I recently found this lurking in the task manager so I stopped the process but deleting the file in system32 failed. I searched online and found this site and I hope you guys can help me.
I've never done this stuff before with Hijackthis or what not so can someone (with some patience) walk me through how to clean out my computer?
Thank you
Edit. Sorry, the file's name is sdra64.exe
Full Version: [Resolved] Sdra.exe Problem
Suggest A Fix PC Support Forums > Security > Malicious Code: Viruses, Trojans, Spyware and Browser HiJacking
Hi Jakka, welcome to SAF
Please take a look here and post the logs we need: http://www.suggestafix.com/index.php?showtopic=33591
Chris
Please take a look here and post the logs we need: http://www.suggestafix.com/index.php?showtopic=33591
Chris
Am scanning with Malwarebytes now.
OK, waiting... 
Chris
Chris
Here goes:
MBAM log==>
Malwarebytes' Anti-Malware 1.41
Database version: 2905
Windows 6.0.6002 Service Pack 2
10/5/2009 9:41:21 AM
mbam-log-2009-10-05 (09-41-21).txt
Scan type: Full Scan (C:\|K:\|T:\|)
Objects scanned: 249515
Time elapsed: 1 hour(s), 49 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mp3_audio_codec (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
Folders Infected:
C:\Windows\System32\lowsec (Stolen.data) -> Delete on reboot.
Files Infected:
C:\Windows\System32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\Windows\System32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\Windows\System32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.
HIJACKTHIS log ==>
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:33 AM, on 10/5/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
T:\Programs\PNotes\PNotes.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
T:\Programs\pinkie shooter\Pinkie Shooter.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://today.ask.com/frostwire?o=101676&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vaio-online.sony.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "T:\Programs\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: PNotes.lnk = T:\Programs\PNotes\PNotes.exe
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: prio.dll,avgrsstx.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Prio Service (prio_svc) - Unknown owner - C:\Program Files\Prio\prio_svc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9104 bytes
NOTE: Pinkie Shooter is Hijackthis. It was just the first word that popped into my mind.
Edit: After doing this, when I run some applications, i get errors that say that there is no disk in the drive.
I have had this problem with iTunes and a game. the iTunes error will occur once and after I click try again, the error will go away and iTunes will start normally. The game error will occur randomly about 45 minutes in and will crash the game no matter how many times i press try again.
The exact error is:
------.exe - No Disk
There is no disk in the drive. Please insert a disk into drive \device\Harddisk2\DR2
Edit2: sorry for all these edits. I fixed the iTunes error by remapping the SD card slot and Memory stick slot to letters other than their originals. I have yet to test the game.
MBAM log==>
Malwarebytes' Anti-Malware 1.41
Database version: 2905
Windows 6.0.6002 Service Pack 2
10/5/2009 9:41:21 AM
mbam-log-2009-10-05 (09-41-21).txt
Scan type: Full Scan (C:\|K:\|T:\|)
Objects scanned: 249515
Time elapsed: 1 hour(s), 49 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mp3_audio_codec (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
Folders Infected:
C:\Windows\System32\lowsec (Stolen.data) -> Delete on reboot.
Files Infected:
C:\Windows\System32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\Windows\System32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\Windows\System32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.
HIJACKTHIS log ==>
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:33 AM, on 10/5/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
T:\Programs\PNotes\PNotes.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
T:\Programs\pinkie shooter\Pinkie Shooter.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://today.ask.com/frostwire?o=101676&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vaio-online.sony.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "T:\Programs\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: PNotes.lnk = T:\Programs\PNotes\PNotes.exe
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: prio.dll,avgrsstx.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Prio Service (prio_svc) - Unknown owner - C:\Program Files\Prio\prio_svc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9104 bytes
NOTE: Pinkie Shooter is Hijackthis. It was just the first word that popped into my mind.
Edit: After doing this, when I run some applications, i get errors that say that there is no disk in the drive.
I have had this problem with iTunes and a game. the iTunes error will occur once and after I click try again, the error will go away and iTunes will start normally. The game error will occur randomly about 45 minutes in and will crash the game no matter how many times i press try again.
The exact error is:
------.exe - No Disk
There is no disk in the drive. Please insert a disk into drive \device\Harddisk2\DR2
Edit2: sorry for all these edits. I fixed the iTunes error by remapping the SD card slot and Memory stick slot to letters other than their originals. I have yet to test the game.
Download Combofix to your desktop by clicking here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double click combofix.exe and follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.
Note:
Disconnect from the internet (unplug the cable), close all windows and any program on your system tray, including your antivirus. Do not mouseclick or type anything while combofix is running. That may cause it to stall.
You can safely ignore warnings about not having the recovery console installed. Run it only once !
Post the combofix report along with a fresh HJT log.
Chris
Double click combofix.exe and follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.
Note:
Disconnect from the internet (unplug the cable), close all windows and any program on your system tray, including your antivirus. Do not mouseclick or type anything while combofix is running. That may cause it to stall.
You can safely ignore warnings about not having the recovery console installed. Run it only once !
Post the combofix report along with a fresh HJT log.
Chris
COMBOFIX log
ComboFix 09-10-04.01 - ALY 10/05/2009 23:18.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2021 [GMT -8:00]
Running from: c:\users\ALY\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1700925250-700417681-2274007160-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2777308127-693086499-1199962174-500
c:\program files\INSTALL.LOG
.
((((((((((((((((((((((((( Files Created from 2009-09-06 to 2009-10-06 )))))))))))))))))))))))))))))))
.
2009-10-06 07:24 . 2009-10-06 07:24 -------- d-----w- c:\users\ALY\AppData\Local\temp
2009-10-06 01:00 . 2009-10-06 01:00 -------- d-----w- c:\program files\Alcohol Soft
2009-10-05 18:13 . 2009-10-05 18:17 -------- d-----w- c:\program files\PinkieShooter
2009-10-05 08:17 . 2009-10-05 08:17 -------- d-----w- c:\users\ALY\AppData\Roaming\Malwarebytes
2009-10-05 08:17 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-05 08:17 . 2009-10-05 08:17 -------- d-----w- c:\programdata\Malwarebytes
2009-10-05 08:17 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-04 22:44 . 2009-10-04 22:45 -------- d-----w- c:\windows\system32\ca-ES
2009-10-04 22:44 . 2009-10-04 22:45 -------- d-----w- c:\windows\system32\eu-ES
2009-10-04 22:44 . 2009-10-04 22:44 -------- d-----w- c:\program files\Microsoft Games
2009-10-04 22:44 . 2009-10-04 22:45 -------- d-----w- c:\windows\system32\vi-VN
2009-10-04 22:37 . 2009-10-04 22:37 -------- d-----w- c:\windows\system32\SPReview
2009-10-04 22:24 . 2009-04-11 07:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-10-04 22:24 . 2009-04-11 07:27 57856 ----a-w- c:\windows\system32\compcln.exe
2009-10-04 22:19 . 2009-04-11 07:32 141288 ----a-w- c:\windows\system32\drivers\ecache.sys
2009-10-04 22:18 . 2009-04-11 07:28 852992 ----a-w- c:\windows\system32\mcmde.dll
2009-10-04 22:13 . 2009-10-04 22:13 -------- d-----w- c:\windows\system32\EventProviders
2009-10-04 02:03 . 2009-10-04 20:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-04 02:02 . 2009-10-04 20:08 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-10-04 02:02 . 2009-10-04 20:08 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-04 02:02 . 2009-10-04 20:08 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-04 02:02 . 2009-10-06 01:48 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-04 02:02 . 2009-10-04 20:08 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-04 02:02 . 2009-10-04 02:02 -------- d-----w- c:\program files\AVG
2009-10-03 18:35 . 2009-10-01 18:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-03 06:20 . 2009-10-03 06:20 -------- d-----w- c:\program files\Sierra
2009-10-03 05:13 . 2009-10-03 05:13 -------- d-----w- c:\programdata\Roxio
2009-10-03 05:12 . 2009-10-03 05:13 -------- d-----w- c:\users\ALY\AppData\Roaming\Roxio
2009-10-03 01:37 . 2009-10-03 01:50 -------- d-----w- c:\programdata\SpeedBit
2009-10-02 20:13 . 2009-10-05 06:18 -------- d-----w- c:\program files\RegCure
2009-10-02 19:50 . 2009-10-02 19:50 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-10-02 19:50 . 2009-10-02 19:51 -------- d-----w- c:\users\ALY\AppData\Roaming\DAEMON Tools Lite
2009-10-02 19:26 . 2009-10-02 19:27 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-10-02 01:54 . 2009-10-02 01:54 -------- d-----w- c:\users\ALY\AppData\Local\Downloaded Installations
2009-09-28 05:36 . 2009-09-28 05:36 -------- d-----w- c:\users\ALY\AppData\Local\Yahoo!
2009-09-27 22:11 . 2009-09-27 22:11 -------- d-----w- c:\program files\iPod
2009-09-27 22:02 . 2009-09-27 22:02 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-26 04:25 . 2009-09-26 04:25 -------- d-----w- c:\program files\Managed DirectX (0901)
2009-09-26 04:23 . 1999-12-17 18:13 86016 ----a-w- c:\windows\unvise32.exe
2009-09-26 04:23 . 2009-09-26 04:23 -------- d-----w- c:\program files\DivX
2009-09-25 01:40 . 2009-09-25 01:40 34931712 ----a-w- c:\windows\system32\imageres.dll
2009-09-25 01:17 . 2009-09-25 01:17 -------- d-----w- c:\programdata\Stardock
2009-09-25 01:17 . 2007-06-05 19:26 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2009-09-25 00:18 . 2009-09-25 00:18 0 ----a-w- c:\windows\nsreg.dat
2009-09-25 00:18 . 2009-09-25 00:18 -------- d-----w- c:\users\ALY\AppData\Local\Mozilla
2009-09-24 03:51 . 2009-10-03 20:31 -------- d-----w- c:\users\ALY\AppData\Roaming\Skype
2009-09-24 03:50 . 2009-09-24 03:50 -------- d-----w- c:\program files\Skype
2009-09-24 03:50 . 2009-09-24 06:37 -------- d-----w- c:\programdata\Skype
2009-09-22 05:42 . 2009-05-18 22:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-22 05:42 . 2008-04-17 21:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-22 05:42 . 2009-09-22 05:42 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-22 05:40 . 2009-09-22 05:41 -------- d-----w- c:\program files\QuickTime
2009-09-16 20:23 . 2009-09-05 01:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-16 20:23 . 2009-09-05 01:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-16 20:23 . 2009-09-05 01:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-16 20:23 . 2009-09-05 01:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-16 20:23 . 2009-09-05 01:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-16 20:23 . 2009-09-05 01:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-16 20:23 . 2009-09-05 01:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-16 20:23 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-16 20:23 . 2008-10-27 18:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2009-09-16 20:23 . 2008-10-27 18:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2009-09-16 20:23 . 2008-10-27 18:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2009-09-16 20:23 . 2008-10-27 18:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-09-13 21:59 . 2009-09-13 21:59 -------- d-----w- c:\windows\FOOK2 Public Beta
2009-09-12 21:20 . 2009-09-13 20:24 -------- d-----w- c:\users\ALY\AppData\Local\Fallout3
2009-09-10 04:50 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-10 04:50 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-10 04:50 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-10 04:50 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-10 04:50 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-10 04:50 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-10 04:50 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-10 04:50 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-10 04:50 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-10 04:50 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-10 04:50 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-06 07:19 . 2007-05-21 23:39 85590 ----a-w- c:\windows\system32\prfc0404.dat
2009-10-06 07:19 . 2007-05-21 23:39 244870 ----a-w- c:\windows\system32\prfh0404.dat
2009-10-06 07:12 . 2009-07-19 03:48 -------- d-----w- c:\program files\Taskbar Shuffle
2009-10-06 07:10 . 2007-05-22 00:35 -------- d-----w- c:\programdata\Symantec
2009-10-06 07:10 . 2007-05-22 00:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-06 04:51 . 2009-07-16 23:14 -------- d-----w- c:\programdata\avg8
2009-10-06 01:47 . 2009-07-15 17:52 -------- d-----w- c:\users\ALY\AppData\Roaming\FrostWire
2009-10-06 01:00 . 2009-07-15 17:42 -------- d-----w- c:\users\ALY\AppData\Roaming\uTorrent
2009-10-05 06:44 . 2009-07-16 17:21 -------- d-----w- c:\program files\LeechGet 2009
2009-10-04 22:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-04 22:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-04 22:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-04 22:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-04 22:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-10-04 22:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-04 22:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-04 21:00 . 2009-07-29 06:36 -------- d-----w- c:\users\ALY\AppData\Roaming\Hamachi
2009-10-04 20:04 . 2009-07-15 18:01 -------- d-----w- c:\program files\Common Files\Steam
2009-10-04 20:04 . 2009-07-15 18:01 -------- d-----w- c:\program files\Steam
2009-10-03 23:42 . 2009-07-15 16:28 -------- d-----w- c:\program files\SpeedFan
2009-10-03 05:12 . 2007-05-22 00:33 -------- d-----w- c:\programdata\Sonic
2009-10-02 06:15 . 2009-07-31 01:30 -------- d-----w- c:\program files\Ray Adams
2009-10-01 19:02 . 2009-08-16 20:37 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-27 22:11 . 2009-07-15 01:08 -------- d-----w- c:\program files\Common Files\Apple
2009-09-24 23:03 . 2009-07-15 01:12 -------- d-----w- c:\users\ALY\AppData\Roaming\Apple Computer
2009-09-24 20:50 . 2009-08-07 15:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-24 20:50 . 2009-08-07 15:19 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-24 20:49 . 2009-07-22 03:53 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-09-24 20:49 . 2009-07-22 03:53 -------- d-----w- c:\program files\OpenAL
2009-09-24 20:49 . 2009-07-22 03:53 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-09-21 07:19 . 2009-08-16 19:42 1510 ----a-w- c:\windows\Sketchpad Preferences.dat
2009-09-12 20:57 . 2007-05-21 18:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-03 04:26 . 2009-09-03 04:26 -------- d-----w- c:\programdata\Trymedia
2009-08-31 06:43 . 2009-08-31 06:43 -------- d-----w- c:\users\ALY\AppData\Roaming\GamesFaction
2009-08-31 06:17 . 2009-08-30 01:26 -------- d-----w- c:\programdata\Media Center Programs
2009-08-31 04:55 . 2009-08-31 04:54 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-29 18:55 . 2009-07-15 17:49 -------- d-----w- c:\program files\Java
2009-08-29 00:27 . 2009-09-04 06:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-04 06:08 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-16 21:42 . 2009-07-15 17:48 -------- d-----w- c:\program files\FrostWire
2009-08-08 20:29 . 2009-08-08 20:29 -------- d-----w- c:\programdata\WindowsSearch
2009-08-08 18:54 . 2009-08-08 18:54 -------- d-----w- c:\users\ALY\AppData\Roaming\Wargaming.Net
2009-08-08 03:51 . 2009-08-08 03:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-08 03:51 . 2009-08-08 03:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-07 15:21 . 2009-08-07 15:21 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-07-29 06:36 . 2009-07-29 06:36 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-07-26 06:49 . 2009-07-26 06:49 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-25 21:24 . 2009-07-15 00:01 56080 ----a-w- c:\users\ALY\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-25 13:23 . 2009-07-16 23:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 03:55 . 2009-07-22 03:55 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-20 17:34 . 2009-07-20 17:34 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-07-18 18:45 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-07-18 18:45 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-07-17 13:54 . 2009-08-13 00:09 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 21:20 . 2009-07-15 21:20 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-07-15 21:20 . 2009-07-15 21:20 272896 ----a-w- c:\windows\system32\polstore.dll
2009-07-15 21:11 . 2009-07-15 21:11 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-07-15 21:07 . 2009-07-15 21:07 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 21:07 . 2009-07-15 21:07 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-07-15 21:07 . 2009-07-15 21:07 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 21:07 . 2009-07-15 21:07 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 21:07 . 2009-07-15 21:07 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 21:07 . 2009-07-15 21:07 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 20:53 . 2009-07-15 20:53 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-07-15 20:42 . 2009-07-15 20:42 623616 ----a-w- c:\windows\system32\localspl.dll
2009-07-15 20:20 . 2009-07-15 20:20 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2009-07-15 20:20 . 2009-07-15 20:20 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2009-07-15 20:20 . 2009-07-15 20:20 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2009-07-15 20:20 . 2009-07-15 20:20 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2009-07-15 20:20 . 2009-07-15 20:20 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2009-07-15 20:20 . 2009-07-15 20:20 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2009-07-15 20:20 . 2009-07-15 20:20 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2009-07-15 20:20 . 2009-07-15 20:20 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2009-07-15 20:20 . 2009-07-15 20:20 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2009-07-15 20:20 . 2009-07-15 20:19 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2009-07-15 20:18 . 2009-07-15 20:18 1722368 ----a-w- c:\windows\system32\NlsLexicons000d.dll
2009-07-15 20:17 . 2009-07-15 20:17 3104768 ----a-w- c:\windows\system32\NlsData004c.dll
2009-07-15 20:06 . 2009-07-15 20:06 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-07-15 19:47 . 2009-07-15 19:47 37888 ----a-w- c:\windows\system32\printcom.dll
2009-07-15 19:46 . 2009-07-15 19:46 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-07-15 18:23 . 2009-07-15 18:23 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-15 17:01 . 2009-07-15 17:01 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-07-15 16:59 . 2009-07-15 16:59 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-07-15 16:05 . 2009-07-15 16:05 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-07-15 16:05 . 2009-07-15 16:05 43544 ----a-w- c:\windows\system32\wups2.dll
2009-07-15 16:05 . 2009-07-15 16:05 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-07-15 16:05 . 2009-07-15 16:05 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-07-15 14:04 . 2009-07-15 14:04 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-07-15 14:04 . 2009-07-15 14:04 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-07-15 14:04 . 2009-07-15 14:04 34328 ----a-w- c:\windows\system32\wups.dll
2009-07-15 14:03 . 2009-07-15 14:03 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-07-15 14:03 . 2009-07-15 14:03 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-07-15 12:40 . 2009-08-13 00:09 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-13 00:09 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-13 00:09 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-13 00:09 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-10 04:49 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-10 04:49 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-10 04:49 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-10 04:49 65024 ----a-w- c:\windows\system32\wlanapi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DesktopIconToy"="c:\program files\Desktop Icon Toy\DesktopIconToy.exe" [2008-10-12 450560]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-08 835584]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-04-17 321656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-04 2023704]
"Malwarebytes Anti-Malware (reboot)"="t:\programs\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-06 4423680]
c:\users\ALY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PNotes.lnk - t:\programs\PNotes\PNotes.exe [2009-7-23 594432]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-04-24 00:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^ALY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CCC.lnk]
backup=c:\windows\pss\CCC.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):88,69,b0,67,45,45,ca,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BBAEA723-A616-4A76-B9BC-5FDCB5F2F557}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{71FD04D4-4A0A-4004-BD6A-6EAA491A65F0}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{A81082B3-CA7A-4A01-9483-94A741983926}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{ED52753F-9CD5-4497-BE5E-D10D8CFD4CB7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7083D5B1-2534-4DDB-84BA-04CFAEBA1077}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{A34D82EC-07DD-40CF-9895-99F7442C8EAB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{E5591BF8-D4CF-41CA-91D1-9A23D2C5539B}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{58B24D14-B427-4D17-B408-4DF11E1E4C0C}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire
"TCP Query User{58769815-6577-42D8-90BF-295600E39D32}c:\\program files\\aspyr\\men of war\\mow.exe"= UDP:c:\program files\aspyr\men of war\mow.exe:Main executable
"UDP Query User{73904A7D-D416-475F-B294-E4E4662D1BE5}c:\\program files\\aspyr\\men of war\\mow.exe"= TCP:c:\program files\aspyr\men of war\mow.exe:Main executable
"TCP Query User{94783F1F-65EB-472F-ACB1-F117D2DFE358}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{C3EE8CAA-ED2B-40A8-A79F-2C379721EEE5}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{BB3A69D5-2311-4FFC-9649-798F08507769}c:\\program files\\bohemia interactive\\arma\\arma_server.exe"= UDP:c:\program files\bohemia interactive\arma\arma_server.exe:ArmA
"UDP Query User{6B95996F-0BAD-402D-99EA-7D621B84F429}c:\\program files\\bohemia interactive\\arma\\arma_server.exe"= TCP:c:\program files\bohemia interactive\arma\arma_server.exe:ArmA
"{A42CADD9-1687-4814-9E2D-A28B50309296}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{2BD004A9-49B5-4D1B-A713-933A2B7CEE50}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{067E108A-75F1-4F6E-B59C-4C5287413A90}"= UDP:443:uTorrent
"{531CAF13-D6F0-44F0-A74D-7D4723FB4828}"= UDP:80:utorrent2
"{A8C43859-0777-4508-9835-EE9F138CFF26}"= TCP:422:utorrent3
"TCP Query User{2946BA93-060D-4C27-866C-EF81F3DA11F5}c:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= UDP:c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW
"UDP Query User{097E38D9-B21D-4BDA-ADD5-598E6AEFD425}c:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= TCP:c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW
"TCP Query User{15530286-ACA7-4344-9F76-EC0E8DA9DECD}c:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= UDP:c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW
"UDP Query User{1D459505-AC43-4152-B903-0A11A035619A}c:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= TCP:c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW
"TCP Query User{03A1F726-0359-4783-BEF2-2195A4226C09}c:\\program files\\aspyr\\men of war\\mow.exe"= UDP:c:\program files\aspyr\men of war\mow.exe:Main executable
"UDP Query User{D6277554-1B39-41C3-8A19-6800335D1CE8}c:\\program files\\aspyr\\men of war\\mow.exe"= TCP:c:\program files\aspyr\men of war\mow.exe:Main executable
"TCP Query User{398B85D8-C673-4CA2-8CCF-1875BE0A0FE4}c:\\program files\\aspyr\\men of war\\outfront_mp.exe"= UDP:c:\program files\aspyr\men of war\outfront_mp.exe:Main executable
"UDP Query User{B4E4C084-6C12-48E4-8B80-EB14C6CD6B0F}c:\\program files\\aspyr\\men of war\\outfront_mp.exe"= TCP:c:\program files\aspyr\men of war\outfront_mp.exe:Main executable
"TCP Query User{5BC2355F-31CC-48FE-B9AF-7815C5183A45}c:\\program files\\aspyr\\men of war\\outfront_mp.exe"= UDP:c:\program files\aspyr\men of war\outfront_mp.exe:Main executable
"UDP Query User{2BBD0A86-CA97-430E-94C2-98C82EF66B54}c:\\program files\\aspyr\\men of war\\outfront_mp.exe"= TCP:c:\program files\aspyr\men of war\outfront_mp.exe:Main executable
"{FB1F08E1-4929-44CA-B7C4-19FD0E0D5A53}"= UDP:45682:45682
"{49191238-2016-49E8-836F-78BE2E81C2C3}"= TCP:45682:45682222
"TCP Query User{15CC5FEA-5A01-48B9-8BCD-CB8D2FC98B39}c:\\program files\\steam\\steamapps\\common\\company of heroes\\relicdownloader\\relicdownloader.exe"= UDP:c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe:Relic Patch Download Manager
"UDP Query User{F6E151EE-002F-4CD4-9339-074284E9D9A7}c:\\program files\\steam\\steamapps\\common\\company of heroes\\relicdownloader\\relicdownloader.exe"= TCP:c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe:Relic Patch Download Manager
"{DCE03832-A603-4712-AC72-52346410B2E0}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes
"{70EFD00E-981A-4D41-B4BC-640FC251A372}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes
"{AD17DC21-9F31-498E-B739-EAF61691B806}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{4E409488-92CE-4262-8B34-19A7F8B35599}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{2DBC1BC4-D8BF-41C5-8A5F-07493DDFE28D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{4B3A3D0E-3991-4863-B0AA-A30BC50B995D}c:\\program files\\sierra\\homeworld2\\bin\\release\\homeworld2.exe"= UDP:c:\program files\sierra\homeworld2\bin\release\homeworld2.exe:Homeworld2
"UDP Query User{BA7FB9FB-286E-47F5-99A5-A90D20639F32}c:\\program files\\sierra\\homeworld2\\bin\\release\\homeworld2.exe"= TCP:c:\program files\sierra\homeworld2\bin\release\homeworld2.exe:Homeworld2
"{0B7FFEE4-E00F-45FF-B1C7-901EB558655C}"= UDP:f:\programs\iTunes\iTunes.exe:iTunes
"{C563FEF8-3900-4D15-8757-EFB1C8DDE956}"= TCP:f:\programs\iTunes\iTunes.exe:iTunes
"{5CB96728-A8E8-4A8B-A9BF-5C4A8A108FBB}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{58E33009-5F0C-4E1B-9B51-53E6B8C82CC7}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{DB3CC644-DDCC-4596-ADAA-3BE8784C7284}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{2E1D357B-1EEC-452E-BC56-295810704966}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{97EFCFBD-83CF-4AA5-98A2-9E1A78FC12C0}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{2F9DA1C0-A875-42D4-AADA-68FA5679E02E}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{BBA8C969-36B3-476D-9E46-48775972190A}"= UDP:c:\users\ALY\AppData\Local\Temp\7zS141E.tmp\SymNRT.exe:Norton Removal Tool
"{71859180-8EE1-4D1F-8B67-E3B9ABB38672}"= TCP:c:\users\ALY\AppData\Local\Temp\7zS141E.tmp\SymNRT.exe:Norton Removal Tool
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [10/3/2009 6:02 PM 12552]
R1 atitray;atitray;t:\programs\ATI Tray Tools\atitray.sys [9/8/2008 10:32 AM 18336]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10/3/2009 6:02 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [10/3/2009 6:02 PM 108552]
R1 prio;Prio;c:\windows\System32\drivers\prio.sys [6/3/2009 5:33 AM 51448]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/4/2009 12:08 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/4/2009 12:08 PM 297752]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 9:31 PM 29263712]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [1/3/2007 10:19 AM 11032]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [5/21/2007 11:15 AM 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [5/21/2007 11:15 AM 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [5/21/2007 11:15 AM 31104]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [5/21/2007 11:16 AM 807424]
S2 prio_svc;Prio Service;c:\program files\Prio\prio_svc.exe [6/3/2009 5:33 AM 5120]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\Image Converter 3\ICScsiSV.exe [7/14/2009 4:17 PM 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\Image Converter 3\IcVzMonLauncher.exe [7/14/2009 4:17 PM 67760]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [7/14/2009 4:31 PM 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [7/14/2009 4:27 PM 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [7/14/2009 4:27 PM 1089536]
.
Contents of the 'Scheduled Tasks' folder
2009-08-03 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2009-08-17 14:57]
2009-10-03 c:\windows\Tasks\Defraggler Volume F Task.job
- c:\program files\Defraggler\df.exe [2009-08-17 14:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://today.ask.com/frostwire?o=101676&l=dis
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\ALY\AppData\Roaming\Mozilla\Firefox\Profiles\9tzrytxu.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\users\ALY\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
.
- - - - ORPHANS REMOVED - - - -
AddRemove-HijackThis - t:\programs\Hij\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-05 23:24
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(616)
c:\program files\Prio\prio.dll
- - - - - - - > 'lsass.exe'(684)
c:\program files\Prio\prio.dll
.
Completion time: 2009-10-06 23:27
ComboFix-quarantined-files.txt 2009-10-06 07:26
Pre-Run: 23,612,690,432 bytes free
Post-Run: 23,320,596,480 bytes free
357 --- E O F --- 2009-10-03 18:36
HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:10 PM, on 10/5/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
T:\Programs\PNotes\PNotes.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PinkieShooter\Pinkie Shooter.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://today.ask.com/frostwire?o=101676&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "T:\Programs\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Startup: PNotes.lnk = T:\Programs\PNotes\PNotes.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Prio Service (prio_svc) - Unknown owner - C:\Program Files\Prio\prio_svc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8248 bytes
ComboFix 09-10-04.01 - ALY 10/05/2009 23:18.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2021 [GMT -8:00]
Running from: c:\users\ALY\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1700925250-700417681-2274007160-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2777308127-693086499-1199962174-500
c:\program files\INSTALL.LOG
.
((((((((((((((((((((((((( Files Created from 2009-09-06 to 2009-10-06 )))))))))))))))))))))))))))))))
.
2009-10-06 07:24 . 2009-10-06 07:24 -------- d-----w- c:\users\ALY\AppData\Local\temp
2009-10-06 01:00 . 2009-10-06 01:00 -------- d-----w- c:\program files\Alcohol Soft
2009-10-05 18:13 . 2009-10-05 18:17 -------- d-----w- c:\program files\PinkieShooter
2009-10-05 08:17 . 2009-10-05 08:17 -------- d-----w- c:\users\ALY\AppData\Roaming\Malwarebytes
2009-10-05 08:17 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-05 08:17 . 2009-10-05 08:17 -------- d-----w- c:\programdata\Malwarebytes
2009-10-05 08:17 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-04 22:44 . 2009-10-04 22:45 -------- d-----w- c:\windows\system32\ca-ES
2009-10-04 22:44 . 2009-10-04 22:45 -------- d-----w- c:\windows\system32\eu-ES
2009-10-04 22:44 . 2009-10-04 22:44 -------- d-----w- c:\program files\Microsoft Games
2009-10-04 22:44 . 2009-10-04 22:45 -------- d-----w- c:\windows\system32\vi-VN
2009-10-04 22:37 . 2009-10-04 22:37 -------- d-----w- c:\windows\system32\SPReview
2009-10-04 22:24 . 2009-04-11 07:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-10-04 22:24 . 2009-04-11 07:27 57856 ----a-w- c:\windows\system32\compcln.exe
2009-10-04 22:19 . 2009-04-11 07:32 141288 ----a-w- c:\windows\system32\drivers\ecache.sys
2009-10-04 22:18 . 2009-04-11 07:28 852992 ----a-w- c:\windows\system32\mcmde.dll
2009-10-04 22:13 . 2009-10-04 22:13 -------- d-----w- c:\windows\system32\EventProviders
2009-10-04 02:03 . 2009-10-04 20:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-04 02:02 . 2009-10-04 20:08 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-10-04 02:02 . 2009-10-04 20:08 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-04 02:02 . 2009-10-04 20:08 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-04 02:02 . 2009-10-06 01:48 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-04 02:02 . 2009-10-04 20:08 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-04 02:02 . 2009-10-04 02:02 -------- d-----w- c:\program files\AVG
2009-10-03 18:35 . 2009-10-01 18:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-03 06:20 . 2009-10-03 06:20 -------- d-----w- c:\program files\Sierra
2009-10-03 05:13 . 2009-10-03 05:13 -------- d-----w- c:\programdata\Roxio
2009-10-03 05:12 . 2009-10-03 05:13 -------- d-----w- c:\users\ALY\AppData\Roaming\Roxio
2009-10-03 01:37 . 2009-10-03 01:50 -------- d-----w- c:\programdata\SpeedBit
2009-10-02 20:13 . 2009-10-05 06:18 -------- d-----w- c:\program files\RegCure
2009-10-02 19:50 . 2009-10-02 19:50 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-10-02 19:50 . 2009-10-02 19:51 -------- d-----w- c:\users\ALY\AppData\Roaming\DAEMON Tools Lite
2009-10-02 19:26 . 2009-10-02 19:27 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-10-02 01:54 . 2009-10-02 01:54 -------- d-----w- c:\users\ALY\AppData\Local\Downloaded Installations
2009-09-28 05:36 . 2009-09-28 05:36 -------- d-----w- c:\users\ALY\AppData\Local\Yahoo!
2009-09-27 22:11 . 2009-09-27 22:11 -------- d-----w- c:\program files\iPod
2009-09-27 22:02 . 2009-09-27 22:02 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-26 04:25 . 2009-09-26 04:25 -------- d-----w- c:\program files\Managed DirectX (0901)
2009-09-26 04:23 . 1999-12-17 18:13 86016 ----a-w- c:\windows\unvise32.exe
2009-09-26 04:23 . 2009-09-26 04:23 -------- d-----w- c:\program files\DivX
2009-09-25 01:40 . 2009-09-25 01:40 34931712 ----a-w- c:\windows\system32\imageres.dll
2009-09-25 01:17 . 2009-09-25 01:17 -------- d-----w- c:\programdata\Stardock
2009-09-25 01:17 . 2007-06-05 19:26 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2009-09-25 00:18 . 2009-09-25 00:18 0 ----a-w- c:\windows\nsreg.dat
2009-09-25 00:18 . 2009-09-25 00:18 -------- d-----w- c:\users\ALY\AppData\Local\Mozilla
2009-09-24 03:51 . 2009-10-03 20:31 -------- d-----w- c:\users\ALY\AppData\Roaming\Skype
2009-09-24 03:50 . 2009-09-24 03:50 -------- d-----w- c:\program files\Skype
2009-09-24 03:50 . 2009-09-24 06:37 -------- d-----w- c:\programdata\Skype
2009-09-22 05:42 . 2009-05-18 22:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-22 05:42 . 2008-04-17 21:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-22 05:42 . 2009-09-22 05:42 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-22 05:40 . 2009-09-22 05:41 -------- d-----w- c:\program files\QuickTime
2009-09-16 20:23 . 2009-09-05 01:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-16 20:23 . 2009-09-05 01:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-16 20:23 . 2009-09-05 01:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-16 20:23 . 2009-09-05 01:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-16 20:23 . 2009-09-05 01:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-16 20:23 . 2009-09-05 01:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-16 20:23 . 2009-09-05 01:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-16 20:23 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-16 20:23 . 2008-10-27 18:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2009-09-16 20:23 . 2008-10-27 18:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2009-09-16 20:23 . 2008-10-27 18:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2009-09-16 20:23 . 2008-10-27 18:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-09-13 21:59 . 2009-09-13 21:59 -------- d-----w- c:\windows\FOOK2 Public Beta
2009-09-12 21:20 . 2009-09-13 20:24 -------- d-----w- c:\users\ALY\AppData\Local\Fallout3
2009-09-10 04:50 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-10 04:50 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-10 04:50 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-10 04:50 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-10 04:50 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-10 04:50 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-10 04:50 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-10 04:50 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-10 04:50 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-10 04:50 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-10 04:50 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-06 07:19 . 2007-05-21 23:39 85590 ----a-w- c:\windows\system32\prfc0404.dat
2009-10-06 07:19 . 2007-05-21 23:39 244870 ----a-w- c:\windows\system32\prfh0404.dat
2009-10-06 07:12 . 2009-07-19 03:48 -------- d-----w- c:\program files\Taskbar Shuffle
2009-10-06 07:10 . 2007-05-22 00:35 -------- d-----w- c:\programdata\Symantec
2009-10-06 07:10 . 2007-05-22 00:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-06 04:51 . 2009-07-16 23:14 -------- d-----w- c:\programdata\avg8
2009-10-06 01:47 . 2009-07-15 17:52 -------- d-----w- c:\users\ALY\AppData\Roaming\FrostWire
2009-10-06 01:00 . 2009-07-15 17:42 -------- d-----w- c:\users\ALY\AppData\Roaming\uTorrent
2009-10-05 06:44 . 2009-07-16 17:21 -------- d-----w- c:\program files\LeechGet 2009
2009-10-04 22:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-04 22:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-04 22:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-04 22:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-04 22:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-10-04 22:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-04 22:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-04 21:00 . 2009-07-29 06:36 -------- d-----w- c:\users\ALY\AppData\Roaming\Hamachi
2009-10-04 20:04 . 2009-07-15 18:01 -------- d-----w- c:\program files\Common Files\Steam
2009-10-04 20:04 . 2009-07-15 18:01 -------- d-----w- c:\program files\Steam
2009-10-03 23:42 . 2009-07-15 16:28 -------- d-----w- c:\program files\SpeedFan
2009-10-03 05:12 . 2007-05-22 00:33 -------- d-----w- c:\programdata\Sonic
2009-10-02 06:15 . 2009-07-31 01:30 -------- d-----w- c:\program files\Ray Adams
2009-10-01 19:02 . 2009-08-16 20:37 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-27 22:11 . 2009-07-15 01:08 -------- d-----w- c:\program files\Common Files\Apple
2009-09-24 23:03 . 2009-07-15 01:12 -------- d-----w- c:\users\ALY\AppData\Roaming\Apple Computer
2009-09-24 20:50 . 2009-08-07 15:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-24 20:50 . 2009-08-07 15:19 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-24 20:49 . 2009-07-22 03:53 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-09-24 20:49 . 2009-07-22 03:53 -------- d-----w- c:\program files\OpenAL
2009-09-24 20:49 . 2009-07-22 03:53 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-09-21 07:19 . 2009-08-16 19:42 1510 ----a-w- c:\windows\Sketchpad Preferences.dat
2009-09-12 20:57 . 2007-05-21 18:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-03 04:26 . 2009-09-03 04:26 -------- d-----w- c:\programdata\Trymedia
2009-08-31 06:43 . 2009-08-31 06:43 -------- d-----w- c:\users\ALY\AppData\Roaming\GamesFaction
2009-08-31 06:17 . 2009-08-30 01:26 -------- d-----w- c:\programdata\Media Center Programs
2009-08-31 04:55 . 2009-08-31 04:54 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-29 18:55 . 2009-07-15 17:49 -------- d-----w- c:\program files\Java
2009-08-29 00:27 . 2009-09-04 06:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-04 06:08 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-16 21:42 . 2009-07-15 17:48 -------- d-----w- c:\program files\FrostWire
2009-08-08 20:29 . 2009-08-08 20:29 -------- d-----w- c:\programdata\WindowsSearch
2009-08-08 18:54 . 2009-08-08 18:54 -------- d-----w- c:\users\ALY\AppData\Roaming\Wargaming.Net
2009-08-08 03:51 . 2009-08-08 03:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-08 03:51 . 2009-08-08 03:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-07 15:21 . 2009-08-07 15:21 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-07-29 06:36 . 2009-07-29 06:36 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-07-26 06:49 . 2009-07-26 06:49 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-25 21:24 . 2009-07-15 00:01 56080 ----a-w- c:\users\ALY\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-25 13:23 . 2009-07-16 23:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 03:55 . 2009-07-22 03:55 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-20 17:34 . 2009-07-20 17:34 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-07-18 18:45 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-07-18 18:45 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-07-17 13:54 . 2009-08-13 00:09 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 21:20 . 2009-07-15 21:20 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-07-15 21:20 . 2009-07-15 21:20 272896 ----a-w- c:\windows\system32\polstore.dll
2009-07-15 21:11 . 2009-07-15 21:11 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-07-15 21:07 . 2009-07-15 21:07 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 21:07 . 2009-07-15 21:07 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-07-15 21:07 . 2009-07-15 21:07 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 21:07 . 2009-07-15 21:07 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 21:07 . 2009-07-15 21:07 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 21:07 . 2009-07-15 21:07 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 20:53 . 2009-07-15 20:53 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-07-15 20:42 . 2009-07-15 20:42 623616 ----a-w- c:\windows\system32\localspl.dll
2009-07-15 20:20 . 2009-07-15 20:20 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2009-07-15 20:20 . 2009-07-15 20:20 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2009-07-15 20:20 . 2009-07-15 20:20 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2009-07-15 20:20 . 2009-07-15 20:20 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2009-07-15 20:20 . 2009-07-15 20:20 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2009-07-15 20:20 . 2009-07-15 20:20 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2009-07-15 20:20 . 2009-07-15 20:20 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2009-07-15 20:20 . 2009-07-15 20:20 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2009-07-15 20:20 . 2009-07-15 20:20 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2009-07-15 20:20 . 2009-07-15 20:19 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2009-07-15 20:18 . 2009-07-15 20:18 1722368 ----a-w- c:\windows\system32\NlsLexicons000d.dll
2009-07-15 20:17 . 2009-07-15 20:17 3104768 ----a-w- c:\windows\system32\NlsData004c.dll
2009-07-15 20:06 . 2009-07-15 20:06 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-07-15 19:47 . 2009-07-15 19:47 37888 ----a-w- c:\windows\system32\printcom.dll
2009-07-15 19:46 . 2009-07-15 19:46 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-07-15 18:23 . 2009-07-15 18:23 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-15 17:01 . 2009-07-15 17:01 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-07-15 16:59 . 2009-07-15 16:59 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-07-15 16:05 . 2009-07-15 16:05 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-07-15 16:05 . 2009-07-15 16:05 43544 ----a-w- c:\windows\system32\wups2.dll
2009-07-15 16:05 . 2009-07-15 16:05 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-07-15 16:05 . 2009-07-15 16:05 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-07-15 14:04 . 2009-07-15 14:04 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-07-15 14:04 . 2009-07-15 14:04 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-07-15 14:04 . 2009-07-15 14:04 34328 ----a-w- c:\windows\system32\wups.dll
2009-07-15 14:03 . 2009-07-15 14:03 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-07-15 14:03 . 2009-07-15 14:03 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-07-15 12:40 . 2009-08-13 00:09 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-13 00:09 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-13 00:09 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-13 00:09 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-10 04:49 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-10 04:49 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-10 04:49 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-10 04:49 65024 ----a-w- c:\windows\system32\wlanapi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DesktopIconToy"="c:\program files\Desktop Icon Toy\DesktopIconToy.exe" [2008-10-12 450560]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-08 835584]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-04-17 321656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-04 2023704]
"Malwarebytes Anti-Malware (reboot)"="t:\programs\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-06 4423680]
c:\users\ALY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PNotes.lnk - t:\programs\PNotes\PNotes.exe [2009-7-23 594432]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-04-24 00:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^ALY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CCC.lnk]
backup=c:\windows\pss\CCC.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):88,69,b0,67,45,45,ca,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BBAEA723-A616-4A76-B9BC-5FDCB5F2F557}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{71FD04D4-4A0A-4004-BD6A-6EAA491A65F0}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{A81082B3-CA7A-4A01-9483-94A741983926}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{ED52753F-9CD5-4497-BE5E-D10D8CFD4CB7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7083D5B1-2534-4DDB-84BA-04CFAEBA1077}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{A34D82EC-07DD-40CF-9895-99F7442C8EAB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{E5591BF8-D4CF-41CA-91D1-9A23D2C5539B}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{58B24D14-B427-4D17-B408-4DF11E1E4C0C}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire
"TCP Query User{58769815-6577-42D8-90BF-295600E39D32}c:\\program files\\aspyr\\men of war\\mow.exe"= UDP:c:\program files\aspyr\men of war\mow.exe:Main executable
"UDP Query User{73904A7D-D416-475F-B294-E4E4662D1BE5}c:\\program files\\aspyr\\men of war\\mow.exe"= TCP:c:\program files\aspyr\men of war\mow.exe:Main executable
"TCP Query User{94783F1F-65EB-472F-ACB1-F117D2DFE358}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{C3EE8CAA-ED2B-40A8-A79F-2C379721EEE5}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{BB3A69D5-2311-4FFC-9649-798F08507769}c:\\program files\\bohemia interactive\\arma\\arma_server.exe"= UDP:c:\program files\bohemia interactive\arma\arma_server.exe:ArmA
"UDP Query User{6B95996F-0BAD-402D-99EA-7D621B84F429}c:\\program files\\bohemia interactive\\arma\\arma_server.exe"= TCP:c:\program files\bohemia interactive\arma\arma_server.exe:ArmA
"{A42CADD9-1687-4814-9E2D-A28B50309296}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{2BD004A9-49B5-4D1B-A713-933A2B7CEE50}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{067E108A-75F1-4F6E-B59C-4C5287413A90}"= UDP:443:uTorrent
"{531CAF13-D6F0-44F0-A74D-7D4723FB4828}"= UDP:80:utorrent2
"{A8C43859-0777-4508-9835-EE9F138CFF26}"= TCP:422:utorrent3
"TCP Query User{2946BA93-060D-4C27-866C-EF81F3DA11F5}c:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= UDP:c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW
"UDP Query User{097E38D9-B21D-4BDA-ADD5-598E6AEFD425}c:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= TCP:c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW
"TCP Query User{15530286-ACA7-4344-9F76-EC0E8DA9DECD}c:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= UDP:c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW
"UDP Query User{1D459505-AC43-4152-B903-0A11A035619A}c:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= TCP:c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW
"TCP Query User{03A1F726-0359-4783-BEF2-2195A4226C09}c:\\program files\\aspyr\\men of war\\mow.exe"= UDP:c:\program files\aspyr\men of war\mow.exe:Main executable
"UDP Query User{D6277554-1B39-41C3-8A19-6800335D1CE8}c:\\program files\\aspyr\\men of war\\mow.exe"= TCP:c:\program files\aspyr\men of war\mow.exe:Main executable
"TCP Query User{398B85D8-C673-4CA2-8CCF-1875BE0A0FE4}c:\\program files\\aspyr\\men of war\\outfront_mp.exe"= UDP:c:\program files\aspyr\men of war\outfront_mp.exe:Main executable
"UDP Query User{B4E4C084-6C12-48E4-8B80-EB14C6CD6B0F}c:\\program files\\aspyr\\men of war\\outfront_mp.exe"= TCP:c:\program files\aspyr\men of war\outfront_mp.exe:Main executable
"TCP Query User{5BC2355F-31CC-48FE-B9AF-7815C5183A45}c:\\program files\\aspyr\\men of war\\outfront_mp.exe"= UDP:c:\program files\aspyr\men of war\outfront_mp.exe:Main executable
"UDP Query User{2BBD0A86-CA97-430E-94C2-98C82EF66B54}c:\\program files\\aspyr\\men of war\\outfront_mp.exe"= TCP:c:\program files\aspyr\men of war\outfront_mp.exe:Main executable
"{FB1F08E1-4929-44CA-B7C4-19FD0E0D5A53}"= UDP:45682:45682
"{49191238-2016-49E8-836F-78BE2E81C2C3}"= TCP:45682:45682222
"TCP Query User{15CC5FEA-5A01-48B9-8BCD-CB8D2FC98B39}c:\\program files\\steam\\steamapps\\common\\company of heroes\\relicdownloader\\relicdownloader.exe"= UDP:c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe:Relic Patch Download Manager
"UDP Query User{F6E151EE-002F-4CD4-9339-074284E9D9A7}c:\\program files\\steam\\steamapps\\common\\company of heroes\\relicdownloader\\relicdownloader.exe"= TCP:c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe:Relic Patch Download Manager
"{DCE03832-A603-4712-AC72-52346410B2E0}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes
"{70EFD00E-981A-4D41-B4BC-640FC251A372}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes
"{AD17DC21-9F31-498E-B739-EAF61691B806}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{4E409488-92CE-4262-8B34-19A7F8B35599}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{2DBC1BC4-D8BF-41C5-8A5F-07493DDFE28D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{4B3A3D0E-3991-4863-B0AA-A30BC50B995D}c:\\program files\\sierra\\homeworld2\\bin\\release\\homeworld2.exe"= UDP:c:\program files\sierra\homeworld2\bin\release\homeworld2.exe:Homeworld2
"UDP Query User{BA7FB9FB-286E-47F5-99A5-A90D20639F32}c:\\program files\\sierra\\homeworld2\\bin\\release\\homeworld2.exe"= TCP:c:\program files\sierra\homeworld2\bin\release\homeworld2.exe:Homeworld2
"{0B7FFEE4-E00F-45FF-B1C7-901EB558655C}"= UDP:f:\programs\iTunes\iTunes.exe:iTunes
"{C563FEF8-3900-4D15-8757-EFB1C8DDE956}"= TCP:f:\programs\iTunes\iTunes.exe:iTunes
"{5CB96728-A8E8-4A8B-A9BF-5C4A8A108FBB}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{58E33009-5F0C-4E1B-9B51-53E6B8C82CC7}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{DB3CC644-DDCC-4596-ADAA-3BE8784C7284}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{2E1D357B-1EEC-452E-BC56-295810704966}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{97EFCFBD-83CF-4AA5-98A2-9E1A78FC12C0}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{2F9DA1C0-A875-42D4-AADA-68FA5679E02E}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{BBA8C969-36B3-476D-9E46-48775972190A}"= UDP:c:\users\ALY\AppData\Local\Temp\7zS141E.tmp\SymNRT.exe:Norton Removal Tool
"{71859180-8EE1-4D1F-8B67-E3B9ABB38672}"= TCP:c:\users\ALY\AppData\Local\Temp\7zS141E.tmp\SymNRT.exe:Norton Removal Tool
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [10/3/2009 6:02 PM 12552]
R1 atitray;atitray;t:\programs\ATI Tray Tools\atitray.sys [9/8/2008 10:32 AM 18336]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10/3/2009 6:02 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [10/3/2009 6:02 PM 108552]
R1 prio;Prio;c:\windows\System32\drivers\prio.sys [6/3/2009 5:33 AM 51448]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/4/2009 12:08 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/4/2009 12:08 PM 297752]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 9:31 PM 29263712]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [1/3/2007 10:19 AM 11032]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [5/21/2007 11:15 AM 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [5/21/2007 11:15 AM 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [5/21/2007 11:15 AM 31104]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [5/21/2007 11:16 AM 807424]
S2 prio_svc;Prio Service;c:\program files\Prio\prio_svc.exe [6/3/2009 5:33 AM 5120]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\Image Converter 3\ICScsiSV.exe [7/14/2009 4:17 PM 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\Image Converter 3\IcVzMonLauncher.exe [7/14/2009 4:17 PM 67760]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [7/14/2009 4:31 PM 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [7/14/2009 4:27 PM 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [7/14/2009 4:27 PM 1089536]
.
Contents of the 'Scheduled Tasks' folder
2009-08-03 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2009-08-17 14:57]
2009-10-03 c:\windows\Tasks\Defraggler Volume F Task.job
- c:\program files\Defraggler\df.exe [2009-08-17 14:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://today.ask.com/frostwire?o=101676&l=dis
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\ALY\AppData\Roaming\Mozilla\Firefox\Profiles\9tzrytxu.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\users\ALY\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
.
- - - - ORPHANS REMOVED - - - -
AddRemove-HijackThis - t:\programs\Hij\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-05 23:24
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(616)
c:\program files\Prio\prio.dll
- - - - - - - > 'lsass.exe'(684)
c:\program files\Prio\prio.dll
.
Completion time: 2009-10-06 23:27
ComboFix-quarantined-files.txt 2009-10-06 07:26
Pre-Run: 23,612,690,432 bytes free
Post-Run: 23,320,596,480 bytes free
357 --- E O F --- 2009-10-03 18:36
HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:10 PM, on 10/5/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
T:\Programs\PNotes\PNotes.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PinkieShooter\Pinkie Shooter.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://today.ask.com/frostwire?o=101676&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "T:\Programs\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Startup: PNotes.lnk = T:\Programs\PNotes\PNotes.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Prio Service (prio_svc) - Unknown owner - C:\Program Files\Prio\prio_svc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8248 bytes
QUOTE(9840232213 @ Oct 5 2009, 11:35 PM) 
^Spambot?
QUOTE(Jakka @ Oct 5 2009, 10:42 AM)
^Spambot?
yes, thanks for alerting us
Well, looks clean now. How is your system running ?
Chris
How is your system running ?Chris
MUCH faster now thank you. No more sdra64, internet speed is up to par, and my computer seems to be running faster in general. Boot up times seem to have decreased and all. Thank you so much Chris 
me ===>
Edit: AVG anti-virus is detecting hidden drivers. They are named random things like "am1xutra.SYS" However, Malwarebytes does not seem to pick up on these and I see no real change in performance of internet speed. They may be the sideeffects of a program called Prio.
me ===>
Edit: AVG anti-virus is detecting hidden drivers. They are named random things like "am1xutra.SYS" However, Malwarebytes does not seem to pick up on these and I see no real change in performance of internet speed. They may be the sideeffects of a program called Prio.
You are welcome. Glad we could help.
Also, you can run an online scan from here, just to be sure: http://www.superantispyware.com/onlinescan.html
You can now uninstall combofix:
<Start/Run> type in combofix /u (Enter) --> note there is a space before /u
This will remove quarantined files thus avoiding antivirus to trigger false positives in the future.
Deleting your system restore files may also be a good idea: Disable/re-enable system restore: http://www.bleepingcomputer.com/tutorials/tutorial56.html
Don't forget to create a new restore point just after.
Update Java: Go to your control Panel, click the Java Icon, update tab and click "update now".
Chris
This topic has been closed as the problem has been resolved. If there is a need to reopen this topic, please send a PM to a Moderator.
Glad we could help.QUOTE
Edit: AVG anti-virus is detecting hidden drivers.
Better let AVG quarantine them. You can restore them from quarantine if there is any problem.Also, you can run an online scan from here, just to be sure: http://www.superantispyware.com/onlinescan.html
You can now uninstall combofix:
<Start/Run> type in combofix /u (Enter) --> note there is a space before /u
This will remove quarantined files thus avoiding antivirus to trigger false positives in the future.
Deleting your system restore files may also be a good idea: Disable/re-enable system restore: http://www.bleepingcomputer.com/tutorials/tutorial56.html
Don't forget to create a new restore point just after.
Update Java: Go to your control Panel, click the Java Icon, update tab and click "update now".
Chris
This topic has been closed as the problem has been resolved. If there is a need to reopen this topic, please send a PM to a Moderator.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.