9653C5AADD7}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{E5DADD67-BE94-42B0-ADA8-1B4D6D1BB4E9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{2E9B6ED8-5DFD-4675-9C2E-732E29E31A9E}"= UDP:c:\program files\BitComet\BitComet.exe:BitComet.exe
"{33B73621-135A-4CEA-A824-61D74A6DC5A8}"= TCP:c:\program files\BitComet\BitComet.exe:BitComet.exe
"{09F94DA2-E9F1-450D-80D2-8C958B903F3B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1370F5CC-2320-4269-86E6-765473935ACA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Configurable\System]
"Rip-Listener-1"= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=ipri p:@iprip.dll,-200|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1005000 .087\SymEFA.sys [19/03/2009 18:54 310320]
S1 archlp;archlp;c:\windows\System32\drivers\archlp.s ys [29/11/2008 12:35 11392]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1005000.087 \BHDrvx86.sys [19/03/2009 18:54 258608]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1005000.0 87\cchpx86.sys [19/03/2009 18:54 482352]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722. 001\IDSvix86.sys [27/07/2009 22:05 293424]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\System32\drivers\nm3.sys [14/04/2009 12:30 33624]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/07/2009 10:53 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/07/2009 10:53 72944]
S2 CollinsPrimary;Collins Primary;c:\program files\Collins Education\Collins Primary\Apache\bin\Apache.exe [04/10/2007 13:57 20541]
S2 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [17/03/2009 23:27 437248]
S2 gupdate1c9e211474e3cfc;Google Update Service (gupdate1c9e211474e3cfc);c:\program files\Google\Update\GoogleUpdate.exe [31/05/2009 18:00 133104]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [08/08/2008 11:28 53032]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [19/03/2009 18:54 115560]
S2 OTFSDMS;UNCFAT DMS;c:\program files\AddinForUNCFAT\UNCFATDMS.exe [19/06/2008 15:09 129024]
S2 SBKUPNT;SBKUPNT;c:\windows\System32\drivers\SBKUPN T.SYS [15/03/2009 16:30 14976]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [10/06/2009 06:33 232960]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\l160x86.sys [27/04/2009 01:55 47104]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [08/06/2009 18:13 101936]
S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\Wi nTV\HCWTVS~1.EXE [17/03/2009 23:26 823296]
S3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\System32\drivers\hcw88bda.sys [17/03/2009 23:22 182400]
S3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\System32\drivers\hcw88rc5.sys [26/02/2009 00:09 12288]
S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\System32\drivers\hcw88tse.sys [26/02/2009 00:09 320512]
S3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\System32\drivers\hcw88vid.sys [26/02/2009 00:09 396032]
S3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\System32\drivers\MRVW24B.sys [19/03/2008 07:10 310016]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/07/2009 10:53 7408]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1005000.087 \symndisv.sys [19/03/2009 18:55 39984]
S3 wsvad_driver;Daniusoft Audio Device;c:\windows\System32\drivers\VirtualAudio.sy s [01/10/2008 19:52 20608]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 06:46 288112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder

2009-03-21 c:\windows\Tasks\!WinTV_00.job
- c:\progra~1\WinTV\Scheduler\StayAwake.exe [2009-03-17 14:04]

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 17:00]

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 17:00]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
HKLM-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\P rofiles\ayvs4mas.default\
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dl l
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_sett ing", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

************************************************** ************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

************************************************** ************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N orton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-281940041-3398336767-906908273-1001\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{D7C43CCF-EC1E-B9B3-C88F-67DF85B9A9D1}*]
"oadncalfijhocdlnlgfhpnhdepoacn"=hex:6b,61,63,6d,6 5,62,68,65,68,6a,65,6a,65,6b,
65,70,67,6e,6f,62,65,61,00,01
"nanmiiiemkjlllmkoaokcjoedgnf"=hex:6b,61,63,6d,65, 62,68,65,68,6a,65,6a,65,6b,
65,70,67,6e,6f,62,65,61,00,01

[HKEY_USERS\S-1-5-21-281940041-3398336767-906908273-1001\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"="0 0.0793 0.1683 0.3001 0.8485 0.9099 0.9133 "
"Increment"=".004484"
"FRT"="7znr15RLB5L6M+06R6Nc/6vLDVsJr38ubsATXWKuErGN8ayKUQKZnQ=="
"PLCK"="hNYNMx5f67gv8p0QHVGcM2nOvtZq+B3I"
"PHSH"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C 7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:34,ca,61,61,51,43,b4,c8,a0,bc,2b,c7, 50,51,60,e3,a1,fa,3b,3a,0e,
54,3f,d1,0c,c1,b9,53,78,67,43,0c,a3,b9,71,3a,e2,53 ,77,61,fc,04,3a,8e,6f,eb,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:34,ca,61,61,51,43,b4,c8,a0,bc,2b,c7, 50,51,60,e3,a1,fa,3b,3a,0e,
54,3f,d1,0c,c1,b9,53,78,67,43,0c,a3,b9,71,3a,e2,53 ,77,61,fc,04,3a,8e,6f,eb,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(444)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'Explorer.exe'(668)
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\wbem\unsecapp.exe
.
************************************************** ************************
.
Completion time: 2009-07-29 18:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-29 17:20

Pre-Run: 303,752,396,800 bytes free
Post-Run: 303,408,517,120 bytes free

462 --- E O F --- 2009-07-29 13:19
  #3  
Old 10th Aug 2009, 08:17
Member Group
  
Running ComboFix seems to ahve fixed everything, no antiviruses report any problems.
  #4  
Old 10th Aug 2009, 12:46
Malware Group
  
Combofix should not be run repetitively without guidance. Combofix is a specialist tool which in the wrong hands has the ability turn your machine into a doorstop.

Please re-run combofix but this time run it from normal operating mode not safe mode as your last logs shows.

Once done - press the Windows key & R to bring up the run dialogue - copy/paste the following in the requester box, then press Enter:

C:\QooBox\ComboFix-quarantined-files.txt

Post the contents of the logfile which will open

Repeat the process again with the following command

C:\Qoobox\Add-Remove Programs.txt

Post back with all three logs
__________________
Proud member of ASAP & UNITE
__________________

My System: Steves Rig

Processor(s):
AMD Athlon 64x2 6000+
Motherboard:
ASUS M3N78 Pro
RAM Memory:
Corsair 4GB Dual Channel
Graphics Card(s):
NVIDIA GeForce 8400 GS
Sound Card:
Onboard
Hard Drive(s):
640GB Western Digital HD
Optical Drive(s):
LG Lightscribe
Case / PSU:
Cooling:
Stock HSF
Network / Internet:
20Mb Virgin Media Broadband
Monitor(s):
Hanns-G 19" Widescreen
Operating System(s):
Vista Premium 64x
  #5  
Old 10th Aug 2009, 14:55
Member Group
  
Combofix Log:

ComboFix 09-08-10.01 - Michael 10/08/2009 22:21.2.4 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.3326.1517 [GMT 1:00]
Running from: c:\users\Michael\Desktop\Combo-Fix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

?
c:\users\Michael\AppData\Roaming\.#

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_hjgruipxsigwvx
-------\Service_hjgruipxsigwvx
-------\Service_iprip


((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-10 21:31 . 2009-08-10 21:36 -------- d-----w- c:\users\Michael\AppData\Local\temp
2009-08-10 21:31 . 2009-08-10 21:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\L ocal\temp
2009-08-10 21:31 . 2009-08-10 21:31 -------- d-----w- c:\users\Andrew\AppData\Local\temp
2009-08-10 21:06 . 2009-08-10 21:07 -------- d-----w- c:\program files\FileZilla FTP Client
2009-08-10 17:30 . 2008-04-07 05:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-08-10 16:12 . 2009-07-13 08:00 87888 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 0.003\NAVENG.SYS
2009-08-10 16:12 . 2009-07-13 08:00 875728 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 0.003\NAVEX15.SYS
2009-08-10 16:12 . 2009-05-30 08:52 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 0.003\EECTRL.SYS
2009-08-10 16:12 . 2009-05-30 08:52 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 0.003\ECMSVR32.DLL
2009-08-10 16:12 . 2009-05-30 08:52 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 0.003\CCERASER.DLL
2009-08-10 16:12 . 2009-05-30 08:52 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 0.003\NAVENG32.DLL
2009-08-10 16:12 . 2009-05-30 08:52 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 0.003\NAVEX32A.DLL
2009-08-10 16:12 . 2009-05-30 08:52 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 0.003\ERASER.SYS
2009-08-10 14:21 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730. 003\IDSXpx86.sys
2009-08-10 14:21 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730. 003\IDSvix86.sys
2009-08-10 14:21 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730. 003\Scxpx86.dll
2009-08-10 14:21 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730. 003\IDSxpx86.dll
2009-08-10 14:21 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730. 003\IDSviA64.sys
2009-07-30 20:15 . 2009-07-30 20:15 -------- d-----w- c:\program files\BBC iPlayer Desktop
2009-07-30 11:18 . 2009-07-30 11:18 -------- d-----w- c:\program files\LimeWire
2009-07-29 19:20 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-07-29 19:20 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-07-29 19:20 . 2006-04-02 12:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2009-07-29 19:20 . 2004-05-18 18:16 39936 ----a-w- c:\windows\system32\huffyuv.dll
2009-07-29 19:20 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-07-29 19:20 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-07-29 19:20 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-07-29 19:20 . 2009-08-10 18:56 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-29 15:41 . 2009-07-29 15:41 35 ----a-w- c:\users\Michael\AppData\Roaming\SetValue.bat
2009-07-29 15:29 . 2009-07-29 15:41 2330 ----a-w- c:\windows\system32\tmp.reg
2009-07-29 15:11 . 2009-07-29 16:16 117760 ----a-w- c:\users\Michael\AppData\Roaming\SUPERAntiSpyware. com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-29 15:10 . 2009-07-29 15:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-07-29 15:10 . 2009-07-29 15:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-29 15:10 . 2009-07-29 15:10 -------- d-----w- c:\users\Michael\AppData\Roaming\SUPERAntiSpyware. com
2009-07-29 15:02 . 2009-07-29 15:02 -------- d-----w- c:\program files\Trend Micro
2009-07-29 13:15 . 2009-07-29 13:15 -------- d-----w- c:\program files\Adobe Media Player
2009-07-29 12:58 . 2009-08-10 21:07 -------- d-----w- c:\users\Michael\AppData\Roaming\cspa
2009-07-27 21:05 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722. 001\IDSXpx86.sys
2009-07-27 21:05 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722. 001\IDSvix86.sys
2009-07-27 21:05 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722. 001\Scxpx86.dll
2009-07-27 21:05 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722. 001\IDSxpx86.dll
2009-07-27 21:05 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722. 001\IDSviA64.sys
2009-07-26 10:13 . 2009-07-26 10:13 -------- d-----w- c:\programdata\Electronic Arts
2009-07-26 10:09 . 2004-12-10 08:03 438272 ----a-w- c:\windows\system32\vp6vfw.dll
2009-07-26 10:09 . 2009-07-26 10:09 10134 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Install er\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-07-26 10:09 . 2009-07-26 10:09 -------- d-----w- c:\program files\Microsoft WSE
2009-07-18 18:51 . 2009-07-18 18:51 -------- d-----w- c:\program files\ConvertHelper
2009-07-18 18:50 . 2009-07-20 20:06 -------- d-----w- c:\users\Michael\dwhelper
2009-07-18 16:32 . 2009-07-18 16:32 -------- d-----w- c:\program files\iPod
2009-07-18 16:32 . 2009-07-18 16:32 -------- d-----w- c:\program files\iTunes
2009-07-18 16:28 . 2009-07-18 16:28 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-16 13:34 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-16 13:34 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-16 13:34 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-16 13:34 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-16 13:34 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 15:09 . 2009-07-14 15:09 108600 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-07-13 10:00 . 2009-07-13 10:00 -------- d-----w- c:\users\Andrew\AppData\Roaming\GARMIN
2009-07-13 09:58 . 2009-07-13 09:58 65536 ----a-r- c:\users\Andrew\AppData\Roaming\Microsoft\Installe r\{950B8BBC-0827-4206-9BE5-64AB7280428B}\i_read___Year_5.exe2_950B8BBC0827420 69BE564AB7280428B.exe
2009-07-13 09:58 . 2009-07-13 09:58 65536 ----a-r- c:\users\Andrew\AppData\Roaming\Microsoft\Installe r\{950B8BBC-0827-4206-9BE5-64AB7280428B}\i_read___Year_5.exe1_950B8BBC0827420 69BE564AB7280428B.exe
2009-07-13 09:58 . 2009-07-13 09:58 65536 ----a-r- c:\users\Andrew\AppData\Roaming\Microsoft\Installe r\{950B8BBC-0827-4206-9BE5-64AB7280428B}\i_read___Year_5.exe_950B8BBC08274206 9BE564AB7280428B.exe
2009-07-13 09:58 . 2009-07-13 09:58 25214 ----a-r- c:\users\Andrew\AppData\Roaming\Microsoft\Installe r\{950B8BBC-0827-4206-9BE5-64AB7280428B}\ARPPRODUCTICON.exe
2009-07-12 22:16 . 2009-07-12 22:16 -------- d-----w- c:\users\Andrew\1330.tmp
2009-07-12 22:00 . 2009-07-12 22:15 -------- d-----w- c:\users\Andrew\i-read - Year 5
2009-07-12 22:00 . 2009-07-12 22:04 -------- d--h--w- c:\users\Andrew\Zero G Registry
2009-07-12 22:00 . 2009-07-12 22:04 -------- d-----w- c:\users\Andrew\8702.tmp
2009-07-12 21:51 . 2009-07-14 19:23 737280 ----a-w- c:\windows\iun6002.exe
2009-07-12 21:22 . 2009-07-12 21:22 -------- d-----w- c:\windows\system32\Textease Updates
2009-07-12 21:16 . 2009-07-12 21:20 -------- d-----w- c:\program files\Textease
2009-07-12 21:16 . 2009-07-12 21:16 -------- d-----w- c:\programdata\Research Machines
2009-07-12 21:16 . 2009-07-12 21:16 -------- d-----w- c:\program files\directx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-08-10 21:34 . 2009-03-17 21:00 -------- d-----w- c:\program files\WinTV
2009-08-10 21:34 . 2008-08-04 17:16 -------- d-----w- c:\programdata\NVIDIA
2009-08-10 21:34 . 2009-07-19 13:05 48381 ----a-w- c:\programdata\nvModes.dat
2009-08-10 21:33 . 2008-08-06 17:15 -------- d-----w- c:\program files\7-Zip
2009-08-10 21:33 . 2008-08-04 18:55 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-10 19:02 . 2009-01-30 21:17 -------- d-----w- c:\programdata\WinZip
2009-08-10 18:57 . 2008-08-07 11:47 169936 ----a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\P rofiles\ayvs4mas.default\FlashGot.exe
2009-08-10 18:53 . 2009-06-21 18:38 -------- d-----w- c:\program files\Java
2009-08-10 15:58 . 2008-08-13 12:15 20 ---h--w- c:\programdata\PKP_DLdw.DAT
2009-08-10 15:13 . 2008-08-04 19:30 41872 ----a-w- c:\windows\system32\perfc00A.dat
2009-08-10 15:13 . 2008-08-04 19:30 109706 ----a-w- c:\windows\system32\perfh00A.dat
2009-08-10 14:11 . 2008-08-08 11:01 -------- d-----w- c:\users\Michael\AppData\Roaming\Free Download Manager
2009-07-30 20:23 . 2009-02-22 15:57 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-30 20:23 . 2009-06-11 19:42 38208 ----a-w- c:\users\Michael\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-07-30 11:21 . 2008-08-09 09:29 -------- d-----w- c:\users\Michael\AppData\Roaming\LimeWire
2009-07-29 16:16 . 2008-09-01 11:50 1356 ----a-w- c:\users\Michael\AppData\Local\d3d9caps.dat
2009-07-29 15:41 . 2009-07-29 15:41 691 ----a-w- c:\users\Michael\AppData\Roaming\GetValue.vbs
2009-07-29 15:09 . 2008-10-02 17:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-29 13:05 . 2008-08-06 17:32 -------- d-----w- c:\program files\MediaMonkey
2009-07-28 21:46 . 2009-05-31 20:40 -------- d-----w- c:\users\Michael\AppData\Roaming\Azureus
2009-07-28 21:46 . 2009-05-31 20:36 -------- d-----w- c:\program files\Vuze
2009-07-26 10:13 . 2008-10-02 17:47 -------- d-----w- c:\program files\Games
2009-07-26 10:00 . 2008-08-04 17:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-25 04:23 . 2008-11-23 16:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-29 13:17 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 13:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 13:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 13:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-20 20:59 . 2008-08-04 19:49 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-18 16:32 . 2008-08-12 09:44 -------- d-----w- c:\program files\Common Files\Apple
2009-07-16 18:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-16 18:04 . 2008-08-04 18:07 -------- d-----w- c:\programdata\Microsoft Help
2009-07-14 19:23 . 2008-11-20 19:07 -------- d-----w- c:\program files\Collins
2009-07-14 15:09 . 2008-08-04 19:32 8224 ----a-w- c:\users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-12 21:48 . 2008-08-04 17:07 108600 ----a-w- c:\users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-12 21:40 . 2008-11-06 18:21 -------- d-----w- c:\program files\Softease
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID SXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID Svix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Sc xpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID Sxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID SviA64.sys
2009-07-06 20:46 . 2008-08-06 17:19 20 ---h--w- c:\programdata\PKP_DLec.DAT
2009-07-06 20:46 . 2008-08-06 17:15 20 ---h--w- c:\programdata\PKP_DLds.DAT
2009-06-28 18:28 . 2008-08-13 12:13 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2009-06-25 16:53 . 2009-03-28 14:40 -------- d-----w- c:\users\Michael\AppData\Roaming\uTorrent
2009-06-18 18:46 . 2009-06-18 18:45 -------- d-----w- c:\program files\ReNamer
2009-06-13 15:36 . 2008-10-11 13:18 -------- d-----w- c:\program files\SpeedFan
2009-06-13 15:21 . 2009-06-13 15:21 -------- d-----w- c:\programdata\McAfee
2009-06-12 13:49 . 2009-06-12 13:49 25214 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Install er\{27E9B845-5E9B-41CE-8C50-7F6BDC019308}\ARPPRODUCTICON.exe
2009-06-12 13:47 . 2009-06-12 13:47 -------- d-----w- c:\program files\Microsoft Math Add-in for Word 2007
2009-06-12 13:44 . 2009-06-12 13:40 -------- d-----w- c:\program files\USMT301
2009-06-12 13:40 . 2009-06-12 13:40 -------- d-----w- c:\program files\Microsoft Corporation
2009-06-12 13:40 . 2009-06-12 13:40 10134 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Install er\{45EA11B5-874D-480E-89B9-2545505BBE3E}\ARPPRODUCTICON.exe
2009-06-12 13:40 . 2009-06-12 13:40 -------- d-----w- c:\program files\OpenType Extension
2009-06-10 07:35 . 2009-06-10 07:35 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-06-10 07:35 . 2009-06-10 07:35 1296928 ----a-w- c:\windows\system32\nvsvs.dll
2009-06-10 07:34 . 2009-06-10 07:34 3123744 ----a-w- c:\windows\system32\nvwss.dll
2009-06-10 07:34 . 2009-06-10 07:34 4045344 ----a-w- c:\windows\system32\nvvitvs.dll
2009-06-10 07:34 . 2009-06-10 07:34 4028960 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 07:34 . 2009-06-10 07:34 3516960 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 07:34 . 2009-06-10 07:34 211488 ----a-w- c:\windows\system32\nvvsvc.exe
2009-06-10 07:34 . 2009-06-10 07:34 195104 ----a-w- c:\windows\system32\nvmccss.dll
2009-06-10 07:34 . 2009-06-10 07:34 1288736 ----a-w- c:\windows\system32\nvmobls.dll
2009-06-10 07:34 . 2009-06-10 07:34 92704 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 07:34 . 2009-06-10 07:34 768544 ----a-w- c:\windows\system32\nvsvc.dll
2009-06-10 07:34 . 2009-06-10 07:34 143360 ----a-w- c:\windows\system32\nvshext.dll
2009-06-10 07:34 . 2009-06-10 07:34 13785632 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 05:33 . 2009-06-10 05:33 244736 ----a-w- c:\windows\system32\nvStInst.exe
2009-06-10 05:33 . 2009-06-10 05:33 467968 ----a-w- c:\windows\system32\nvstlink.exe
2009-06-10 05:33 . 2009-06-10 05:33 3953152 ----a-w- c:\windows\system32\nvstwiz.exe
2009-06-10 05:33 . 2009-06-10 05:33 141824 ----a-w- c:\windows\system32\nvStereoApiI.dll
2009-06-10 05:33 . 2009-06-10 05:33 171520 ----a-w- c:\windows\system32\nvStereoApiI64.dll
2009-06-10 05:33 . 2009-06-10 05:33 232960 ----a-w- c:\windows\system32\nvSCPAPISvr.exe
2009-06-10 05:32 . 2009-06-10 05:32 257536 ----a-w- c:\windows\system32\nvSCPAPI.dll
2009-06-10 05:32 . 2009-06-10 05:32 301568 ----a-w- c:\windows\system32\nvSCPAPI64.dll
2009-06-10 05:32 . 2009-06-10 05:32 3293184 ----a-w- c:\windows\system32\nvstres.dll
2009-06-10 05:32 . 2009-06-10 05:32 5847 ----a-w- c:\windows\system32\oglstreg.reg
2009-06-10 05:31 . 2009-06-10 05:31 167424 ----a-w- c:\windows\system32\nvstreg.exe
2009-06-10 05:31 . 2009-06-10 05:31 1718272 ----a-w- c:\windows\system32\nvsttest.exe
2009-06-10 05:31 . 2009-06-10 05:31 1034752 ----a-w- c:\windows\system32\nvstview.exe
2009-06-10 05:31 . 2009-06-10 05:31 89088 ----a-w- c:\windows\system32\nvimage.dll
2009-06-10 05:29 . 2009-06-10 05:29 1656 ----a-w- c:\windows\system32\nvstdef.reg
2009-06-10 05:03 . 2009-06-10 05:03 9899296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-06-10 05:03 . 2009-06-10 05:03 678432 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 05:03 . 2009-06-10 05:03 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 05:03 . 2009-06-10 05:03 3148288 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-06-10 05:03 . 2009-06-10 05:03 1704960 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 05:03 . 2009-06-10 05:03 151552 ----a-w- c:\windows\system32\nvcod155.dll
2009-06-10 05:03 . 2009-06-10 05:03 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 05:03 . 2009-06-10 05:03 1317408 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 05:03 . 2009-06-10 05:03 10379264 ----a-w- c:\windows\system32\nvoglv32.dll
2009-06-10 05:03 . 2008-09-13 10:30 989696 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 05:03 . 2008-09-13 10:30 7611904 ----a-w- c:\windows\system32\nvd3dum.dll
2009-06-04 15:39 . 2008-08-04 17:14 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-05-31 13:59 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-31 13:39 . 2006-11-02 12:35 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 10:06 . 2009-06-07 12:13 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-06-07 12:13 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-06-07 12:13 216064 --sh--r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\NB HShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-08-08 10:28 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2009-01-06 117280]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"OTFSDMS"="c:\program files\AddinForUNCFAT\UNCFATDMS.exe" [2008-06-19 129024]
"EPGServiceTool"="c:\progra~1\WinTV\EPG Services\System\EPGClient.exe" [2008-05-15 688128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13785632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-23 4423680]

c:\users\Michael\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\
L33TSig 2.lnk - c:\program files\L33TSig2\L33TSig2.exe [2009-6-4 6476800]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2009-3-17 110647]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:F *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
backup=c:\windows\pss\Nikon Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=c:\windows\pss\NkbMonitor.exe.lnk.CommonSta rtup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Michael^AppData^Roam ing^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
backup=c:\windows\pss\Nikon Monitor.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):5c,ac,59,e3,f9,e1,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-281940041-3398336767-906908273-1000]
"EnableNotificationsRef"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-281940041-3398336767-906908273-1001]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{8975C1D4-F7D7-44E0-9EC5-3AD77592BC20}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C1F30CCF-0950-4B40-8528-8400BAB2756A}"= UDP:8507:BitComet 8507 TCP
"{4C9DC629-F64C-4847-BCD4-B3DA0A49248D}"= TCP:8507:BitComet 8507 UDP
"{B231B0E2-CC6A-4B81-866F-D3C1A16FB804}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{337B8348-6C45-49C8-8F59-B4210BBE03D0}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{FF430A4F-3453-4A20-9DEE-9F81B99F74BD}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{6A8AD8D1-198B-4791-B0C8-5CDC1028F5AD}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{E1750A48-6CC3-4C8B-9B6F-F572AE5BFBCB}"= UDP:16730:BitComet 16730 TCP
"{30A47A6D-E9B8-40F7-997D-65F88E633C46}"= TCP:16730:BitComet 16730 UDP
"{1FF3044C-4B50-450A-B926-D06AA15744FB}"= UDP:c:\program files\Sony\Media Manager for PSP\MediaManager.exe:Media Manager for PSP 3.0
"{AB40FB45-A3B7-4D5E-9A85-BE82F183F46A}"= TCP:c:\program files\Sony\Media Manager for PSP\MediaManager.exe:Media Manager for PSP 3.0
"{74B59296-40F5-4132-A904-A50E14387F6E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{85105336-34FF-43A0-873F-021707891C4B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EC779815-7E0F-4FF5-B76C-6B4C4E6D2709}"= UDP:5353:Adobe CSI CS4
"{BA992C13-7AF4-447B-B38B-9E979EAEF44A}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
"{7342329A-68E3-4371-9209-7D3AE122AF4A}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
"{06EBF954-FF29-4207-B27C-BA7DF7CE32A9}"= UDP:3703:Adobe Version Cue CS4 Server
"{B363D11D-0B63-4631-B2B9-7478A76E5FCF}"= UDP:3704:Adobe Version Cue CS4 Server
"{44FD9A32-AD70-47D8-A7AD-686FC7593F94}"= UDP:51000:Adobe Version Cue CS4 Server
"{4CB996AC-B1DA-45A8-A628-02914B0614ED}"= UDP:51001:Adobe Version Cue CS4 Server
"{03AA1029-3F49-4E7F-9B46-CE227E3F664B}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{AF226D1D-30D1-4741-86A0-0D547408BD5A}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{D7F6A1AF-A7E1-4CFE-A29A-C9653C5AADD7}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{E5DADD67-BE94-42B0-ADA8-1B4D6D1BB4E9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{2E9B6ED8-5DFD-4675-9C2E-732E29E31A9E}"= UDP:c:\program files\BitComet\BitComet.exe:BitComet.exe
"{33B73621-135A-4CEA-A824-61D74A6DC5A8}"= TCP:c:\program files\BitComet\BitComet.exe:BitComet.exe
"{09F94DA2-E9F1-450D-80D2-8C958B903F3B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1370F5CC-2320-4269-86E6-765473935ACA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Configurable\System]
"Rip-Listener-1"= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=ipri p:@iprip.dll,-200|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1005000 .087\SymEFA.sys [19/03/2009 18:54 310320]
R1 archlp;archlp;c:\windows\System32\drivers\archlp.s ys [29/11/2008 12:35 11392]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1005000.087 \BHDrvx86.sys [19/03/2009 18:54 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1005000.0 87\cchpx86.sys [19/03/2009 18:54 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730. 003\IDSvix86.sys [10/08/2009 15:21 293424]
R1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\System32\drivers\nm3.sys [14/04/2009 12:30 33624]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/07/2009 10:53 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/07/2009 10:53 72944]
R2 CollinsPrimary;Collins Primary;c:\program files\Collins Education\Collins Primary\Apache\bin\Apache.exe [04/10/2007 13:57 20541]
R2 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [17/03/2009 23:27 437248]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [08/08/2008 11:28 53032]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [19/03/2009 18:54 115560]
R2 OTFSDMS;UNCFAT DMS;c:\program files\AddinForUNCFAT\UNCFATDMS.exe [19/06/2008 15:09 129024]
R2 SBKUPNT;SBKUPNT;c:\windows\System32\drivers\SBKUPN T.SYS [15/03/2009 16:30 14976]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [10/06/2009 06:33 232960]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\l160x86.sys [27/04/2009 01:55 47104]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [08/06/2009 18:13 101936]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\System32\drivers\hcw88bda.sys [17/03/2009 23:22 182400]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\System32\drivers\hcw88rc5.sys [26/02/2009 00:09 12288]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\System32\drivers\hcw88tse.sys [26/02/2009 00:09 320512]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\System32\drivers\hcw88vid.sys [26/02/2009 00:09 396032]
R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\System32\drivers\MRVW24B.sys [19/03/2008 07:10 310016]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1005000.087 \symndisv.sys [19/03/2009 18:55 39984]
R3 wsvad_driver;Daniusoft Audio Device;c:\windows\System32\drivers\VirtualAudio.sy s [01/10/2008 19:52 20608]
S2 gupdate1c9e211474e3cfc;Google Update Service (gupdate1c9e211474e3cfc);c:\program files\Google\Update\GoogleUpdate.exe [31/05/2009 18:00 133104]
S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\Wi nTV\HCWTVS~1.EXE [17/03/2009 23:26 823296]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/07/2009 10:53 7408]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 06:46 288112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder

2009-03-21 c:\windows\Tasks\!WinTV_00.job
- c:\progra~1\WinTV\Scheduler\StayAwake.exe [2009-03-17 14:04]

2009-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 17:00]

2009-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 17:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\P rofiles\ayvs4mas.default\
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dl l
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_sett ing", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 22:35
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\N orton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-281940041-3398336767-906908273-1001\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{D7C43CCF-EC1E-B9B3-C88F-67DF85B9A9D1}*]
"oadncalfijhocdlnlgfhpnhdepoacn"=hex:6b,61,63,6d,6 5,62,68,65,68,6a,65,6a,65,6b,
65,70,67,6e,6f,62,65,61,00,01
"nanmiiiemkjlllmkoaokcjoedgnf"=hex:6b,61,63,6d,65, 62,68,65,68,6a,65,6a,65,6b,
65,70,67,6e,6f,62,65,61,00,01

[HKEY_USERS\S-1-5-21-281940041-3398336767-906908273-1001\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"="0 0.0793 0.1683 0.3001 0.8485 0.9099 0.9133 "
"Increment"=".004484"
"FRT"="7znr15RLB5L6M+06R6Nc/6vLDVsJr38ubsATXWKuErGN8ayKUQKZnQ=="
"PLCK"="hNYNMx5f67gv8p0QHVGcM2nOvtZq+B3I"
"PHSH"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUt il10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C 7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:34,ca,61,61,51,43,b4,c8,a0,bc,2b,c7, 50,51,60,e3,a1,fa,3b,3a,0e,
54,3f,d1,0c,c1,b9,53,78,67,43,0c,a3,b9,71,3a,e2,53 ,77,61,fc,04,3a,8e,6f,eb,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:34,ca,61,61,51,43,b4,c8,a0,bc,2b,c7, 50,51,60,e3,a1,fa,3b,3a,0e,
54,3f,d1,0c,c1,b9,53,78,67,43,0c,a3,b9,71,3a,e2,53 ,77,61,fc,04,3a,8e,6f,eb,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'Explorer.exe'(4668)
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\System32\IoctlSvc.exe
c:\windows\System32\TCPSVCS.EXE
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
c:\program files\WinTV\EPG Services\System\EPGClient.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\ehome\ehsched.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehrecvr.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
************************************************** ************************
.
Completion time: 2009-08-10 22:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-10 21:48

Pre-Run: 290,501,869,568 bytes free
Post-Run: 290,388,037,632 bytes free

502 --- E O F --- 2009-08-10 14:40


Quarantined Files:

2009-08-10 21:30:00 . 2009-08-10 21:30:00 4,092 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ipri p.reg.dat
2009-08-10 21:30:00 . 2009-08-10 21:30:00 524 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_hjgru ipxsigwvx.reg.dat
2009-08-10 21:29:37 . 2009-08-10 21:29:37 21,933 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-08-10 21:21:13 . 2009-08-10 21:30:00 2,624 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_hjgr uipxsigwvx.reg.dat
2009-08-10 21:20:17 . 2009-08-10 21:20:17 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
  #6  
Old 10th Aug 2009, 14:57
Member Group
  
Add/Remove Programs:

08243 in BR Blue livery (Yellow bufferbeams)
2007 Microsoft Office Suite Service Pack 2 (SP2)
37407 Loch Long" in Large logo livery
47238 in filthy Railfreight Distribution livery
47547 in Network SouthEast livery
7-Zip 4.65
AAC Decoder
AceIt v1.3.1
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.1.3 - CPSID_49522
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.1.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11.5
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
aerosoft's - Cambrian Route 1.0
aerosoft's - London Brighton Express
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaConverter 2.5
ArcSoft ShowBiz DVD 2
ArcSoft TotalMedia Extreme
µTorrent
Attansic Ethernet Utility
Attansic L1 Gigabit Ethernet Driver
AusLogics Disk Defrag
AutoUpdate
BBC iPlayer Desktop
BitComet 1.11
Bonjour
BP Liveried TEA Tankers
British Rail Set Version 5 - Complete Version
BRSet V5.1 - Upgrade Pack
cblite
Choice Guard
Class 159 Network SouthEast
Class 455 - SWT (Stage Coach) Livery
Class_50_Content_Update
Collins Primary (remove only)
Connect
ConvertHelper 2.2
DAEMON Tools Toolbar
Daniusoft Media Converter(Build 2.0.26.0)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DriverAgent Plugin for Netscape by TouchStone Software
EA Download Manager
East Coast Express Part 1
East Coast Express Part 2
eMule
Euro Loco Pack
Eusing Free Registry Cleaner
File Uploader
FileZilla Client 3.2.6.1
FlightGear v1.9.1
FLV Player 2.0 (build 25)
Free Download Manager 3.0
FreeMind
GameSpy Comrade
Garmin MapSource
GNER MK3 Coaches
Go Software
Google Earth
Google Update Helper
Great British Diesel Locomotives
Great British Steam Locomotives
Great Eastern
H.264 Decoder
Hauppauge Signal Monitor Utility
Hauppauge Software MPEG-2 Decoder Installer
Hauppauge WinTV
Hauppauge WinTV 7
Hauppauge WinTV DVB-T EPG Service
Hauppauge WinTV Infrared Remote
Hauppauge WinTV Scheduler
Hauppauge WinTV TV Services
Hertford Loop
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
i-read - Year 5
i-read - Year 6
ieSpell
Install Creator
InterVideo FilterSDK for Hauppauge
iriver plus 3 (remove only)
IsoBuster 2.5
iTunes
Java(TM) 6 Update 15
Junk E-mail Reporting Tool
Just Trains Severn Valley Railway v1.00
K-Lite Codec Pack 5.0.5 (Full)
KC Softwares SUMo
kuler
L33TSig 2 for Windows
Leeds Loop
LimeWire PRO 5.2.8
LiveUpdate (Symantec Corporation)
London and South East v1.2
London Brighton Express 1.1 Update
MapSource
MapSource - Trip & Waypoint Manager v2
MediaMonkey 3.1
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 Language Pack SP1 - esn
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Captions Language Interface Pack
Microsoft Math Add-in for Word 2007
Microsoft Network Monitor 3.3
Microsoft Network Monitor: Microsoft Parsers 3.3
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint 2007 Get Started Tab
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio IFilter 2003
Microsoft Office Word 2007 Get Started Tab
Microsoft Office Word MUI (English) 2007
Microsoft OpenType Font File Properties Extension
Microsoft Outlook Personal Folders Backup
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Train Simulator
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft WSE 3.0 Runtime
MKV Splitter
MobileMe Control Panel
Mozilla Firefox (3.5.2)
MSTS Patch 1.8.0521 EN
MSTSBin Screens & Widgets 0.1
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Mult-e-Maths Toolbox
Nero 8
neroxml
Nikon Message Center
Nikon RAW Codec
Nikon Transfer
Norton Internet Security
novaPDF Pro v5 (novaPDF Professional Desktop 5.5 printer)
NSE Class 365 AC EMU
NVIDIA Drivers
NVIDIA Performance
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA System Monitor
NVIDIA System Update
NWE_V2.1_Patch#1
OpenAL
Paint.NET v3.36
Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn
PC-Rail Carlisle
PC-Rail System Files
PDF Settings CS4
Personal License Update Wizard for Windows Media Player
Photoshop Camera Raw
Picture Control Utility
PictureProject
Pixel Bender Toolkit
PlayStation(R)Network Downloader
PlayStation(R)Store
PTC ProDESKTOP 2000i2
QuickTime
Realtek High Definition Audio Driver
ReNamer
Route_Riter v7.1.12
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Ship Simulator 2008
SimSig Bristol V2.125.0.686
SimSig Drain V2.112
SimSig Gloucester V2.125.3.55
SimSig King's Cross V2.111
SimSig North London Line V2.102
SimSig Peterborough V2.102
SimSig Royston V2.102
SimSig Sheffield V2.132.2.995
SimSig Trent V2.132.3.8121
SimSig V2.103
SimSig V2.121
SimSig Westbury V2.101
SmartFTP Client 3.0 Setup Files (remove only)
Softease Applications
Sony Media Manager for PSP 3.0
Southern Region
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9
Suite Shared Configuration CS4
SUPER © Version 2009.bld.35 (Jan 5, 2009)
SUPERAntiSpyware Free Edition
SyncToy 2.0 (x86)
System Requirements Lab
Testbase Key Stage 2 English
Testbase Key Stage 2 Mathematics
Testbase Key Stage 2 Science
Textease 6
Textease Resources
Textease Updates
TGATool2A version 4.00.34
The Sims™ 3
The Swanage Railway 1.0
Total Video Converter 3.02
Train Store V3.2
TTA Tanker
Ultimate Extras sounds from Microsoft® Tinker™
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb971933)
USB Video/Audio Driver
User State Migration Tools version 3.0.1
VC80CRTRedist - 8.0.50727.762
ViewNX
Virtual French KS2
Virtual History 2 v1.0
Virtual World v1.0
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
VLC media player 1.0.1
Vuze
Warmonger
West Coast Express
Windows Desktop Search: Add-in for Files on Microsoft Networks
Windows Desktop Search: Add-in for Outlook saved mail (.msg file) indexing
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows Sound Schemes
WinZip 12.1
Yenka
  #7  
Old 11th Aug 2009, 09:05
Malware Group
  
Hi there

P2P - I see you have P2P software ( Limewire/BitComet/µTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here, here and here.

I would strongly recommend that you uninstall them. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Go here to run an online scannner from ESET.
Note: -> You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is uncheckmarked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish,
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic, update me on how things are running now
__________________
Proud member of ASAP & UNITE
  #8  
Old 11th Aug 2009, 09:40
Member Group
  
I'm currently unable to access the ESET site, Internet Explorer times out trying to connect to it. I suspect the problem is my end somewhere rather than at their end. other sites work OK, so no matter.

Since I ran ComboFix, everything has been fine. To my untrained eye it looks like this time, when it was run from normal windows, it just removed some orphaned registry entries associated with the sdra64.exe infection.
I've also run SUPER and Norton after ComboFix - unfortunately I no longer have the logs - but neither scan found anything.
  #9  
Old 11th Aug 2009, 10:33
Malware Group
  
Its strange why it will not connect, lets just try a panda scan and see if you have any luck there....

Perform an online scan with Panda ActiveScan
  • Click on Scan Your PC Now
  • A "pop up" window will appear, or a new tab will open.
  • Click on Register
  • Choose the option you like most, but we recommend the Free Registration.
  • Click on Register
  • Enter your e-mail address, and create a password.
  • Select "I do not want to receive any type of information". (unless you want to receive such information)
  • Click on Send
  • Confirm registration, and continue by entering your user name and password, then click on Enter
  • Select Full Scan, then Click on Scan Now
  • Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
  • If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
  • Please ignore the offer to buy the program. Click on Export To
  • Export the log and save it to your desktop.
  • Please post the contents of that log to your reply.

* Turn off the real time scanner of any existing antivirus program while performing the online scan.

Avast users note:

Please do continue with the online scan at Panda if you receive an alert. It is a false positive from Avast because Panda Antivirus does not encrypt its virus database.
__________________
Proud member of ASAP & UNITE
  #10  
Old 11th Aug 2009, 13:53
Member Group
  
My wireless internet just doesn't seem to be stable enough to run an online scanner..the connection drops for a few seconds which is just enough to trip the scanner up.

Anyway, I've run SUPER again and it's clear. I feel it's safe to assume that the infection has gone.....thank you for all the help.
Reply
Page 1 of 2 1 2

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.