sdra64.exe question

E machine / 1810-01
December 3, 2009 at 15:14:58
Specs: Windows Vista, 2GB
''sdra64.exe'' I've researched this file and it came up as a virus. But it is not doing anything, and when I first turned on my computer it said if I wanted to run this program, I chose not to. I know where this file is located. So, if I just delete it will that make me safe from what it can do?

See More: sdra64.exe question

Report •


#1
December 3, 2009 at 16:48:00
You probably have more than just that file infecting the computer, this should remove that particular file and maybe a few more:

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


Report •

#2
December 4, 2009 at 11:17:34
this is what came up

exeHelper by Raktor
Build 20091204
Run at 11:17:32 on 12/04/09
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


Report •

#3
December 4, 2009 at 11:23:37
These scans will check for rootkits and let us look for bad files normally associated with sdra64.exe

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.

Please post the contents of both logs (in separate post) in your next reply. May take 3 or 4 post to get all of it to us.

Download Gmer.exe from the following link.

Link1

1. Disconnect from the Internet and close all running programs.
2. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
3. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
4. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
5. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
6. If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
7. Now click the Scan button. If you see a rootkit warning window, click OK.
8. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
9. Click the Copy button and paste the results into your next reply.
•Exit GMER and re-enable all active protection when done.


Report •

Related Solutions

#4
December 4, 2009 at 17:59:17
info.txt logfile of random's system information tool 1.06 2009-12-04 17:55:53

======Uninstall list======

-->"C:\Program Files\eMachines Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\eMachines Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files\eMachines Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\eMachines Games\Dream Chronicles 2\Uninstall.exe"
-->"C:\Program Files\eMachines Games\eMachines Game Console\Uninstall.exe"
-->"C:\Program Files\eMachines Games\FATE\Uninstall.exe"
-->"C:\Program Files\eMachines Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\eMachines Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\eMachines Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files\eMachines Games\The Price is Right\Uninstall.exe"
-->"C:\Program Files\eMachines Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->"C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Agere Systems PCI-SV92PP Soft Modem-->agrsmdel
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
CyberLink LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
CyberLink Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
eMachines Games-->"C:\Program Files\eMachines Games\Uninstall.exe"
eMachines Recovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0009 -removeonly
GamersFirst LIVE!-->"C:\Program Files\GamersFirst\LIVE!\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
LiveUpdate BVRP Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
LSI PCI-SV92PP Soft Modem-->C:\Windows\agrsmdel
Magic Video Converter Trial Version (English) 8.0.3.18-->"C:\Program Files\Magic Video Converter\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{67E03279-F703-408F-B4BF-46B5FC8D70CD}
mobile PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
Motorola Driver Installation 3.2.0-->MsiExec.exe /I{D6A1E429-CCE1-4140-A615-710B806D12BA}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nero 7 Ultra Edition-->MsiExec.exe /I{FC98FBE9-E931-494C-8717-497185371033}
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.7.2.11\InstStub.exe /X
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
System Requirements Lab-->MsiExec.exe /I{1E99F5D7-4262-4C7C-9135-F066E7485811}
TVUPlayer 2.3.5.4-->C:\Program Files\TVUPlayer\uninst.exe
Ultra Mobile 3GP Video Converter 3.0.4.0421b-->"C:\Program Files\Ultra Mobile 3GP Video Converter\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
USB File Transfer 1.11A-->C:\Windows\IsUninst.exe -f"C:\Program Files\Genesys Logic\USB File Transfer 1.11A\Uninst.isu" -c"C:\Program Files\Genesys Logic\USB File Transfer 1.11A\uninst.dll"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Watchtower Library 2008 - Español-->C:\Program Files\Watchtower\Watchtower Library 2008\S\uninst.exe
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Movie Maker-->MsiExec.exe /X{3D5044A5-97B8-45C0-B956-BB2376569188}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
WinRAR-->"C:\Windows\WinRAR\uninstall.exe" "/U:C:\Program Files\WinRAR\Uninstall\uninstall.xml"

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Guevara
Event Code: 4374
Message: Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-ar-sa-MiniLP(Feature Pack) is not applicable for this system
Record Number: 15780
Source Name: Microsoft-Windows-Servicing
Time Written: 20091008233857.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Guevara
Event Code: 4374
Message: Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-ja-JP-MiniLP(Feature Pack) is not applicable for this system
Record Number: 15779
Source Name: Microsoft-Windows-Servicing
Time Written: 20091008233857.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Guevara
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 15714
Source Name: Microsoft-Windows-Time-Service
Time Written: 20091008232222.000000-000
Event Type: Warning
User:

Computer Name: Guevara
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 15710
Source Name: Microsoft-Windows-Time-Service
Time Written: 20091008232221.000000-000
Event Type: Warning
User:

Computer Name: Guevara
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 15689
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20091008232212.231517-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Guevara
Event Code: 33
Message: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 911
Source Name: SideBySide
Time Written: 20091008233103.000000-000
Event Type: Error
User:

Computer Name: Guevara
Event Code: 33
Message: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 910
Source Name: SideBySide
Time Written: 20091008233102.000000-000
Event Type: Error
User:

Computer Name: Guevara
Event Code: 33
Message: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 909
Source Name: SideBySide
Time Written: 20091008233102.000000-000
Event Type: Error
User:

Computer Name: Guevara
Event Code: 33
Message: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 908
Source Name: SideBySide
Time Written: 20091008233102.000000-000
Event Type: Error
User:

Computer Name: Guevara
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 876
Source Name: Microsoft-Windows-Search
Time Written: 20091008232224.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: Guevara
Event Code: 4647
Message: User initiated logoff:

Subject:
Security ID: S-1-5-21-1928137526-2370664554-2826360868-500
Account Name: Administrator
Account Domain: WIN-13KDKW4HSYW
Logon ID: 0x33f9d

This event is generated when a logoff is initiated but the token reference count is not zero and the logon session cannot be destroyed. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 1237
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090429120911.577600-000
Event Type: Audit Success
User:

Computer Name: WIN-13KDKW4HSYW
Event Code: 1108
Message: The event logging service encountered an error while processing an incoming event published from Microsoft-Windows-Security-Auditing.
Record Number: 1236
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090429120908.551200-000
Event Type: Audit Success
User:

Computer Name: WIN-13KDKW4HSYW
Event Code: 1108
Message: The event logging service encountered an error while processing an incoming event published from Microsoft-Windows-Security-Auditing.
Record Number: 1235
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090429120908.551200-000
Event Type: Audit Success
User:

Computer Name: WIN-13KDKW4HSYW
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 1234
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090429120908.005200-000
Event Type: Audit Success
User:

Computer Name: WIN-13KDKW4HSYW
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-1928137526-2370664554-2826360868-500
Account Name: Administrator
Domain Name: WIN-13KDKW4HSYW
Logon ID: 0x33f9d
Record Number: 1233
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090429120812.630604-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=1601
"NUMBER_OF_PROCESSORS"=1
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


Report •

#5
December 4, 2009 at 18:01:38
Logfile of random's system information tool 1.06 (written by random/random)
Run by DJJ at 2009-12-04 17:54:31
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 69 GB (50%) free of 139 GB
Total RAM: 1791 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:49 PM, on 12/4/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\DJJ\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\DJJ\Desktop\RSIT.exe
C:\Program Files\trend micro\DJJ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.a...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.a...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.a...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\DJJ\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\DJJ\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [userinit] C:\Users\DJJ\AppData\Roaming\sdra64.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messe...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8201 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1928137526-2370664554-2826360868-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1928137526-2370664554-2826360868-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{EDB01123-9D8F-4F57-AC0E-1BE7A75B1304}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll [2009-08-25 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL [2009-08-25 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll [2009-08-25 378736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-23 6183456]
"eRecoveryService"= []
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-17 13580832]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-17 92704]
"Skytel"=C:\Windows\Skytel.exe [2008-07-23 1826816]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"BitTorrent DNA"=C:\Users\DJJ\Program Files\DNA\btdna.exe [2009-11-10 323392]
"Google Update"=C:\Users\DJJ\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-21 135664]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"userinit"=C:\Users\DJJ\AppData\Roaming\sdra64.exe []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-01-15 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2009-07-26 180224]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
GamersFirst LIVE!.lnk - C:\Program Files\GamersFirst\LIVE!\Live.exe

C:\Users\DJJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=
"NoFolderOptions"=
"NoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13f3fc7f-34b4-11de-8ba7-806e6f6e6963}]
shell\AutoRun\command - RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorun.exe
shell\OpEn\command - RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49a6fe5e-b59b-11de-a6aa-0025111dcdd7}]
shell\AutoRun\command - RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorun.exe
shell\OpEn\command - RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb6f5647-b67d-11de-8650-0025111dcdd7}]
shell\AutoRun\command - K:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorun.exe
shell\OpEn\command - K:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc0e860b-b460-11de-a4bb-0025111dcdd7}]
shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-12-04 17:54:37 ----D---- C:\Program Files\trend micro
2009-12-04 17:54:31 ----D---- C:\rsit
2009-12-04 13:12:37 ----A---- C:\Windows\system32\lsdelete.exe
2009-12-03 23:52:18 ----D---- C:\Program Files\Common Files\Motorola Shared
2009-12-03 21:24:24 ----A---- C:\Windows\NeroDigital.ini
2009-12-03 20:37:59 ----A---- C:\DBS.TXT
2009-12-03 20:36:58 ----D---- C:\Program Files\LiveUpdate
2009-12-03 20:35:34 ----D---- C:\ProgramData\BVRP Software
2009-12-03 20:35:34 ----D---- C:\Program Files\mobile PhoneTools
2009-12-03 20:18:33 ----D---- C:\Users\DJJ\AppData\Roaming\Ahead
2009-12-03 20:15:51 ----D---- C:\ProgramData\Nero
2009-12-03 20:15:49 ----D---- C:\Program Files\Nero
2009-12-03 20:15:49 ----D---- C:\Program Files\Common Files\Ahead
2009-12-03 20:13:43 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-12-03 20:13:42 ----A---- C:\Windows\system32\d3dx9_28.dll
2009-12-03 11:59:54 ----HDC---- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-03 11:58:13 ----D---- C:\ProgramData\Lavasoft
2009-12-03 11:58:13 ----D---- C:\Program Files\Lavasoft
2009-12-02 22:25:39 ----SHD---- C:\Users\DJJ\AppData\Roaming\lowsec
2009-11-30 22:17:17 ----D---- C:\Users\DJJ\AppData\Roaming\LimeWire
2009-11-30 14:16:54 ----D---- C:\Program Files\Genesys Logic
2009-11-30 14:16:44 ----A---- C:\Windows\IsUninst.exe
2009-11-26 09:21:27 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 07:53:03 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 07:53:01 ----A---- C:\Windows\system32\msxml3.dll
2009-11-23 23:03:57 ----D---- C:\Program Files\QuickTime
2009-11-17 18:42:49 ----D---- C:\ProgramData\FLEXnet
2009-11-17 18:24:41 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-11-17 16:15:32 ----D---- C:\Program Files\PowerISO
2009-11-13 03:41:13 ----A---- C:\Windows\system32\wups2.dll
2009-11-13 03:41:13 ----A---- C:\Windows\system32\wucltux.dll
2009-11-13 03:41:13 ----A---- C:\Windows\system32\wuaueng.dll
2009-11-13 03:41:13 ----A---- C:\Windows\system32\wuauclt.exe
2009-11-13 03:40:49 ----A---- C:\Windows\system32\wups.dll
2009-11-13 03:40:49 ----A---- C:\Windows\system32\wudriver.dll
2009-11-13 03:40:48 ----A---- C:\Windows\system32\wuapi.dll
2009-11-13 03:40:32 ----A---- C:\Windows\system32\wuwebv.dll
2009-11-13 03:40:32 ----A---- C:\Windows\system32\wuapp.exe
2009-11-10 16:17:25 ----A---- C:\Windows\system32\d3dx10_35.dll
2009-11-10 16:17:25 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2009-11-10 16:17:18 ----A---- C:\Windows\system32\d3dx9_35.dll
2009-11-10 16:17:16 ----A---- C:\Windows\system32\xinput1_3.dll
2009-11-10 14:45:12 ----D---- C:\Users\DJJ\AppData\Roaming\DNA
2009-11-10 14:45:12 ----D---- C:\Program Files\DNA
2009-11-10 14:45:00 ----D---- C:\Program Files\GamersFirst
2009-11-10 13:37:11 ----A---- C:\Windows\system32\WSDApi.dll
2009-11-09 14:14:51 ----A---- C:\Windows\system32\javaws.exe
2009-11-09 14:14:51 ----A---- C:\Windows\system32\javaw.exe
2009-11-09 14:14:51 ----A---- C:\Windows\system32\java.exe
2009-11-07 11:16:49 ----D---- C:\Program Files\Windows Portable Devices
2009-11-07 11:09:51 ----A---- C:\Windows\system32\UIAnimation.dll
2009-11-07 11:09:46 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-11-07 11:09:46 ----A---- C:\Windows\system32\UIRibbon.dll
2009-11-07 11:09:05 ----A---- C:\Windows\system32\WMPhoto.dll
2009-11-07 11:09:04 ----A---- C:\Windows\system32\cdd.dll
2009-11-07 11:09:02 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-11-07 11:09:02 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-11-07 11:09:02 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-11-07 11:09:02 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-11-07 11:09:02 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-11-07 11:09:02 ----A---- C:\Windows\system32\dxdiagn.dll
2009-11-07 11:09:02 ----A---- C:\Windows\system32\d3d10warp.dll
2009-11-07 11:09:02 ----A---- C:\Windows\system32\d2d1.dll
2009-11-07 11:09:01 ----A---- C:\Windows\system32\xpsservices.dll
2009-11-07 11:09:01 ----A---- C:\Windows\system32\XpsPrint.dll
2009-11-07 11:09:01 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-11-07 11:09:01 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-11-07 11:09:01 ----A---- C:\Windows\system32\OpcServices.dll
2009-11-07 11:09:01 ----A---- C:\Windows\system32\FntCache.dll
2009-11-07 11:09:01 ----A---- C:\Windows\system32\dxgi.dll
2009-11-07 11:09:01 ----A---- C:\Windows\system32\dxdiag.exe
2009-11-07 11:09:01 ----A---- C:\Windows\system32\DWrite.dll
2009-11-07 11:09:01 ----A---- C:\Windows\system32\d3d11.dll
2009-11-07 11:09:01 ----A---- C:\Windows\system32\d3d10level9.dll
2009-11-07 11:09:01 ----A---- C:\Windows\system32\d3d10core.dll
2009-11-07 11:09:01 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-11-07 11:09:00 ----A---- C:\Windows\system32\d3d10_1.dll
2009-11-07 11:09:00 ----A---- C:\Windows\system32\d3d10.dll
2009-11-07 11:08:17 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-11-07 11:08:17 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-11-07 11:08:17 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-11-07 11:08:13 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-11-07 11:08:10 ----A---- C:\Windows\system32\wpdshext.dll
2009-11-07 11:08:09 ----A---- C:\Windows\system32\WPDSp.dll
2009-11-07 11:08:09 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-11-07 11:08:09 ----A---- C:\Windows\system32\wpd_ci.dll
2009-11-07 11:08:09 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-11-07 11:08:09 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-11-07 11:08:09 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-11-07 11:08:09 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-11-07 11:06:37 ----A---- C:\Windows\system32\oleaccrc.dll
2009-11-07 11:06:34 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-11-07 11:06:34 ----A---- C:\Windows\system32\oleacc.dll

======List of files/folders modified in the last 1 months======

2009-12-04 17:55:29 ----D---- C:\Windows\Temp
2009-12-04 17:54:37 ----RD---- C:\Program Files
2009-12-04 17:42:21 ----SHD---- C:\System Volume Information
2009-12-04 15:55:05 ----D---- C:\Windows\System32
2009-12-04 15:55:05 ----D---- C:\Windows\inf
2009-12-04 15:55:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-04 15:52:04 ----D---- C:\Windows\system32\Tasks
2009-12-04 07:11:55 ----D---- C:\Windows
2009-12-03 23:55:05 ----SHD---- C:\Windows\Installer
2009-12-03 23:54:04 ----D---- C:\Windows\system32\drivers
2009-12-03 23:54:00 ----D---- C:\Windows\system32\catroot
2009-12-03 23:52:18 ----D---- C:\Program Files\Common Files
2009-12-03 20:46:25 ----D---- C:\Windows\ModemLogs
2009-12-03 20:36:58 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-03 20:35:34 ----HD---- C:\ProgramData
2009-12-03 20:18:37 ----D---- C:\Windows\Prefetch
2009-12-03 20:13:38 ----D---- C:\Windows\system32\catroot2
2009-12-03 12:02:03 ----DC---- C:\Windows\system32\DRVSTORE
2009-12-03 11:58:05 ----D---- C:\Windows\winsxs
2009-12-03 11:18:43 ----D---- C:\ProgramData\Adobe
2009-12-02 14:30:09 ----D---- C:\Program Files\Common Files\Adobe
2009-12-02 14:29:52 ----D---- C:\Program Files\Adobe
2009-11-29 11:00:54 ----D---- C:\Users\DJJ\AppData\Roaming\uTorrent
2009-11-26 12:06:26 ----D---- C:\Windows\system32\WDI
2009-11-26 09:58:17 ----D---- C:\Windows\rescache
2009-11-26 09:38:33 ----D---- C:\Windows\system32\en-US
2009-11-23 14:51:09 ----RSD---- C:\Windows\Fonts
2009-11-22 12:21:58 ----D---- C:\Users\DJJ\AppData\Roaming\Adobe
2009-11-21 22:14:14 ----SD---- C:\Users\DJJ\AppData\Roaming\Microsoft
2009-11-21 12:14:23 ----D---- C:\Windows\Tasks
2009-11-14 20:01:39 ----SD---- C:\Windows\Downloaded Program Files
2009-11-11 12:42:03 ----D---- C:\Windows\system32\LogFiles
2009-11-11 06:22:34 ----D---- C:\Program Files\Windows Mail
2009-11-10 23:27:09 ----D---- C:\ProgramData\Microsoft Help
2009-11-10 16:15:59 ----D---- C:\Windows\Logs
2009-11-09 14:14:48 ----D---- C:\Program Files\Java
2009-11-09 14:10:41 ----D---- C:\Program Files\Messenger Plus! Live
2009-11-07 11:22:51 ----D---- C:\Program Files\Mozilla Firefox
2009-11-07 11:16:49 ----D---- C:\Windows\system32\wbem
2009-11-07 11:16:47 ----D---- C:\Windows\system32\zh-TW
2009-11-07 11:16:47 ----D---- C:\Windows\system32\zh-HK
2009-11-07 11:16:47 ----D---- C:\Windows\system32\zh-CN
2009-11-07 11:16:47 ----D---- C:\Windows\system32\uk-UA
2009-11-07 11:16:47 ----D---- C:\Windows\system32\tr-TR
2009-11-07 11:16:47 ----D---- C:\Windows\system32\th-TH
2009-11-07 11:16:47 ----D---- C:\Windows\system32\sv-SE
2009-11-07 11:16:47 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-07 11:16:47 ----D---- C:\Windows\system32\sl-SI
2009-11-07 11:16:47 ----D---- C:\Windows\system32\sk-SK
2009-11-07 11:16:47 ----D---- C:\Windows\system32\ru-RU
2009-11-07 11:16:47 ----D---- C:\Windows\system32\ro-RO
2009-11-07 11:16:47 ----D---- C:\Windows\system32\pt-PT
2009-11-07 11:16:47 ----D---- C:\Windows\system32\pt-BR
2009-11-07 11:16:47 ----D---- C:\Windows\system32\pl-PL
2009-11-07 11:16:47 ----D---- C:\Windows\system32\nl-NL
2009-11-07 11:16:47 ----D---- C:\Windows\system32\nb-NO
2009-11-07 11:16:47 ----D---- C:\Windows\system32\lv-LV
2009-11-07 11:16:47 ----D---- C:\Windows\system32\lt-LT
2009-11-07 11:16:47 ----D---- C:\Windows\system32\ko-KR
2009-11-07 11:16:47 ----D---- C:\Windows\system32\ja-JP
2009-11-07 11:16:47 ----D---- C:\Windows\system32\it-IT
2009-11-07 11:16:47 ----D---- C:\Windows\system32\hu-HU
2009-11-07 11:16:47 ----D---- C:\Windows\system32\hr-HR
2009-11-07 11:16:47 ----D---- C:\Windows\system32\he-IL
2009-11-07 11:16:47 ----D---- C:\Windows\system32\fr-FR
2009-11-07 11:16:47 ----D---- C:\Windows\system32\fi-FI
2009-11-07 11:16:47 ----D---- C:\Windows\system32\et-EE
2009-11-07 11:16:47 ----D---- C:\Windows\system32\es-ES
2009-11-07 11:16:47 ----D---- C:\Windows\system32\el-GR
2009-11-07 11:16:47 ----D---- C:\Windows\system32\de-DE
2009-11-07 11:16:47 ----D---- C:\Windows\system32\da-DK
2009-11-07 11:16:47 ----D---- C:\Windows\system32\cs-CZ
2009-11-07 11:16:47 ----D---- C:\Windows\system32\bg-BG
2009-11-07 11:16:47 ----D---- C:\Windows\system32\ar-SA
2009-11-05 09:36:21 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys [2009-08-25 259632]
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NIS\1007020.00B\ccHPx86.sys [2009-10-09 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-10-08 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091111.001\IDSvix86.sys [2009-10-28 343088]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-07-26 58908]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1007020.00B\SRTSPX.SYS [2009-08-25 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-08-25 25648]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS [2009-08-25 217136]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-06-11 15392]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-08-13 1163328]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-10-08 102448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-23 2152344]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091204.006\NAVENG.SYS [2009-10-08 84912]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091204.006\NAVEX15.SYS [2009-10-08 1323568]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-17 7379872]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-08-13 122368]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1007020.00B\SRTSP.SYS [2009-08-25 308272]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-10-09 124976]
R3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1007020.00B\SYMFW.SYS [2009-08-25 89904]
R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS [2009-08-25 48688]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S2 USBHSB;GeneLink File Transfer Driver; C:\Windows\System32\Drivers\usbhsb.sys [2001-12-17 18690]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 MotDev;Motorola Inc. USB Device; C:\Windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 SYMDNS;SYMDNS; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS []
S3 SYMREDRV;SYMREDRV; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-07-22 12800]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ETService;Empowering Technology Service; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-06-11 24576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-12-03 1184912]
R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [2009-08-25 117640]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-17 196608]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-13 272024]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-17 654848]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 GameConsoleService;GameConsoleService; C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------


Report •

#6
December 4, 2009 at 18:34:39
GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-04 18:35:26
Windows 6.0.6002 Service Pack 2
Running: h3xkybqp.exe; Driver: C:\Users\DJJ\AppData\Local\Temp\ufldqpob.sys


---- System - GMER 1.0.15 ----

SSDT 861792A8 ZwAlertResumeThread
SSDT 86179388 ZwAlertThread
SSDT 86179BB8 ZwAllocateVirtualMemory
SSDT 861F8320 ZwAlpcConnectPort
SSDT 86193130 ZwAssignProcessToJobObject
SSDT 86193AA8 ZwCreateMutant
SSDT 86CF0E38 ZwCreateSymbolicLinkObject
SSDT 8630B5E0 ZwCreateThread
SSDT 86193210 ZwDebugActiveProcess
SSDT 86179D10 ZwDuplicateObject
SSDT 861799D8 ZwFreeVirtualMemory
SSDT 86193CC0 ZwImpersonateAnonymousToken
SSDT 86179020 ZwImpersonateThread
SSDT 861FE008 ZwLoadDriver
SSDT 861798D8 ZwMapViewOfSection
SSDT 861939C8 ZwOpenEvent
SSDT 86179EB0 ZwOpenProcess
SSDT 86712EF8 ZwOpenProcessToken
SSDT 86193438 ZwOpenSection
SSDT 86179DE0 ZwOpenThread
SSDT 86193040 ZwProtectVirtualMemory
SSDT 86A29960 ZwResumeThread
SSDT 86179628 ZwSetContextThread
SSDT 86179708 ZwSetInformationProcess
SSDT 861932F0 ZwSetSystemInformation
SSDT 861938E8 ZwSuspendProcess
SSDT 86179468 ZwSuspendThread
SSDT 8681B6B0 ZwTerminateProcess
SSDT 86179548 ZwTerminateThread
SSDT 861797F8 ZwUnmapViewOfSection
SSDT 86179AC8 ZwWriteVirtualMemory
SSDT 86CF0F28 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 81EE8860 8 Bytes [A8, 92, 17, 86, 88, 93, 17, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 81EE8874 4 Bytes [B8, 9B, 17, 86]
.text ntkrnlpa.exe!KeSetEvent + 13D 81EE8880 4 Bytes [20, 83, 1F, 86]
.text ntkrnlpa.exe!KeSetEvent + 191 81EE88D4 4 Bytes [30, 31, 19, 86]
.text ntkrnlpa.exe!KeSetEvent + 1F5 81EE8938 4 Bytes [A8, 3A, 19, 86]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8B40D320, 0x3DE2A7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] kernel32.dll!FindResourceExA 75B72575 7 Bytes JMP 28001D90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] kernel32.dll!FindResourceA 75B72653 5 Bytes JMP 28001D00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] kernel32.dll!CreateEventA 75B944C0 5 Bytes JMP 28001850 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] kernel32.dll!LockResource 75B968DF 5 Bytes JMP 28001F60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] kernel32.dll!FindResourceExW 75B969FD 7 Bytes JMP 28001C70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] kernel32.dll!LoadResource 75B96ADB 7 Bytes JMP 28001E30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] kernel32.dll!FindResourceW 75B97FA1 5 Bytes JMP 28001BF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] kernel32.dll!SizeofResource 75B97FBF 7 Bytes JMP 28001EF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] ADVAPI32.dll!CryptDeriveKey 76E1FCAE 7 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] ADVAPI32.dll!CryptDecrypt 76E1FE91 7 Bytes JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] USER32.dll!CreateDialogParamW 76D772A2 5 Bytes JMP 28006110 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] USER32.dll!SetWindowPlacement 76D77963 5 Bytes JMP 28005E90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] USER32.dll!SetWindowRgn 76D7A221 7 Bytes JMP 28005FD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] USER32.dll!LoadImageW 76D7C9E5 5 Bytes JMP 28006760 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] USER32.dll!LoadIconW 76D7DA9F 5 Bytes JMP 28006950 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] USER32.dll!CreateWindowExW 76D81305 5 Bytes JMP 28003CE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] USER32.dll!GetWindowLongW 76D8F8BF 7 Bytes JMP 28006AF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] USER32.dll!PeekMessageW 76D9045A 5 Bytes JMP 280046B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] USER32.dll!TrackPopupMenuEx 76DA0CE7 5 Bytes JMP 28004F90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] USER32.dll!MessageBoxIndirectW 76DCD5D3 5 Bytes JMP 28006300 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] WS2_32.dll!closesocket 7751330C 5 Bytes JMP 2800B860 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] WS2_32.dll!recv 7751343A 5 Bytes JMP 2800B080 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] WS2_32.dll!WSASend 77514496 5 Bytes JMP 2800B620 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] WS2_32.dll!send 7751659B 5 Bytes JMP 2800B440 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] WS2_32.dll!WSARecv 77518400 5 Bytes JMP 2800B220 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] SHELL32.dll!Shell_NotifyIconW 76228626 5 Bytes JMP 28003430 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] ole32.dll!CoRegisterClassObject 75C57DB6 5 Bytes JMP 28002370 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] ole32.dll!CoCreateInstance 75C99EA6 5 Bytes JMP 28002610 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] ole32.dll!CoInitializeEx 75C9AD63 5 Bytes JMP 28002270 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] WININET.dll!InternetReadFile 760F654B 5 Bytes JMP 2800A0E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] WININET.dll!InternetCloseHandle 760F9088 5 Bytes JMP 2800A290 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] WININET.dll!HttpOpenRequestA 760FD508 5 Bytes JMP 28009F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1176] WININET.dll!HttpSendRequestA 7610EE89 5 Bytes JMP 2800A1C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures@User_Feed_Synchronization-{EDB01123-9D8F-4F57-AC0E-1BE7A75B1304}.job.fp 809437744

---- EOF - GMER 1.0.15 ----


Report •

#7
December 4, 2009 at 23:00:28

Remember..your Nortons antivirus, Windows Defender, and Ad-Aware must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#8
December 9, 2009 at 10:02:13
ComboFix 09-12-08.07 - DJJ 12/09/2009 8:52.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1791.840 [GMT -8:00]
Running from: c:\users\DJJ\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1928137526-2370664554-2826360868-500
c:\$recycle.bin\S-1-5-21-2443369096-1077973674-3521406336-500
c:\users\DJJ\AppData\Roaming\sdra64.exe
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-09 to 2009-12-09 )))))))))))))))))))))))))))))))
.

2009-12-09 17:04 . 2009-12-09 17:04 -------- d-----w- c:\users\DJJ\AppData\Local\temp
2009-12-09 04:43 . 2009-12-09 04:44 -------- d-----w- c:\windows\LastGood.Tmp
2009-12-09 02:06 . 2009-11-03 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 02:06 . 2009-11-03 19:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 02:06 . 2009-11-03 21:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 02:04 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 02:04 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 01:53 . 2009-12-09 01:54 -------- d-----w- c:\program files\ESET
2009-12-07 23:24 . 2009-12-07 23:24 -------- d-----w- c:\users\DJJ\AppData\Local\BVRP Software
2009-12-07 23:19 . 2009-12-07 23:20 -------- d-----w- c:\program files\Motorola Phone Tools
2009-12-07 23:19 . 2009-12-07 23:19 -------- d-----w- c:\programdata\BVRP Software
2009-12-07 23:18 . 2009-12-07 23:18 -------- d-----w- c:\users\DJJ\AppData\Roaming\InstallShield
2009-12-05 01:54 . 2009-12-05 01:55 -------- d-----w- c:\program files\trend micro
2009-12-05 01:54 . 2009-12-05 01:55 -------- d-----w- C:\rsit
2009-12-04 21:12 . 2009-12-03 20:01 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-04 07:52 . 2009-12-04 07:52 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-12-04 04:25 . 2009-12-04 05:23 -------- d-----w- c:\users\DJJ\AppData\Local\Ahead
2009-12-04 04:18 . 2009-12-07 20:01 -------- d-----w- c:\users\DJJ\AppData\Roaming\Ahead
2009-12-04 04:15 . 2009-12-04 04:15 -------- d-----w- c:\programdata\Nero
2009-12-04 04:15 . 2009-12-04 04:17 -------- d-----w- c:\program files\Common Files\Ahead
2009-12-04 04:15 . 2009-12-04 04:15 -------- d-----w- c:\program files\Nero
2009-12-03 20:02 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-03 20:00 . 2009-12-03 20:00 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-03 19:59 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-03 19:59 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-03 19:59 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-03 19:59 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-03 19:59 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-03 19:59 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-03 19:59 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-03 19:59 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-03 19:59 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\Application Data\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-03 19:59 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-03 19:59 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-03 19:58 . 2009-12-03 20:02 -------- d-----w- c:\programdata\Lavasoft
2009-12-03 19:58 . 2009-12-03 19:58 -------- d-----w- c:\program files\Lavasoft
2009-12-03 06:25 . 2009-12-09 06:28 -------- d-sh--w- c:\users\DJJ\AppData\Roaming\lowsec
2009-12-01 06:19 . 2009-12-01 18:51 -------- d-----w- c:\users\DJJ\Incomplete
2009-12-01 06:17 . 2009-12-01 18:54 -------- d-----w- c:\users\DJJ\AppData\Roaming\LimeWire
2009-11-30 22:16 . 2009-11-30 22:16 -------- d-----w- c:\program files\Genesys Logic
2009-11-30 22:16 . 1998-10-30 00:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-11-26 17:21 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 15:53 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 15:53 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 07:03 . 2009-11-24 07:04 -------- d-----w- c:\program files\QuickTime
2009-11-20 00:35 . 2008-01-21 02:32 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2009-11-18 18:42 . 2009-11-18 18:42 -------- d-----w- c:\users\DJJ\AppData\Local\Installer5564
2009-11-18 18:31 . 2009-11-18 18:31 -------- d-----w- c:\users\DJJ\AppData\Local\Installer5260
2009-11-18 02:42 . 2009-11-18 02:42 -------- d-----w- c:\programdata\FLEXnet
2009-11-18 02:24 . 2009-11-18 02:24 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-11-18 00:15 . 2009-11-18 00:15 -------- d-----w- c:\program files\PowerISO
2009-11-16 17:06 . 2009-11-16 17:06 95896 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2009-11-16 17:03 . 2009-11-16 17:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-11-16 16:56 . 2009-11-16 16:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-11-16 11:13 . 2009-11-16 11:13 216576 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-11-13 11:41 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-13 11:41 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-13 11:41 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-13 11:41 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-13 11:40 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-13 11:40 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-13 11:40 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-13 11:40 . 2009-08-07 03:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-13 11:40 . 2009-08-07 02:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-12 15:24 . 2009-11-12 15:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2009-11-11 01:53 . 2009-11-11 01:53 -------- d-----w- c:\users\DJJ\Program Files
2009-11-11 00:34 . 2009-11-11 20:13 -------- d-----w- c:\users\DJJ\AppData\Local\WarRockDF
2009-11-11 00:17 . 2007-07-20 02:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2009-11-11 00:17 . 2007-07-20 02:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2009-11-11 00:17 . 2007-07-20 02:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-11-11 00:17 . 2007-04-05 02:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-11-10 22:46 . 2009-11-11 00:03 -------- d-----w- c:\users\DJJ\AppData\Local\GamersFirst LIVE!
2009-11-10 22:45 . 2009-11-10 22:45 -------- d-----w- c:\users\DJJ\AppData\Local\DNA
2009-11-10 22:45 . 2009-12-09 17:03 -------- d-----w- c:\users\DJJ\AppData\Roaming\DNA
2009-11-10 22:45 . 2009-11-10 22:46 -------- d-----w- c:\program files\DNA
2009-11-10 22:45 . 2009-11-20 02:23 -------- d-----w- c:\program files\GamersFirst
2009-11-10 21:37 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 21:37 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 16:03 . 2009-12-09 16:02 34705 ----a-w- c:\programdata\nvModes.dat
2009-12-09 16:02 . 2009-02-28 02:05 -------- d-----w- c:\programdata\NVIDIA
2009-12-09 04:43 . 2009-02-28 02:14 -------- d-----w- c:\programdata\Microsoft Help
2009-12-09 04:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-08 23:32 . 2009-02-28 02:41 -------- d-----w- c:\programdata\Norton
2009-12-07 23:19 . 2009-10-09 21:52 -------- d-----w- c:\users\DJJ\AppData\Roaming\uTorrent
2009-12-07 23:19 . 2009-02-28 02:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-04 04:46 . 2009-12-04 04:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-12-03 20:00 . 2009-12-03 20:00 816272 ----a-w- c:\programdata\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-02 22:30 . 2009-02-28 02:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-23 22:51 . 2009-10-08 23:31 72608 ----a-w- c:\users\DJJ\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-21 06:40 . 2009-12-09 02:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 02:05 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-09 02:05 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-09 02:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 22:14 . 2009-02-28 02:27 -------- d-----w- c:\program files\Java
2009-11-09 22:10 . 2009-10-12 14:56 -------- d-----w- c:\program files\Messenger Plus! Live
2009-11-07 19:16 . 2009-11-07 19:16 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-07 19:16 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-07 19:15 . 2009-11-07 19:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-03 23:04 . 2009-11-03 23:04 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-03 23:04 . 2009-11-03 23:04 138240 ----a-w- c:\users\DJJ\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-11-03 23:04 . 2009-11-03 23:04 138240 ----a-w- c:\users\DJJ\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-11-03 23:04 . 2009-11-03 23:04 138240 ----a-w- c:\users\DJJ\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-11-03 23:04 . 2009-11-03 23:04 138240 ----a-w- c:\users\DJJ\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-11-03 23:04 . 2009-11-03 23:04 -------- d-----w- c:\users\DJJ\AppData\Roaming\SystemRequirementsLab
2009-11-03 04:42 . 2009-10-08 23:56 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 16:46 . 2009-10-09 02:36 -------- d-----w- c:\users\DJJ\AppData\Roaming\Apple Computer
2009-10-29 20:34 . 2009-10-29 20:33 -------- d-----w- c:\program files\iTunes
2009-10-29 20:33 . 2009-10-29 20:33 -------- d-----w- c:\program files\iPod
2009-10-29 20:33 . 2009-10-09 02:30 -------- d-----w- c:\program files\Common Files\Apple
2009-10-29 20:21 . 2009-10-29 20:21 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 20:21 . 2009-10-29 20:21 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 20:21 . 2009-10-29 20:21 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 20:21 . 2009-10-29 20:21 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 20:21 . 2009-10-29 20:21 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 20:21 . 2009-10-29 20:21 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 20:21 . 2009-10-29 20:21 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 20:21 . 2009-10-29 20:21 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 20:21 . 2009-10-29 20:21 79144 ----a-w- c:\programdata\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 20:21 . 2009-10-29 20:21 79144 ----a-w- c:\programdata\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 20:21 . 2009-10-29 20:21 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-24 21:31 . 2009-10-24 21:31 175616 ----a-w- c:\users\DJJ\AppData\Roaming\EA\EASW\GameFace\unrar64_nocrypt.dll
2009-10-24 21:31 . 2009-10-24 21:31 150528 ----a-w- c:\users\DJJ\AppData\Roaming\EA\EASW\GameFace\unrar_nocrypt.dll
2009-10-24 21:31 . 2009-10-24 21:31 30208 ----a-w- c:\users\DJJ\AppData\Roaming\EA\EASW\GameFace\FileDownloadConsole.exe
2009-10-24 21:31 . 2009-10-24 21:31 -------- d-----w- c:\users\DJJ\AppData\Roaming\EA
2009-10-24 18:14 . 2009-10-24 18:14 -------- d-----w- c:\users\DJJ\AppData\Roaming\TVU networks
2009-10-24 18:14 . 2009-10-24 18:14 -------- d-----w- c:\program files\TVUPlayer
2009-10-24 18:14 . 2009-10-24 18:14 -------- d-----w- c:\programdata\TVU networks
2009-10-21 15:55 . 2009-10-21 15:55 -------- d-----w- c:\program files\LSI SoftModem
2009-10-21 02:13 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-10-21 02:13 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-21 02:13 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-10-21 02:13 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-10-21 02:13 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-10-13 15:41 . 2009-02-28 02:31 -------- d-----w- c:\program files\Windows Live
2009-10-13 15:37 . 2009-10-13 15:37 -------- d-----w- c:\program files\Microsoft
2009-10-12 20:23 . 2009-10-12 20:23 -------- d-----w- c:\programdata\Messenger Plus!
2009-10-12 05:12 . 2009-10-12 05:11 -------- d-----w- c:\program files\Ultra Mobile 3GP Video Converter
2009-10-11 20:20 . 2009-10-11 20:20 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-11 12:17 . 2009-10-09 01:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-09 03:30 . 2009-10-09 03:30 0 ----a-w- c:\windows\nsreg.dat
2009-10-08 21:08 . 2009-11-07 19:06 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-07 19:06 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-07 19:06 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 17:30 . 2009-10-24 21:33 13312 ----a-w- c:\users\DJJ\AppData\Roaming\EA\EASW\GameFace\PhotoFaceConsole.exe
2009-10-01 02:14 . 2009-10-24 21:33 15872 ----a-w- c:\users\DJJ\AppData\Roaming\EA\EASW\GameFace\PhotoFaceConsole.XmlSerializers.dll
2009-10-01 01:02 . 2009-11-07 19:08 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-07 19:08 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-07 19:08 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-07 19:08 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-07 19:08 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-07 19:08 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-07 19:08 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-07 19:08 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-07 19:08 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-07 19:08 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-07 19:08 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-07 19:08 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-30 17:41 . 2009-10-24 21:33 361472 ----a-w- c:\users\DJJ\AppData\Roaming\EA\EASW\GameFace\FgPhotofitDll.dll
2009-09-30 03:29 . 2009-10-24 21:33 6144 ----a-w- c:\users\DJJ\AppData\Roaming\EA\EASW\GameFace\DetectOpenGLConsole.exe
2009-09-30 03:29 . 2009-10-24 21:33 5120 ----a-w- c:\users\DJJ\AppData\Roaming\EA\EASW\GameFace\DownloadSourcePhotoConsole.exe
2009-09-30 03:29 . 2009-10-24 21:33 9216 ----a-w- c:\users\DJJ\AppData\Roaming\EA\EASW\GameFace\UploadPhotofitConsole.exe
2009-09-28 07:12 . 2009-09-28 07:12 9509832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-09-28 07:12 . 2009-09-28 07:12 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-28 07:12 . 2009-09-28 07:12 2169448 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-28 07:12 . 2009-09-28 07:12 1997416 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-28 07:12 . 2009-09-28 07:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-28 07:12 . 2009-09-28 07:12 170600 ----a-w- c:\windows\system32\nvcod167.dll
2009-09-28 07:12 . 2009-09-28 07:12 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-28 07:12 . 2009-09-28 07:12 11197032 ----a-w- c:\windows\system32\nvoglv32.dll
2009-09-28 07:12 . 2009-02-28 02:00 490088 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-09-28 07:12 . 2009-02-28 00:42 7614056 ----a-w- c:\windows\system32\nvd3dum.dll
2009-09-28 07:12 . 2009-02-28 00:42 1074280 ----a-w- c:\windows\system32\nvapi.dll
2009-09-28 01:47 . 2009-09-28 01:47 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-28 01:47 . 2009-09-28 01:47 92776 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-28 01:47 . 2009-09-28 01:47 805480 ----a-w- c:\windows\system32\nvsvc.dll
2009-09-28 01:47 . 2009-09-28 01:47 4033128 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-28 01:47 . 2009-09-28 01:47 3553896 ----a-w- c:\windows\system32\nvgames.dll
2009-09-28 01:47 . 2009-09-28 01:47 3172968 ----a-w- c:\windows\system32\nvwss.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BitTorrent DNA"="c:\users\DJJ\Program Files\DNA\btdna.exe" [2009-11-11 323392]
"Google Update"="c:\users\DJJ\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-21 135664]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-16 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6183456]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"Skytel"="Skytel.exe" [2008-07-23 1826816]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]

c:\users\DJJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2009-10-27 2665328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-07-27 02:37 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):22,9d,5c,ef,03,52,ca,01

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [12/3/2009 12:02 PM 64288]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [11/16/2009 9:03 AM 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/16/2009 9:04 AM 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [11/16/2009 9:06 AM 95896]
R2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [4/29/2009 3:59 AM 24576]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 3:17 AM 1184912]
S2 USBHSB;GeneLink File Transfer Driver;c:\windows\System32\drivers\usbhsb.sys [10/11/2009 6:28 PM 18690]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/20/2008 6:33 PM 21504]
S3 MotDev;Motorola Inc. USB Device;c:\windows\System32\drivers\motodrv.sys [10/10/2007 4:41 PM 42112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0409&m=et1810
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\DJJ\AppData\Roaming\Mozilla\Firefox\Profiles\hx924tmj.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\DJJ\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\DJJ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\DJJ\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-eRecoveryService - (no file)
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-USB File Transfer 1.11A - c:\windows\IsUninst.exe -fc:\program files\Genesys Logic\USB File Transfer 1.11A\Uninst.isu -cc:\program files\Genesys Logic\USB File Transfer 1.11A\uninst.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-09 09:04
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-09 09:10:10
ComboFix-quarantined-files.txt 2009-12-09 17:10

Pre-Run: 69,119,434,752 bytes free
Post-Run: 70,822,420,480 bytes free

- - End Of File - - 54E4540317573DF9AB0BFD00BE4BD90B
ComboFix 09-12-08.07 - DJJ 12/09/2009 8:52.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1791.840 [GMT -8:00]
Running from: c:\users\DJJ\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.


Report •

#9
December 9, 2009 at 10:02:29
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1928137526-2370664554-2826360868-500
c:\$recycle.bin\S-1-5-21-2443369096-1077973674-3521406336-500
c:\users\DJJ\AppData\Roaming\sdra64.exe
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-09 to 2009-12-09 )))))))))))))))))))))))))))))))
.

2009-12-09 17:04 . 2009-12-09 17:04 -------- d-----w- c:\users\DJJ\AppData\Local\temp
2009-12-09 04:43 . 2009-12-09 04:44 -------- d-----w- c:\windows\LastGood.Tmp
2009-12-09 02:06 . 2009-11-03 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 02:06 . 2009-11-03 19:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 02:06 . 2009-11-03 21:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 02:04 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 02:04 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 01:53 . 2009-12-09 01:54 -------- d-----w- c:\program files\ESET
2009-12-07 23:24 . 2009-12-07 23:24 -------- d-----w- c:\users\DJJ\AppData\Local\BVRP Software
2009-12-07 23:19 . 2009-12-07 23:20 -------- d-----w- c:\program files\Motorola Phone Tools
2009-12-07 23:19 . 2009-12-07 23:19 -------- d-----w- c:\programdata\BVRP Software
2009-12-07 23:18 . 2009-12-07 23:18 -------- d-----w- c:\users\DJJ\AppData\Roaming\InstallShield
2009-12-05 01:54 . 2009-12-05 01:55 -------- d-----w- c:\program files\trend micro
2009-12-05 01:54 . 2009-12-05 01:55 -------- d-----w- C:\rsit
2009-12-04 21:12 . 2009-12-03 20:01 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-04 07:52 . 2009-12-04 07:52 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-12-04 04:25 . 2009-12-04 05:23 -------- d-----w- c:\users\DJJ\AppData\Local\Ahead
2009-12-04 04:18 . 2009-12-07 20:01 -------- d-----w- c:\users\DJJ\AppData\Roaming\Ahead
2009-12-04 04:15 . 2009-12-04 04:15 -------- d-----w- c:\programdata\Nero
2009-12-04 04:15 . 2009-12-04 04:17 -------- d-----w- c:\program files\Common Files\Ahead
2009-12-04 04:15 . 2009-12-04 04:15 -------- d-----w- c:\program files\Nero
2009-12-03 20:02 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-03 20:00 . 2009-12-03 20:00 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-03 19:59 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-03 19:59 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-03 19:59 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-03 19:59 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-03 19:59 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-03 19:59 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-03 19:59 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-03 19:59 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-03 19:59 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\Application Data\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-03 19:59 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-03 19:59 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-03 19:58 . 2009-12-03 20:02 -------- d-----w- c:\programdata\Lavasoft
2009-12-03 19:58 . 2009-12-03 19:58 -------- d-----w- c:\program files\Lavasoft
2009-12-03 06:25 . 2009-12-09 06:28 -------- d-sh--w- c:\users\DJJ\AppData\Roaming\lowsec
2009-12-01 06:19 . 2009-12-01 18:51 -------- d-----w- c:\users\DJJ\Incomplete
2009-12-01 06:17 . 2009-12-01 18:54 -------- d-----w- c:\users\DJJ\AppData\Roaming\LimeWire
2009-11-30 22:16 . 2009-11-30 22:16 -------- d-----w- c:\program files\Genesys Logic
2009-11-30 22:16 . 1998-10-30 00:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-11-26 17:21 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 15:53 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 15:53 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 07:03 . 2009-11-24 07:04 -------- d-----w- c:\program files\QuickTime
2009-11-20 00:35 . 2008-01-21 02:32 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2009-11-18 18:42 . 2009-11-18 18:42 -------- d-----w- c:\users\DJJ\AppData\Local\Installer5564
2009-11-18 18:31 . 2009-11-18 18:31 -------- d-----w- c:\users\DJJ\AppData\Local\Installer5260
2009-11-18 02:42 . 2009-11-18 02:42 -------- d-----w- c:\programdata\FLEXnet
2009-11-18 02:24 . 2009-11-18 02:24 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-11-18 00:15 . 2009-11-18 00:15 -------- d-----w- c:\program files\PowerISO
2009-11-16 17:06 . 2009-11-16 17:06 95896 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2009-11-16 17:03 . 2009-11-16 17:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-11-16 16:56 . 2009-11-16 16:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-11-16 11:13 . 2009-11-16 11:13 216576 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-11-13 11:41 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-13 11:41 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-13 11:41 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-13 11:41 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-13 11:40 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-13 11:40 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-13 11:40 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-13 11:40 . 2009-08-07 03:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-13 11:40 . 2009-08-07 02:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-12 15:24 . 2009-11-12 15:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2009-11-11 01:53 . 2009-11-11 01:53 -------- d-----w- c:\users\DJJ\Program Files
2009-11-11 00:34 . 2009-11-11 20:13 -------- d-----w- c:\users\DJJ\AppData\Local\WarRockDF
2009-11-11 00:17 . 2007-07-20 02:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2009-11-11 00:17 . 2007-07-20 02:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2009-11-11 00:17 . 2007-07-20 02:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-11-11 00:17 . 2007-04-05 02:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-11-10 22:46 . 2009-11-11 00:03 -------- d-----w- c:\users\DJJ\AppData\Local\GamersFirst LIVE!
2009-11-10 22:45 . 2009-11-10 22:45 -------- d-----w- c:\users\DJJ\AppData\Local\DNA
2009-11-10 22:45 . 2009-12-09 17:03 -------- d-----w- c:\users\DJJ\AppData\Roaming\DNA
2009-11-10 22:45 . 2009-11-10 22:46 -------- d-----w- c:\program files\DNA
2009-11-10 22:45 . 2009-11-20 02:23 -------- d-----w- c:\program files\GamersFirst
2009-11-10 21:37 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 21:37 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 16:03 . 2009-12-09 16:02 34705 ----a-w- c:\programdata\nvModes.dat
2009-12-09 16:02 . 2009-02-28 02:05 -------- d-----w- c:\programdata\NVIDIA
2009-12-09 04:43 . 2009-02-28 02:14 -------- d-----w- c:\programdata\Microsoft Help
2009-12-09 04:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-08 23:32 . 2009-02-28 02:41 -------- d-----w- c:\programdata\Norton
2009-12-07 23:19 . 2009-10-09 21:52 -------- d-----w- c:\users\DJJ\AppData\Roaming\uTorrent
2009-12-07 23:19 . 2009-02-28 02:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-04 04:46 . 2009-12-04 04:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-12-03 20:00 . 2009-12-03 20:00 816272 ----a-w- c:\programdata\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-02 22:30 . 2009-02-28 02:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-23 22:51 . 2009-10-08 23:31 72608 ----a-w- c:\users\DJJ\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-21 06:40 . 2009-12-09 02:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 02:05 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-09 02:05 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-09 02:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 22:14 . 2009-02-28 02:27 -------- d-----w- c:\program files\Java
2009-11-09 22:10 . 2009-10-12 14:56 -------- d-----w- c:\program files\Messenger Plus! Live
2009-11-07 19:16 . 2009-11-07 19:16 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-07 19:16 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-07 19:15 . 2009-11-07 19:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-03 23:04 . 2009-11-03 23:04 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-03 23:04 . 2009-11-03 23:04 138240 ----a-w- c:\users\DJJ\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-11-03 23:04 . 2009-11-03 23:04 138240 ----a-w- c:\users\DJJ\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-11-03 23:04 . 2009-11-03 23:04 138240 ----a-w- c:\users\DJJ\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-11-03 23:04 . 2009-11-03 23:04 138240 ----a-w- c:\users\DJJ\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-11-03 23:04 . 2009-11-03 23:04 -------- d-----w- c:\users\DJJ\AppData\Roaming\SystemRequirementsLab
2009-11-03 04:42 . 2009-10-08 23:56 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 16:46 . 2009-10-09 02:36 -------- d-----w- c:\users\DJJ\AppData\Roaming\Apple Computer
2009-10-29 20:34 . 2009-10-29 20:33 -------- d-----w- c:\program files\iTunes
2009-10-29 20:33 . 2009-10-29 20:33 -------- d-----w- c:\program files\iPod
2009-10-29 20:33 . 2009-10-09 02:30 -------- d-----w- c:\program files\Common Files\Apple
2009-10-29 20:21 . 2009-10-29 20:21 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 20:21 . 2009-10-29 20:21 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 20:21 . 2009-10-29 20:21 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 20:21 . 2009-10-29 20:21 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 20:21 . 2009-10-29 20:21 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 20:21 . 2009-10-29 20:21 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 20:21 . 2009-10-29 20:21 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 20:21 . 2009-10-29 20:21 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 20:21 . 2009-10-29 20:21 79144 ----a-w- c:\programdata\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 20:21 . 2009-10-29 20:21 79144 ----a-w- c:\programdata\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 20:21 . 2009-10-29 20:21 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-24 21:31 . 2009-10-24 21:31 175616 ----a-w- c:\users\DJJ\AppData\Roaming\EA\EASW\GameFace\unrar64_nocrypt.dll
2009-10-24 21:31 . 2009-10-24 21:31 150528 ----a-w- c:\users\DJJ\AppData\Roaming\EA\EASW\GameFace\unrar_nocrypt.dll
2009-10-24 21:31 . 2009-10-24 21:31 30208 ----a-w- c:\users\DJJ\AppData\Roaming\EA\EASW\GameFace\FileDownloadConsole.exe
2009-10-24 21:31 . 2009-10-24 21:31 -------- d-----w- c:\users\DJJ\AppData\Roaming\EA
2009-10-24 18:14 . 2009-10-24 18:14 -------- d-----w- c:\users\DJJ\AppData\Roaming\TVU networks
2009-10-24 18:14 . 2009-10-24 18:14 -------- d-----w- c:\program files\TVUPlayer
2009-10-24 18:14 . 2009-10-24 18:14 -------- d-----w- c:\programdata\TVU networks
2009-10-21 15:55 . 2009-10-21 15:55 -------- d-----w- c:\program files\LSI SoftModem
2009-10-21 02:13 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-10-21 02:13 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-21 02:13 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-10-21 02:13 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-10-21 02:13 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-10-13 15:41 . 2009-02-28 02:31 -------- d-----w- c:\program files\Windows Live
2009-10-13 15:37 . 2009-10-13 15:37 -------- d-----w- c:\program files\Microsoft
2009-10-12 20:23 . 2009-10-12 20:23 -------- d-----w- c:\programdata\Messenger Plus!
2009-10-12 05:12 . 2009-10-12 05:11 -------- d-----w- c:\program files\Ultra Mobile 3GP Video Converter
2009-10-11 20:20 . 2009-10-11 20:20 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-11 12:17 . 2009-10-09 01:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-09 03:30 . 2009-10-09 03:30 0 ----a-w- c:\windows\nsreg.dat
2009-10-08 21:08 . 2009-11-07 19:06 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-07 19:06 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-07 19:06 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 17:30 . 2009-10-24 21:33 13312 ----a-w- c:\users\DJJ\AppData\Roaming\EA\EASW\GameFace\PhotoFaceConsole.exe
2009-10-01 02:14 . 2009-10-24 21:33 15872 ----a-w- c:\users\DJJ\AppData\Roaming\EA\EASW\GameFace\PhotoFaceConsole.XmlSerializers.dll
2009-10-01 01:02 . 2009-11-07 19:08 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-07 19:08 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-07 19:08 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-07 19:08 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-07 19:08 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-07 19:08 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-07 19:08 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-07 19:08 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-07 19:08 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-07 19:08 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-07 19:08 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-07 19:08 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-30 17:41 . 2009-10-24 21:33 361472 ----a-w- c:\users\DJJ\AppData\Roaming\EA\EASW\GameFace\FgPhotofitDll.dll
2009-09-30 03:29 . 2009-10-24 21:33 6144 ----a-w- c:\users\DJJ\AppData\Roaming\EA\EASW\GameFace\DetectOpenGLConsole.exe
2009-09-30 03:29 . 2009-10-24 21:33 5120 ----a-w- c:\users\DJJ\AppData\Roaming\EA\EASW\GameFace\DownloadSourcePhotoConsole.exe
2009-09-30 03:29 . 2009-10-24 21:33 9216 ----a-w- c:\users\DJJ\AppData\Roaming\EA\EASW\GameFace\UploadPhotofitConsole.exe
2009-09-28 07:12 . 2009-09-28 07:12 9509832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-09-28 07:12 . 2009-09-28 07:12 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-28 07:12 . 2009-09-28 07:12 2169448 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-28 07:12 . 2009-09-28 07:12 1997416 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-28 07:12 . 2009-09-28 07:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-28 07:12 . 2009-09-28 07:12 170600 ----a-w- c:\windows\system32\nvcod167.dll
2009-09-28 07:12 . 2009-09-28 07:12 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-28 07:12 . 2009-09-28 07:12 11197032 ----a-w- c:\windows\system32\nvoglv32.dll
2009-09-28 07:12 . 2009-02-28 02:00 490088 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-09-28 07:12 . 2009-02-28 00:42 7614056 ----a-w- c:\windows\system32\nvd3dum.dll
2009-09-28 07:12 . 2009-02-28 00:42 1074280 ----a-w- c:\windows\system32\nvapi.dll
2009-09-28 01:47 . 2009-09-28 01:47 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-28 01:47 . 2009-09-28 01:47 92776 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-28 01:47 . 2009-09-28 01:47 805480 ----a-w- c:\windows\system32\nvsvc.dll
2009-09-28 01:47 . 2009-09-28 01:47 4033128 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-28 01:47 . 2009-09-28 01:47 3553896 ----a-w- c:\windows\system32\nvgames.dll
2009-09-28 01:47 . 2009-09-28 01:47 3172968 ----a-w- c:\windows\system32\nvwss.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BitTorrent DNA"="c:\users\DJJ\Program Files\DNA\btdna.exe" [2009-11-11 323392]
"Google Update"="c:\users\DJJ\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-21 135664]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-16 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6183456]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"Skytel"="Skytel.exe" [2008-07-23 1826816]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]

c:\users\DJJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2009-10-27 2665328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-07-27 02:37 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):22,9d,5c,ef,03,52,ca,01

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [12/3/2009 12:02 PM 64288]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [11/16/2009 9:03 AM 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/16/2009 9:04 AM 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [11/16/2009 9:06 AM 95896]
R2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [4/29/2009 3:59 AM 24576]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 3:17 AM 1184912]
S2 USBHSB;GeneLink File Transfer Driver;c:\windows\System32\drivers\usbhsb.sys [10/11/2009 6:28 PM 18690]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/20/2008 6:33 PM 21504]
S3 MotDev;Motorola Inc. USB Device;c:\windows\System32\drivers\motodrv.sys [10/10/2007 4:41 PM 42112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0409&m=et1810
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\DJJ\AppData\Roaming\Mozilla\Firefox\Profiles\hx924tmj.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\DJJ\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\DJJ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\DJJ\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-eRecoveryService - (no file)
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-USB File Transfer 1.11A - c:\windows\IsUninst.exe -fc:\program files\Genesys Logic\USB File Transfer 1.11A\Uninst.isu -cc:\program files\Genesys Logic\USB File Transfer 1.11A\uninst.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-09 09:04
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-09 09:10:10
ComboFix-quarantined-files.txt 2009-12-09 17:10

Pre-Run: 69,119,434,752 bytes free
Post-Run: 70,822,420,480 bytes free

- - End Of File - - 54E4540317573DF9AB0BFD00BE4BD90B


Report •

#10
December 9, 2009 at 19:21:21
Please run Esets online scanner from this link:

ESET

1. Note: You will need to use Internet explorer for this scan
2. Tick the box next to YES, I accept the Terms of Use.
3. Click Start
4. When asked, allow the activex control to install
5. Click Start
6. Make sure that the option Remove found threats is unticked ( I want to see what is found first), and the option Scan unwanted applications is checked
7. Click Scan
8. Wait for the scan to finish
9. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
10. Copy and paste that log in your next reply.


Report •


Ask Question