HELP! Computer is infected with rootkit!

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

HELP! Computer is infected with rootkit!4th February 2010, 7:07 pm

Hi, I have had a problem with a root kit called rptqwpd.sys it is located in the C:\System32\drivers folder and starts automatically with the computer. I have tried several times to remove it using Malwarebytes anti-malware and avast! periodically pops up with messages telling me that I have a rottkit and my computer is infected. Even thogh I click on the delete button it does absoloutly nothing! I have also tried manually deleting the virus but it just says "Error: Source file could not be read from disk" but I don't think it is a problem with my hard drive because everything else works fine. I tried connecteing to the internet on my PC but it downloads trojans if I do. I tried doing a system resore via windows but after I did it, a message popped up saying that it was unsucessful. (I assume that this was the virus tampering) Please help me I don't want my computer to die! Sad tearing

Any help at all would be greatly appreciated.

I am running windows vista home basic with avast! and COMODO Free Firewall

Re: HELP! Computer is infected with rootkit!4th February 2010, 8:55 pm

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

Re: HELP! Computer is infected with rootkit!4th February 2010, 9:28 pm

OTL Extras logfile created on: 04/02/2010 21:12:15 - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\Colm\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.98 Gb Total Space | 50.14 Gb Free Space | 36.07% Space Free | Partition Type: NTFS
Drive D: | 10.07 Gb Total Space | 1.75 Gb Free Space | 17.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 968.38 Mb Total Space | 962.61 Mb Free Space | 99.40% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: COLM-PC
Current User Name: Colm
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003B178D-4368-4C07-A78D-07529BFF593C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0606934C-4285-4617-896C-4B0FEDC987E8}" = rport=138 | protocol=17 | dir=out | app=system |
"{107A5408-7D13-4CB9-A10E-F4D0BD76B6CC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{10A676D1-562B-4A61-B6B1-CF18064EC591}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{20527B2B-2668-4C17-A5AE-298E29765A9B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2AF187C1-D8AB-4B17-978B-64F32AA222F5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2C51B142-ED5A-452F-AB2F-863649C3A992}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{30237BC3-8EB7-4F8E-AB1B-CA6F68717CAE}" = lport=445 | protocol=6 | dir=in | app=system |
"{460AC970-6B8A-44E7-A11B-CCF6D0607D16}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4C65B9ED-B2CE-4334-9C3E-90505BA6B412}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4F444CDF-CFFD-447C-A901-618F1F11E334}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52120795-3AB1-4F80-995A-1BAE96AF462F}" = lport=139 | protocol=6 | dir=in | app=system |
"{5F256B1A-53C4-45B7-91E8-B861504794F7}" = rport=139 | protocol=6 | dir=out | app=system |
"{72BBD201-9028-4073-AFD4-E22EFF41B914}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{82BCA8E3-3397-4F94-BCEF-27805F721BE7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{845D1F3B-4471-4A48-BD4D-195BD92B4072}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89B20236-000E-458F-8E01-1FB4755A9E1B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9C3F2D21-E1E8-4A09-B20F-92818B1A380C}" = lport=138 | protocol=17 | dir=in | app=system |
"{9C9E3811-824F-41D4-A164-B284058A58DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9D007CE4-A8EE-42FA-8CEF-27F3E7440D78}" = rport=445 | protocol=6 | dir=out | app=system |
"{A2D9E81E-DEF6-4692-BE71-EC77AC381F2E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B73E8EE1-02A5-4FA7-8F76-88853C2F3E4C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CB7FEF5D-8767-4F45-A63F-47EC2CAD56BC}" = lport=137 | protocol=17 | dir=in | app=system |
"{D09C670F-98C0-4225-AEE0-73DC1B526CA3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D0DCDFA0-0763-4164-8B03-0346D37E98A4}" = rport=137 | protocol=17 | dir=out | app=system |
"{D7A2E931-90AF-4E75-BA0B-19FC95DFD85F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D938AC1E-5200-4CDC-96E1-F6FA18BB4FC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF0AA81F-DAB0-47DE-894E-790C1C356DAD}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{EFD9A72E-F258-4FE4-98E9-A62612837983}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FE837A31-EB12-4E6F-82F4-64D833707743}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F8B1836-CEB3-4820-9BD4-9338AA176EBE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0FB59BF1-5354-4139-A2F6-75A39D8E3F46}" = protocol=17 | dir=in | app=c:\program files\aeriagames\project torque\projecttorque.bin |
"{12E0BDBA-9A0B-45F3-8F44-E8822178E97F}" = protocol=17 | dir=in | app=c:\program files\aeriagames\project torque\projecttorque.exe |
"{23D86148-0AC1-4587-9882-9803BEEB8A1F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{24AEF520-0151-4098-AFDA-914C655207DE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2509A268-2236-469D-B0F5-89A178A0B10C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{30150D5D-887F-490C-A580-835184F9BB68}" = protocol=17 | dir=in | app=c:\users\colm\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{31F1D559-E254-4B8B-BCF0-C12CD314A19A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{330B5DC7-78DC-45E8-870A-16D58B6D76A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{35C9FA2E-2D3F-45E4-9577-4D775D3474ED}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{365DCA46-BED4-4E0D-B7A6-9778DDA84F8F}" = protocol=6 | dir=in | app=c:\program files\nakido\nakido.exe |
"{38CA56C7-561D-4142-96B4-C2AE76A29842}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38EAD215-662A-4BCE-99C6-F245757D4584}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{414340A1-27F8-45B8-A572-9A9A65B6C1AB}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{41F80AF6-6ED0-4F59-A9CD-1ECBED407094}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{43D75F8D-17E1-4171-BD66-285938D68E1F}" = protocol=6 | dir=in | app=c:\users\colm\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{49A35A92-6BE3-4068-A51A-26C0F1CE2555}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{50BB1C47-6884-4C29-A230-30594948ED0E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5110AFCD-A46D-4749-B69A-FFF8DD36522B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5A55A15C-FECA-4AE0-AA80-EEF53D4ABAE2}" = protocol=17 | dir=in | app=c:\windows\system32\lxcgcoms.exe |
"{70130205-E8BA-45DD-A163-D521704F6B9B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{73091E20-8292-449E-9C70-B1AEF99743A0}" = protocol=6 | dir=in | app=c:\program files\aeriagames\project torque\projecttorque.bin |
"{77A4809F-E2FF-4BE8-AA06-F7A33F2B9956}" = protocol=6 | dir=in | app=c:\windows\system32\lxcgcoms.exe |
"{7A53287D-9694-4487-A122-4D89B53D47E0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7A87F2A5-D1C2-485E-87B8-B9882ECA503D}" = protocol=6 | dir=out | app=system |
"{7B439499-F7B7-47F5-9139-7614C3FB5F7F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{80B510FF-CAB2-4D25-8725-6E3DA28A0760}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{80CE2AB6-160D-42C1-B6A9-E2EA914ED60F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81464AA0-C37D-40BD-8931-4173C73B3200}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{86AF23E3-250D-458E-89B2-1244F8D501FB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcgpswx.exe |
"{894978E5-33D4-43C4-A56F-1862A17D0E57}" = protocol=6 | dir=in | app=c:\users\colm\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{8998B0F4-E10A-4605-8A44-5A1D22CCFE56}" = protocol=17 | dir=in | app=c:\users\colm\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{8BBDEE26-DDD4-4F00-B5EC-DA831652E274}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{93951FA9-2FE4-4FAB-9951-6FB7F88B9A0A}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{9DFBF483-B075-4AE5-AFEB-830F5180EBA0}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{A3DEAEC3-4366-4FAD-BAB5-8945ADD86D33}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5D21856-58DC-4324-87C5-D5DBDCEEDF2B}" = protocol=17 | dir=in | app=c:\program files\nakido\nakido.exe |
"{A6A23155-9D91-48C3-B669-6B2C89C4271F}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcgpswx.exe |
"{AC755A5B-687C-489D-830C-0F823DE0835A}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{B68F1F67-9570-440F-BC3A-B8FDC51083C0}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{BAE10B7D-8B13-4D25-8699-415081D7A89D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C25BE8EB-359C-4109-B773-2507DDC877C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C39334B3-FA0E-4D23-BDEB-9C0C6AFE6BC4}" = protocol=6 | dir=in | app=c:\program files\aeriagames\project torque\projecttorque.exe |
"{C6110236-36C9-4B62-B709-DA336ADFEDE0}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{C6F41DC9-EB33-4015-A568-3F1F408A0031}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C99F6A80-4424-43F9-A043-49BDDD74EC01}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CE4B2D82-F843-4883-961E-07801D43E794}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{DF255B47-A96F-43A4-AD6A-E88A5334910B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E78BBCD2-C8E9-4F17-B517-8FD38F58E10A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E7B72BEE-DBDA-4C49-8AEF-3DFDC557CAD1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EB698E3E-FB7C-4663-9764-2D7FD5E071C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FEB8ABF6-E301-461A-9A3D-F3B781F965B3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{14A4A004-BD8E-4265-8439-A9A8C886426B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{3AFA348A-1F0D-4F18-9DE8-1E1A98A558C4}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{41072BE3-DC40-4220-80A4-593ED32F4200}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{44D553BE-84B5-4626-A5A3-4CC714B38F24}C:\program files\graboid\graboidvideo\1.4.0.0\dlmanager\graboiddlmanager.exe" = protocol=6 | dir=in | app=c:\program files\graboid\graboidvideo\1.4.0.0\dlmanager\graboiddlmanager.exe |
"TCP Query User{51F61EAF-3D5D-4C0C-A7A1-9C9498577736}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{55BEAC1D-EA30-4EEC-B772-3FF9DD971627}C:\program files\ultravnc\winvnc.exe" = protocol=6 | dir=in | app=c:\program files\ultravnc\winvnc.exe |
"TCP Query User{6BACAFBC-E6FC-4FA0-86C8-8130817DA836}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{6CC3EF59-5804-444D-BC66-4ECA91926495}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{6DFE2EAF-0B6B-44CD-9AFF-4F3B8BD31280}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{7536ABBE-7668-41F0-9E74-FB3360A57CDB}C:\users\colm\downloads\age of empires 2\age of empires 2\empires2.exe" = protocol=6 | dir=in | app=c:\users\colm\downloads\age of empires 2\age of empires 2\empires2.exe |
"TCP Query User{766C1711-13CE-421D-B27B-6FCC4BB992E4}C:\program files\steam\steamapps\flameoxx\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\flameoxx\garrysmod\hl2.exe |
"TCP Query User{7CB88DDB-1708-44A6-9988-A8E9DCFD69F6}C:\program files\ysflight.com\ysflight\fsmainsvr.exe" = protocol=6 | dir=in | app=c:\program files\ysflight.com\ysflight\fsmainsvr.exe |
"TCP Query User{7E464A87-9849-4B0C-B21E-326CF8BCA7FA}C:\users\colm\downloads\age of empires 2\age of empires 2\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\colm\downloads\age of empires 2\age of empires 2\age2_x1.exe |
"TCP Query User{8A3B7C8E-7E9B-42D5-8313-0FE5A81252FD}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{8CA157CE-ADD0-4748-A41B-DE5F0057FDC2}C:\users\colm\garry's mod 11\game\hl2.exe" = protocol=6 | dir=in | app=c:\users\colm\garry's mod 11\game\hl2.exe |
"TCP Query User{8DDFC846-DBEF-4A6E-B120-8A6424E26DDC}C:\users\colm\age of empires 2\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\colm\age of empires 2\age2_x1.exe |
"TCP Query User{9CA51EB7-1150-46F3-B344-CF41B7EF2B6F}C:\program files\steam\steamapps\flameoxx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\flameoxx\team fortress 2\hl2.exe |
"TCP Query User{A42793EB-9524-45FB-90C1-A847C7AA406A}C:\users\colm\downloads\tightvnc-1.3.10_x86\vncviewer.exe" = protocol=6 | dir=in | app=c:\users\colm\downloads\tightvnc-1.3.10_x86\vncviewer.exe |
"TCP Query User{AD57415B-CA6B-4ABF-8517-8D7AD057CF33}C:\program files\psi\psi.exe" = protocol=6 | dir=in | app=c:\program files\psi\psi.exe |
"TCP Query User{C8A547F5-24F2-4995-BAAA-5759B2A5AE86}C:\users\colm\garry's mod\game\hl2.exe" = protocol=6 | dir=in | app=c:\users\colm\garry's mod\game\hl2.exe |
"TCP Query User{D04E052D-DC51-4161-94D0-4AB05B9D729A}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"TCP Query User{D2511ECE-AE53-417B-88D8-BF66E40FA7F1}C:\users\colm\downloads\racer082\racer\racer.exe" = protocol=6 | dir=in | app=c:\users\colm\downloads\racer082\racer\racer.exe |
"TCP Query User{E8B619ED-6DD0-457D-BA7C-D7E4BAAA2A32}C:\users\colm\downloads\a_o_e_1_g-w-r_o_r_ex_po\a_o_e_1_g-w-r_o_r_ex_po\a_o_e_1_g-w-r_o_r_ex_po\empiresx.exe" = protocol=6 | dir=in | app=c:\users\colm\downloads\a_o_e_1_g-w-r_o_r_ex_po\a_o_e_1_g-w-r_o_r_ex_po\a_o_e_1_g-w-r_o_r_ex_po\empiresx.exe |
"TCP Query User{FA36E476-17CC-4CE4-B043-9EC62027FF46}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"UDP Query User{04B80C4E-101D-4D0F-8934-4A31781DC61A}C:\program files\steam\steamapps\flameoxx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\flameoxx\team fortress 2\hl2.exe |
"UDP Query User{1205B046-E4F2-481C-8B26-01DB54AC4610}C:\program files\graboid\graboidvideo\1.4.0.0\dlmanager\graboiddlmanager.exe" = protocol=17 | dir=in | app=c:\program files\graboid\graboidvideo\1.4.0.0\dlmanager\graboiddlmanager.exe |
"UDP Query User{1B96656C-75C0-477E-BC2C-DA0E83399012}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{1F4B2899-EE12-4166-B23F-3213D7C0E191}C:\users\colm\garry's mod\game\hl2.exe" = protocol=17 | dir=in | app=c:\users\colm\garry's mod\game\hl2.exe |
"UDP Query User{2585BD11-B3B3-481B-B2D9-337A027DE1C6}C:\users\colm\age of empires 2\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\colm\age of empires 2\age2_x1.exe |
"UDP Query User{38DFD943-0A4E-4D02-A26D-6E4862478107}C:\users\colm\downloads\tightvnc-1.3.10_x86\vncviewer.exe" = protocol=17 | dir=in | app=c:\users\colm\downloads\tightvnc-1.3.10_x86\vncviewer.exe |
"UDP Query User{3B3A9D8A-844F-4574-9E47-FABBFFF0D1B5}C:\program files\ysflight.com\ysflight\fsmainsvr.exe" = protocol=17 | dir=in | app=c:\program files\ysflight.com\ysflight\fsmainsvr.exe |
"UDP Query User{43B50728-3EF9-444D-9A15-DF337215A614}C:\users\colm\downloads\a_o_e_1_g-w-r_o_r_ex_po\a_o_e_1_g-w-r_o_r_ex_po\a_o_e_1_g-w-r_o_r_ex_po\empiresx.exe" = protocol=17 | dir=in | app=c:\users\colm\downloads\a_o_e_1_g-w-r_o_r_ex_po\a_o_e_1_g-w-r_o_r_ex_po\a_o_e_1_g-w-r_o_r_ex_po\empiresx.exe |
"UDP Query User{52733DF0-985B-4562-AE4B-CF9D7EDBFC54}C:\users\colm\downloads\age of empires 2\age of empires 2\empires2.exe" = protocol=17 | dir=in | app=c:\users\colm\downloads\age of empires 2\age of empires 2\empires2.exe |
"UDP Query User{563519EC-0067-4953-AFC0-B961FC8BB616}C:\users\colm\garry's mod 11\game\hl2.exe" = protocol=17 | dir=in | app=c:\users\colm\garry's mod 11\game\hl2.exe |
"UDP Query User{5A0EFCA2-B3B4-48BE-A4E8-F1E3924F97BC}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{626D8438-E6CF-4561-922D-840F6D0E74F6}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"UDP Query User{80526B92-55B7-41A6-86BF-1122F9D7BDD6}C:\program files\psi\psi.exe" = protocol=17 | dir=in | app=c:\program files\psi\psi.exe |
"UDP Query User{85F952C0-B332-461E-A7C2-8EA402BF222D}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{860D9B65-A67B-46DB-A885-885C0BC41AB3}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{931C10AC-C3B9-4929-8831-751954B5DC48}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{96E6B7A6-E461-4F5C-BF52-9297FFD79B19}C:\program files\steam\steamapps\flameoxx\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\flameoxx\garrysmod\hl2.exe |
"UDP Query User{A14065E5-772F-426A-9B32-6AF97F134BA6}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"UDP Query User{B3450C37-E605-4FA5-9E4F-F85AB7B4369F}C:\users\colm\downloads\age of empires 2\age of empires 2\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\colm\downloads\age of empires 2\age of empires 2\age2_x1.exe |
"UDP Query User{C0476FEE-BCB7-4352-A30A-15C0F6BCC986}C:\program files\ultravnc\winvnc.exe" = protocol=17 | dir=in | app=c:\program files\ultravnc\winvnc.exe |
"UDP Query User{C1F19809-A928-44A5-B2A6-9AEEA19C05CB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{C6168365-3B8F-47DA-92BC-8934EA716169}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{CBF03E30-3B8F-4DC5-A566-7951B60B9C22}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{EB7DF94C-18E2-473C-B1A5-D5C7188B0EED}C:\users\colm\downloads\racer082\racer\racer.exe" = protocol=17 | dir=in | app=c:\users\colm\downloads\racer082\racer\racer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype 4.0
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Vodafone 3G Broadband Modem
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{5164E4B0-9CD0-454A-BAC0-6771A15EEB64}" = Air Mouse Server
"{5299C5E1-70F9-3D1D-A1FA-BDECA4EC8015}" = Google Talk Plugin
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65761BAE-11E8-48FE-B30F-1F01011AB906}" = The Sims 3 Create a World Tool - Beta
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.8.0.193f
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iPhone Explorer 0.980
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam v0.3.0
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95264530-5A22-8E7E-FE9D-D63A927BCAEA}" = Adobe Media Player
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims 3
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe Extendscript Toolkit 2
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D88C3E7C-1DA6-4AD7-97FC-75BC8705B266}" = runtime
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8887F4B-C77B-4E1F-92AA-ABAF89812AC9}" = Tap Maker
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe Extendscript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"COMODO Internet Security" = COMODO Internet Security
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"FileZilla Client" = FileZilla Client 3.3.1
"Flickr Uploadr" = Flickr Uploadr 3.1.3
"Foxit Reader" = Foxit Reader
"Free Fire Screensaver" = Free Fire Screensaver
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.34
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImgBurn" = ImgBurn
"ImRe_is1" = ImRe 2.1
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Jpeg Enhancer_is1" = Jpeg Enhancer 1.8
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LastFM_is1" = Last.fm 1.5.4.24567
"Lexmark 2300 Series" = Lexmark 2300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiPony" = MiPony 1.0.2
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"NVIDIA Drivers" = NVIDIA Drivers
"Nvu_is1" = Nvu 1.0PR
"OpenAL" = OpenAL
"PeerGuardian_is1" = PeerGuardian 2.0
"PowerISO" = PowerISO
"RollerCoaster Tycoon 2 Triple Thrill Pack" = RollerCoaster Tycoon 2 Triple Thrill Pack
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Steam App 220" = Half-Life 2
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"Uninstall_is1" = Uninstall 1.0.0.1
"VioVideoConverter" = Vio Video Converter 1.0
"VLC media player" = VideoLAN VLC media player 0.8.6d
"VobSub" = VobSub v2.23 (Remove Only)
"WildTangent hp Master Uninstall" = My HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.2.5
"Yacc" = Yacc 0.4.0.3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 19/08/2009 10:04:31 | Computer Name = Colm-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000002.

Error - 19/08/2009 10:04:31 | Computer Name = Colm-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000002.

Error - 19/08/2009 10:04:31 | Computer Name = Colm-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000002.

Error - 19/08/2009 10:04:31 | Computer Name = Colm-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000002.

Error - 19/08/2009 10:04:31 | Computer Name = Colm-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000002.

[ Application Events ]
Error - 03/02/2010 10:48:11 | Computer Name = Colm-PC | Source = Google Update | ID = 20
Description =

Error - 03/02/2010 11:45:05 | Computer Name = Colm-PC | Source = WinMgmt | ID = 10
Description =

Error - 03/02/2010 11:48:06 | Computer Name = Colm-PC | Source = Google Update | ID = 20
Description =

Error - 03/02/2010 12:48:07 | Computer Name = Colm-PC | Source = Google Update | ID = 20
Description =

Error - 03/02/2010 13:47:56 | Computer Name = Colm-PC | Source = WinMgmt | ID = 10
Description =

Error - 03/02/2010 13:53:06 | Computer Name = Colm-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 03/02/2010 14:25:20 | Computer Name = Colm-PC | Source = WinMgmt | ID = 10
Description =

Error - 03/02/2010 17:01:06 | Computer Name = Colm-PC | Source = WinMgmt | ID = 10
Description =

Error - 03/02/2010 17:24:14 | Computer Name = Colm-PC | Source = VSS | ID = 8194
Description =

Error - 03/02/2010 17:24:41 | Computer Name = Colm-PC | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 01/10/2009 15:59:46 | Computer Name = Colm-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 01/10/2009 15:59:46 | Computer Name = Colm-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 01/10/2009 16:01:50 | Computer Name = Colm-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 01/10/2009 16:01:50 | Computer Name = Colm-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 02/10/2009 11:14:09 | Computer Name = Colm-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 02/10/2009 11:14:09 | Computer Name = Colm-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 02/10/2009 11:14:09 | Computer Name = Colm-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 03/10/2009 05:40:36 | Computer Name = Colm-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 03/10/2009 05:40:36 | Computer Name = Colm-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 03/10/2009 05:40:36 | Computer Name = Colm-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

Re: HELP! Computer is infected with rootkit!4th February 2010, 9:28 pm

EDIT: Sorry for the double post

Last edited by legendbiscuits on 4th February 2010, 11:00 pm; edited 1 time in total

Re: HELP! Computer is infected with rootkit!4th February 2010, 9:57 pm

Hello.
You've posted Extras.txt twice, can you post OTL.txt as well please?

Re: HELP! Computer is infected with rootkit!4th February 2010, 10:59 pm

Oh So Sorry!

OTL logfile created on: 04/02/2010 21:12:15 - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\Colm\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.98 Gb Total Space | 50.14 Gb Free Space | 36.07% Space Free | Partition Type: NTFS
Drive D: | 10.07 Gb Total Space | 1.75 Gb Free Space | 17.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 968.38 Mb Total Space | 962.61 Mb Free Space | 99.40% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: COLM-PC
Current User Name: Colm
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/04 21:02:28 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Colm\Desktop\OTL.exe
PRC - [2010/02/01 15:48:31 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/02/01 15:48:23 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/01/26 22:50:08 | 000,319,280 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/01/02 04:56:14 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2009/11/24 23:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 23:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 23:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 23:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 23:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/09 22:28:17 | 000,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/04/16 12:36:36 | 024,264,488 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/04/16 12:36:36 | 000,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/04/11 06:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 15:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 15:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/09 14:56:48 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008/10/06 16:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/09/15 14:13:38 | 000,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2008/07/11 18:31:00 | 000,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/06/09 18:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/05/01 23:25:56 | 000,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008/04/17 18:05:20 | 000,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/04/17 18:05:10 | 001,049,896 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/04/15 21:51:00 | 000,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2008/04/11 16:04:54 | 000,685,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008/01/21 02:35:20 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/21 02:34:48 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/21 02:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/10/17 23:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/09/26 14:34:40 | 000,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2007/04/29 22:54:44 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcgcoms.exe

========== Modules (SafeList) ==========

MOD - [2010/02/04 21:02:28 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Colm\Desktop\OTL.exe
MOD - [2010/02/01 18:19:34 | 000,171,552 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
MOD - [2009/04/11 06:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2010/02/01 15:48:31 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/12/08 22:41:42 | 000,120,232 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2009/11/24 23:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 23:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 23:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 23:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/10/28 21:24:15 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/10/28 20:21:14 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/27 18:28:00 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/25 18:28:51 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/09 22:28:17 | 000,133,104 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9d0f57a744239) Google Update Service (gupdate1c9d0f57a744239)
SRV - [2009/03/30 15:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/09 14:56:48 | 000,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/10/06 16:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/09/15 14:13:38 | 000,241,734 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2008/07/11 18:31:00 | 000,196,608 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/06/09 18:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/05/01 23:25:56 | 000,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2008/04/03 18:33:26 | 000,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008/02/03 19:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 02:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/17 23:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/04/29 22:54:44 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcgcoms.exe -- (lxcg_device)
SRV - [2006/10/26 21:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2010/02/01 18:19:26 | 000,130,960 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010/02/01 15:48:34 | 000,074,328 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2010/02/01 15:48:34 | 000,029,520 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/01/08 23:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/11/24 23:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 23:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 23:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/11/24 23:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 23:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/09/08 20:53:43 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/21 19:24:04 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/07/14 22:36:26 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/06/18 12:55:41 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/03/26 07:00:02 | 000,064,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2009/03/15 10:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/10/25 17:09:04 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/10/25 17:09:04 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/10/25 17:09:04 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/10/03 02:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/11 18:31:00 | 007,530,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/04/27 19:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/24 22:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/04/17 18:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/21 02:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 02:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 02:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 02:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 02:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 02:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 02:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 02:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 02:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 02:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 02:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 02:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 02:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 02:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 02:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 02:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 02:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 02:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 02:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 02:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 02:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 02:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/21 02:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007/11/01 01:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 01:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/11/01 01:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/17 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/19 00:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/06/02 13:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/04/03 12:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007/04/03 12:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116obex.sys -- (s116obex)
DRV - [2007/04/03 12:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007/04/03 12:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 12:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007/04/03 12:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007/04/03 12:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007/03/01 09:18:00 | 000,092,032 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 07:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/11/02 06:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/26 08:48:38 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2006/06/18 22:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/06/24 16:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 09:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ie&c=91&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ie&c=91&bd=Presario&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ie&c=91&bd=Presario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ie/firefox"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: nadir.kadem@gmail.com:2.0
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.0
FF - prefs.js..extensions.enabledItems: foxdie_ext_ocelot@foxdie.us:3.5.2
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:3.5
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.62
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7
FF - prefs.js..extensions.enabledItems: Foxdie@tanjihay.com:3.5.2
FF - prefs.js..extensions.enabledItems: FoxdieGraphite@tanjihay.com:3.1.9.3
FF - prefs.js..network.proxy.http: "194.36.10.154"
FF - prefs.js..network.proxy.http_port: 3127

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/16 20:11:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/16 20:11:20 | 000,000,000 | ---D | M]

[2009/05/15 16:20:03 | 000,000,000 | ---D | M] -- C:\Users\Colm\AppData\Roaming\Mozilla\Extensions
[2009/05/15 16:20:03 | 000,000,000 | ---D | M] -- C:\Users\Colm\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2010/02/03 16:04:54 | 000,000,000 | ---D | M] -- C:\Users\Colm\AppData\Roaming\Mozilla\Firefox\Profiles\ttycu9pu.default\extensions
[2010/01/09 22:40:00 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Colm\AppData\Roaming\Mozilla\Firefox\Profiles\ttycu9pu.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/01/22 15:56:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colm\AppData\Roaming\Mozilla\Firefox\Profiles\ttycu9pu.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/05/17 17:12:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colm\AppData\Roaming\Mozilla\Firefox\Profiles\ttycu9pu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}-trash
[2010/01/09 13:15:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Colm\AppData\Roaming\Mozilla\Firefox\Profiles\ttycu9pu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/12 16:53:33 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Colm\AppData\Roaming\Mozilla\Firefox\Profiles\ttycu9pu.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/09/23 18:31:57 | 000,000,000 | ---D | M] -- C:\Users\Colm\AppData\Roaming\Mozilla\Firefox\Profiles\ttycu9pu.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/01/20 15:26:53 | 000,000,000 | ---D | M] -- C:\Users\Colm\AppData\Roaming\Mozilla\Firefox\Profiles\ttycu9pu.default\extensions\firebug@software.joehewitt.com
[2010/01/18 16:31:38 | 000,000,000 | ---D | M] -- C:\Users\Colm\AppData\Roaming\Mozilla\Firefox\Profiles\ttycu9pu.default\extensions\Foxdie@tanjihay.com
[2010/01/18 16:31:39 | 000,000,000 | ---D | M] -- C:\Users\Colm\AppData\Roaming\Mozilla\Firefox\Profiles\ttycu9pu.default\extensions\foxdie_ext_ocelot@foxdie.us
[2010/01/15 18:41:48 | 000,000,000 | ---D | M] -- C:\Users\Colm\AppData\Roaming\Mozilla\Firefox\Profiles\ttycu9pu.default\extensions\FoxdieGraphite@tanjihay.com
[2009/12/22 22:40:19 | 000,000,000 | ---D | M] -- C:\Users\Colm\AppData\Roaming\Mozilla\Firefox\Profiles\ttycu9pu.default\extensions\illimitux@illimitux.net
[2010/01/15 18:42:51 | 000,000,000 | ---D | M] -- C:\Users\Colm\AppData\Roaming\Mozilla\Firefox\Profiles\ttycu9pu.default\extensions\nadir.kadem@gmail.com
[2009/09/09 20:03:22 | 000,000,945 | ---- | M] () -- C:\Users\Colm\AppData\Roaming\Mozilla\Firefox\Profiles\ttycu9pu.default\searchplugins\youtube-video-search.xml
[2009/11/18 17:04:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/05/17 20:36:32 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/05/16 18:18:11 | 001,152,488 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPFxViewer.dll
[2010/01/16 20:11:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/16 20:11:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/16 20:11:00 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/16 20:11:00 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [LXCGCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.DLL ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.231.32.10 62.231.32.11
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Colm\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Colm\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/10 16:58:36 | 000,000,024 | -H-- | M] () - H:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{b3b3e3b3-005f-11df-9b3d-001f16617d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{b3b3e3b3-005f-11df-9b3d-001f16617d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{e116c871-d921-11de-9655-001f16617d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{e116c871-d921-11de-9655-001f16617d6a}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{e116c883-d921-11de-9655-001f16617d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{e116c883-d921-11de-9655-001f16617d6a}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/04 21:09:46 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Users\Colm\Desktop\OTL.exe
[2010/02/04 16:30:09 | 000,000,000 | ---D | C] -- C:\Users\Colm\Desktop\FA_Portable
[2010/02/04 08:38:24 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\System32\SAVRKBootTasks.sys
[2010/02/03 22:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/02/02 21:30:28 | 000,000,000 | R--D | C] -- C:\Users\Colm\Desktop\Smileys
[2010/02/01 18:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2010/02/01 18:26:08 | 000,000,000 | ---D | C] -- C:\Program Files\Infogrames
[2010/02/01 16:24:45 | 000,000,000 | ---D | C] -- C:\Users\Colm\Documents\DVDVideoSoft
[2010/02/01 16:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/02/01 16:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/02/01 15:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2010/02/01 15:48:51 | 000,171,552 | ---- | C] (COMODO) -- C:\Windows\System32\guard32.dll
[2010/02/01 15:48:51 | 000,130,960 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2010/02/01 15:48:51 | 000,074,328 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2010/02/01 15:48:51 | 000,029,520 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2010/02/01 15:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/02/01 15:15:52 | 000,000,000 | ---D | C] -- C:\Users\Colm\AppData\Roaming\Atari
[2010/02/01 14:58:09 | 000,000,000 | ---D | C] -- C:\Users\Colm\AppData\Roaming\Leadertech
[2010/02/01 12:03:52 | 000,000,000 | RHSD | C] -- C:\RECYCLER
[2010/01/31 18:50:27 | 000,000,000 | ---D | C] -- C:\Users\Colm\AppData\Roaming\dvdcss
[2010/01/31 16:30:15 | 000,000,000 | ---D | C] -- C:\Users\Colm\Documents\Downloads
[2010/01/30 23:19:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/30 23:11:50 | 000,000,000 | ---D | C] -- C:\Users\Colm\AppData\Local\Stardock
[2010/01/30 21:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2010/01/30 17:57:55 | 000,000,000 | ---D | C] -- C:\Users\Colm\Documents\Adobe
[2010/01/30 12:27:24 | 000,000,000 | ---D | C] -- C:\Users\Colm\Desktop\Websites
[2010/01/30 10:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Keyword Elite 2.0
[2010/01/30 10:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\Keyword Elite 2.0
[2010/01/25 17:20:31 | 000,000,000 | ---D | C] -- C:\Users\Colm\AppData\Local\IsolatedStorage
[2010/01/21 19:08:21 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/21 19:08:21 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/21 19:08:20 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/21 19:08:20 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/21 19:08:19 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/21 19:08:19 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/21 19:08:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/21 19:08:19 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/21 19:08:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/21 19:08:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/21 19:08:19 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/21 19:08:19 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/21 19:08:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/21 19:08:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/20 20:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Ezprint
[2010/01/20 20:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\Lx_cats
[2010/01/20 20:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 2300 Series
[2010/01/20 20:46:52 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcginpa.dll
[2010/01/20 20:46:52 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcgiesc.dll
[2010/01/20 20:46:52 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcghcp.dll
[2010/01/20 20:46:51 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcgserv.dll
[2010/01/20 20:46:51 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxcgusb1.dll
[2010/01/20 20:46:51 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcgpmui.dll
[2010/01/20 20:46:51 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcglmpm.dll
[2010/01/20 20:46:51 | 000,446,464 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxcgutil.dll
[2010/01/20 20:46:51 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcgprox.dll
[2010/01/20 20:46:51 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcgpplc.dll
[2010/01/20 20:46:50 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxcgih.exe
[2010/01/20 20:46:50 | 000,200,704 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxcginsb.dll
[2010/01/20 20:46:50 | 000,155,648 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxcgins.dll
[2010/01/20 20:46:50 | 000,131,072 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxcgjswr.dll
[2010/01/20 20:46:50 | 000,106,496 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxcginsr.dll
[2010/01/20 20:46:49 | 000,983,121 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lxcggf.dll
[2010/01/20 20:46:49 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcghbn3.dll
[2010/01/20 20:46:49 | 000,086,016 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxcgcub.dll
[2010/01/20 20:46:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcgcomc.dll
[2010/01/20 20:46:48 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcgcoms.exe
[2010/01/20 20:46:48 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcgcomm.dll
[2010/01/20 20:46:48 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxcgcfg.exe
[2010/01/20 20:46:48 | 000,073,728 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxcgcu.dll
[2010/01/20 20:46:48 | 000,069,632 | ---- | C] (Lexmark International) -- C:\Windows\System32\lxcgcfg.dll
[2010/01/20 20:46:48 | 000,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxcgcur.dll
[2010/01/20 20:46:21 | 000,000,000 | ---D | C] -- C:\drivers
[2010/01/16 17:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mad Scientist Productions
[2010/01/16 16:39:54 | 000,000,000 | ---D | C] -- C:\Users\Colm\Documents\Electronic Arts
[2010/01/16 15:33:45 | 000,000,000 | -H-D | C] -- C:\Users\Colm\Documents\ShadowEditFiles
[2010/01/15 17:22:21 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2010/01/15 17:22:17 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2010/01/15 17:22:16 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2010/01/15 17:22:09 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2010/01/15 17:22:05 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2010/01/15 17:22:03 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2010/01/15 17:21:58 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2010/01/15 17:21:56 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2010/01/15 17:21:51 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010/01/15 17:21:41 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010/01/15 17:21:37 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010/01/15 17:21:36 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010/01/15 17:21:33 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010/01/15 17:21:28 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010/01/15 17:21:26 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2010/01/15 17:21:22 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010/01/15 17:21:21 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010/01/15 17:21:17 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010/01/15 17:21:13 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2010/01/15 17:21:10 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2010/01/15 17:21:08 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2010/01/15 17:21:05 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2010/01/15 17:21:02 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2010/01/15 17:20:58 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2010/01/15 17:20:55 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010/01/15 17:20:52 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2010/01/15 17:20:48 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2010/01/15 17:20:46 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2010/01/15 17:20:44 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2010/01/15 17:20:41 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2010/01/15 17:18:23 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010/01/15 17:18:12 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2010/01/15 17:18:11 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2010/01/15 17:18:06 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2010/01/15 17:18:00 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2010/01/15 17:17:25 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2010/01/15 17:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\AeriaGames
[2010/01/14 17:04:17 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/14 17:04:08 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/12 19:57:17 | 000,000,000 | ---D | C] -- C:\Users\Colm\AppData\Roaming\FileZilla
[2010/01/12 19:56:57 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2010/01/11 22:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/01/09 22:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/01/09 22:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/01/09 22:08:31 | 000,000,000 | ---D | C] -- C:\Users\Colm\AppData\Roaming\Real
[2010/01/08 23:42:40 | 000,032,768 | ---- | C] (AnchorFree Inc) -- C:\Windows\System32\drivers\taphss.sys
[2010/01/08 21:21:07 | 000,000,000 | ---D | C] -- C:\Users\Colm\AppData\Local\TechSmith
[2010/01/07 18:38:25 | 000,000,000 | ---D | C] -- C:\Users\Colm\Documents\Camtasia Studio
[2010/01/07 18:37:39 | 000,107,864 | ---- | C] (TechSmith Corporation) -- C:\Windows\System32\tsccvid.dll
[2010/01/07 18:37:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime
[2010/01/07 18:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/01/07 18:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2010/01/07 18:35:50 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010/01/06 12:50:18 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2010/01/05 21:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Immunet Protect
[2009/09/08 20:53:43 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Colm\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/04 21:17:03 | 000,791,552 | ---- | M] () -- C:\Windows\System32\drivers\reptqwpd.sys
[2010/02/04 21:15:57 | 005,505,024 | -HS- | M] () -- C:\Users\Colm\NTUSER.DAT
[2010/02/04 21:12:39 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F2A32BAD-8815-408D-9F45-D8CFFF25C714}.job
[2010/02/04 21:11:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/04 21:11:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/04 21:08:30 | 000,041,952 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/02/04 21:08:20 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/04 21:07:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/04 21:06:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/04 21:02:28 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Colm\Desktop\OTL.exe
[2010/02/04 19:45:47 | 000,524,288 | -HS- | M] () -- C:\Users\Colm\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/02/04 19:45:47 | 000,065,536 | -HS- | M] () -- C:\Users\Colm\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/02/04 19:45:16 | 002,269,108 | -H-- | M] () -- C:\Users\Colm\AppData\Local\IconCache.db
[2010/02/04 18:48:20 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3257623526-4123984516-161913098-1000UA.job
[2010/02/04 18:47:25 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/04 17:52:45 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/04 17:52:45 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/04 17:52:45 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/04 17:48:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3257623526-4123984516-161913098-1000Core.job
[2010/02/04 16:26:48 | 000,081,705 | ---- | M] () -- C:\Users\Colm\Desktop\FA_Portable.zip
[2010/02/03 21:50:47 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/02/03 21:49:52 | 000,041,952 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/02/03 21:22:51 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\siqvrfkp.sys
[2010/02/01 18:32:02 | 000,002,100 | ---- | M] () -- C:\Users\Colm\Desktop\Play RCT2 Triple Thrill.lnk
[2010/02/01 18:19:34 | 000,171,552 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
[2010/02/01 18:19:26 | 000,130,960 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2010/02/01 15:48:34 | 000,074,328 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2010/02/01 15:48:34 | 000,029,520 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2010/02/01 15:22:47 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\uikmm.sys
[2010/01/30 18:01:32 | 000,031,744 | ---- | M] () -- C:\Users\Colm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/27 22:52:50 | 000,035,130 | ---- | M] () -- C:\Users\Colm\Documents\Some more riddles.docx
[2010/01/27 22:51:04 | 000,002,627 | ---- | M] () -- C:\Users\Colm\Desktop\Microsoft Office Word 2007.lnk
[2010/01/26 22:38:46 | 000,023,157 | ---- | M] () -- C:\Users\Colm\Documents\Some Riddles.docx
[2010/01/25 17:13:17 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 3 Create a World Tool - Beta.lnk
[2010/01/22 18:10:00 | 000,000,250 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/01/20 20:51:29 | 000,014,645 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2010/01/18 19:13:48 | 000,002,042 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 3.lnk
[2010/01/14 23:26:47 | 000,000,838 | ---- | M] () -- C:\Users\Colm\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/14 20:16:03 | 000,006,540 | ---- | M] () -- C:\user.conf
[2010/01/14 11:12:06 | 000,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/11 23:42:48 | 000,278,528 | ---- | M] () -- C:\Users\Colm\AppData\Roaming\chrtmp
[2010/01/09 22:08:52 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/01/08 23:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) -- C:\Windows\System32\drivers\taphss.sys
[2010/01/07 18:37:14 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 6.lnk
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/04 16:30:00 | 000,081,705 | ---- | C] () -- C:\Users\Colm\Desktop\FA_Portable.zip
[2010/02/03 22:12:32 | 001,339,288 | ---- | C] () -- C:\Users\Colm\Desktop\sar_15_sfx.exe
[2010/02/03 21:22:51 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\siqvrfkp.sys
[2010/02/01 18:32:02 | 000,002,100 | ---- | C] () -- C:\Users\Colm\Desktop\Play RCT2 Triple Thrill.lnk
[2010/02/01 15:22:47 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\uikmm.sys
[2010/02/01 15:08:36 | 000,791,552 | ---- | C] () -- C:\Windows\System32\drivers\reptqwpd.sys
[2010/02/01 12:12:42 | 000,000,838 | ---- | C] () -- C:\Users\Colm\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/31 16:28:35 | 000,278,528 | ---- | C] () -- C:\Users\Colm\AppData\Roaming\chrtmp
[2010/01/28 19:45:49 | 000,006,540 | ---- | C] () -- C:\user.conf
[2010/01/27 21:17:54 | 000,035,130 | ---- | C] () -- C:\Users\Colm\Documents\Some more riddles.docx
[2010/01/26 22:38:43 | 000,023,157 | ---- | C] () -- C:\Users\Colm\Documents\Some Riddles.docx
[2010/01/26 21:13:03 | 000,002,627 | ---- | C] () -- C:\Users\Colm\Desktop\Microsoft Office Word 2007.lnk
[2010/01/25 17:13:17 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 3 Create a World Tool - Beta.lnk
[2010/01/20 20:46:52 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxcginst.dll
[2010/01/20 20:46:52 | 000,014,645 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf
[2010/01/20 20:46:48 | 000,001,729 | ---- | C] () -- C:\Windows\System32\lxcg.loc
[2010/01/16 16:14:35 | 000,002,042 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 3.lnk
[2010/01/07 18:37:14 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 6.lnk
[2010/01/01 22:32:59 | 000,000,600 | ---- | C] () -- C:\Users\Colm\AppData\Roaming\winscp.rnd
[2009/12/24 20:18:29 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\sodgcr.sys
[2009/12/19 20:37:04 | 000,000,551 | ---- | C] () -- C:\Users\Colm\AppData\Roaming\AutoGK.ini
[2009/11/26 23:14:09 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2009/11/23 17:21:44 | 000,014,047 | ---- | C] () -- C:\Users\Colm\AppData\Roaming\UserTile.png
[2009/09/30 17:44:36 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/09/25 20:30:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/16 14:26:55 | 000,000,680 | ---- | C] () -- C:\Users\Colm\AppData\Local\d3d9caps.dat
[2009/09/08 20:55:26 | 000,001,176 | ---- | C] () -- C:\Users\Colm\AppData\Roaming\vso_ts_preview.xml
[2009/09/08 20:54:59 | 000,000,034 | ---- | C] () -- C:\Users\Colm\AppData\Roaming\pcouffin.log
[2009/09/08 20:53:43 | 000,087,608 | ---- | C] () -- C:\Users\Colm\AppData\Roaming\inst.exe
[2009/09/08 20:53:43 | 000,007,887 | ---- | C] () -- C:\Users\Colm\AppData\Roaming\pcouffin.cat
[2009/09/08 20:53:43 | 000,001,144 | ---- | C] () -- C:\Users\Colm\AppData\Roaming\pcouffin.inf
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/17 14:01:29 | 000,000,000 | ---- | C] () -- C:\Users\Colm\AppData\Roaming\wklnhst.dat
[2009/05/16 18:18:19 | 000,000,063 | -H-- | C] () -- C:\ProgramData\Ts_infos.ini
[2009/05/14 16:59:36 | 000,000,000 | ---- | C] () -- C:\Users\Colm\AppData\Local\FnF4.txt
[2009/05/11 16:44:03 | 000,031,744 | ---- | C] () -- C:\Users\Colm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/09 20:43:48 | 000,041,952 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/05/09 20:43:45 | 000,041,952 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/05/09 17:44:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/09 17:28:58 | 000,000,000 | ---- | C] () -- C:\Users\Colm\AppData\Local\QSwitch.txt
[2009/05/09 17:28:58 | 000,000,000 | ---- | C] () -- C:\Users\Colm\AppData\Local\DSwitch.txt
[2009/05/09 17:28:58 | 000,000,000 | ---- | C] () -- C:\Users\Colm\AppData\Local\AtStart.txt
[2009/01/11 20:39:54 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/01/11 20:39:44 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/01/11 20:39:20 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/01/11 20:38:44 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/01/11 20:36:49 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/01/11 20:36:19 | 000,000,250 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2008/10/25 18:05:01 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/25 17:58:46 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/25 17:56:46 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/25 17:55:19 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2007/02/22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcgcoin.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 09:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/08/18 06:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcgvs.dll
[2005/03/13 14:32:14 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcgcnv4.dll
[2005/02/05 20:46:00 | 000,004,608 | ---- | C] () -- C:\Windows\fgexec.dll
[2002/10/15 22:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
< End of report >

Re: HELP! Computer is infected with rootkit!4th February 2010, 11:42 pm

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O32 - AutoRun File - [2010/01/10 16:58:36 | 000,000,024 | -H-- | M] () - H:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{b3b3e3b3-005f-11df-9b3d-001f16617d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{b3b3e3b3-005f-11df-9b3d-001f16617d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{e116c871-d921-11de-9655-001f16617d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{e116c871-d921-11de-9655-001f16617d6a}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{e116c883-d921-11de-9655-001f16617d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{e116c883-d921-11de-9655-001f16617d6a}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
[2010/02/04 21:17:03 | 000,791,552 | ---- | M] () -- C:\Windows\System32\drivers\reptqwpd.sys
[2010/02/03 21:22:51 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\siqvrfkp.sys
[2010/02/01 15:22:47 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\uikmm.sys
[2009/12/24 20:18:29 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\sodgcr.sys
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: HELP! Computer is infected with rootkit!5th February 2010, 3:34 pm

Thanks so much for your help! Unfortunatly, it seems it has not moved the problem file reptqwpd.sys it says it was not found but it is definitly still there. Anyway here is the log:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
H:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3b3e3b3-005f-11df-9b3d-001f16617d6a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3b3e3b3-005f-11df-9b3d-001f16617d6a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3b3e3b3-005f-11df-9b3d-001f16617d6a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3b3e3b3-005f-11df-9b3d-001f16617d6a}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e116c871-d921-11de-9655-001f16617d6a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e116c871-d921-11de-9655-001f16617d6a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e116c871-d921-11de-9655-001f16617d6a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e116c871-d921-11de-9655-001f16617d6a}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e116c883-d921-11de-9655-001f16617d6a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e116c883-d921-11de-9655-001f16617d6a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e116c883-d921-11de-9655-001f16617d6a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e116c883-d921-11de-9655-001f16617d6a}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\Autorun.exe not found.
File C:\Windows\System32\drivers\reptqwpd.sys not found.
C:\Windows\System32\drivers\siqvrfkp.sys moved successfully.
C:\Windows\System32\drivers\uikmm.sys moved successfully.
C:\Windows\System32\drivers\sodgcr.sys moved successfully.

OTL by OldTimer - Version 3.1.27.1 log created on 02052010_153026

Re: HELP! Computer is infected with rootkit!5th February 2010, 4:51 pm

Hello.
Lets go deeper.

Download combofix from here
Link 1

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:

HELP! Computer is infected with rootkit! CF_download_FF

HELP! Computer is infected with rootkit! CF_download_FF

HELP! Computer is infected with rootkit! 2aflf5z

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

See HERE for how to disable your AV.
Double click on svchost.exe.
Follow the prompts. NOTE:
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouse click combofix's window whilst it's running. That may cause it to stall.

Re: HELP! Computer is infected with rootkit!5th February 2010, 5:58 pm

OMG YOU'RE SUCH A LEGEND!!! THANK YOU!!! MY COMPUTER IS ALIVE!!

ComboFix 10-02-04.08 - Colm 05/02/2010 17:17:19.1.1 - x86
Microsoft

Windows Vista

Home Basic 6.0.6002.2.1252.353.1033.18.1790.675 [GMT 0:00]
Running from: c:\users\Colm\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1185964299-3804096841-1645810021-500
c:\$recycle.bin\S-1-5-21-3257623526-4123984516-161913098-500
c:\program files\Cheat Engine\dbk32.sys
c:\recycler\S-1-5-21-7549370120-5195578140-704617848-9188
c:\users\Colm\AppData\Local\Microsoft\Windows\Temporary Internet Files\udDownload.tmp
c:\users\Colm\AppData\Local\Microsoft\Windows\Temporary Internet Files\udDownload[1].tmp
c:\users\Colm\AppData\Roaming\inst.exe
c:\windows\system32\drivers\reptqwpd.sys

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_reptqwpd
-------\Service_reptqwpd

((((((((((((((((((((((((( Files Created from 2010-01-05 to 2010-02-05 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 17:39 . 2009-05-14 18:12 -------- d-----w- c:\users\Colm\AppData\Roaming\uTorrent
2010-02-05 17:39 . 2009-05-09 17:44 -------- d-----w- c:\users\Colm\AppData\Roaming\skypePM
2010-02-05 17:33 . 2009-09-30 17:44 -------- d-----w- c:\program files\Cheat Engine
2010-02-05 17:05 . 2009-05-09 17:44 -------- d-----w- c:\users\Colm\AppData\Roaming\Skype
2010-02-04 18:42 . 2010-01-20 20:50 -------- d-----w- c:\program files\Lx_cats
2010-02-04 18:41 . 2009-05-17 21:29 -------- d-----w- c:\users\Colm\AppData\Roaming\vlc
2010-02-03 22:13 . 2010-02-03 22:13 -------- d-----w- c:\program files\Sophos
2010-02-03 21:50 . 2009-05-09 17:44 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-02-03 21:50 . 2009-01-11 20:48 -------- d-----w- c:\programdata\NVIDIA
2010-02-03 21:49 . 2009-05-09 20:43 41952 ----a-w- c:\programdata\nvModes.dat
2010-02-02 20:00 . 2010-01-12 19:57 -------- d-----w- c:\users\Colm\AppData\Roaming\FileZilla
2010-02-01 18:55 . 2010-02-01 18:32 -------- d-----w- c:\programdata\Trymedia
2010-02-01 18:26 . 2010-02-01 18:26 -------- d-----w- c:\program files\Infogrames
2010-02-01 18:19 . 2010-02-01 15:48 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-01 18:19 . 2010-02-01 15:48 130960 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-01 16:24 . 2010-02-01 16:23 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-02-01 16:23 . 2010-02-01 16:23 -------- d-----w- c:\program files\DVDVideoSoft
2010-02-01 16:02 . 2010-02-01 15:48 -------- d-----w- c:\programdata\Comodo
2010-02-01 15:48 . 2010-02-01 15:48 -------- d-----w- c:\program files\COMODO
2010-02-01 15:48 . 2010-02-01 15:48 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-02-01 15:48 . 2010-02-01 15:48 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-01 15:41 . 2008-10-25 16:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-01 15:36 . 2010-02-01 15:15 -------- d-----w- c:\users\Colm\AppData\Roaming\Atari
2010-02-01 14:58 . 2010-02-01 14:58 -------- d-----w- c:\users\Colm\AppData\Roaming\Leadertech
2010-02-01 12:47 . 2009-11-28 12:25 -------- d-----w- c:\users\Colm\AppData\Roaming\DMCache
2010-01-31 18:50 . 2010-01-31 18:50 -------- d-----w- c:\users\Colm\AppData\Roaming\dvdcss
2010-01-30 21:54 . 2010-01-30 21:54 -------- d-----w- c:\program files\Stardock
2010-01-30 16:27 . 2010-01-30 10:51 -------- d-----w- c:\program files\Keyword Elite 2.0
2010-01-30 10:56 . 2010-01-30 10:53 -------- d-----w- c:\programdata\Keyword Elite 2.0
2010-01-28 21:49 . 2010-01-03 00:37 -------- d-----w- c:\users\Colm\AppData\Roaming\Nvu
2010-01-26 23:21 . 2009-05-09 22:24 -------- d-----w- c:\program files\Google
2010-01-26 23:17 . 2008-10-25 17:05 -------- d-----w- c:\program files\HP Games
2010-01-26 23:08 . 2009-12-18 20:48 -------- d-----w- c:\program files\BSR Screen Recorder 4
2010-01-26 22:50 . 2009-05-14 18:13 -------- d-----w- c:\program files\uTorrent
2010-01-26 21:09 . 2008-10-25 17:47 -------- d-----w- c:\programdata\Microsoft Help
2010-01-25 20:05 . 2010-01-05 20:17 -------- d-----w- c:\users\Colm\AppData\Roaming\Mipony
2010-01-25 17:12 . 2009-06-17 18:50 -------- d-----w- c:\program files\Electronic Arts
2010-01-22 21:14 . 2009-07-15 15:47 -------- d-----w- c:\program files\Steam
2010-01-22 15:31 . 2009-10-01 19:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 20:51 . 2010-01-20 20:51 -------- d-----w- c:\programdata\Ezprint
2010-01-20 20:51 . 2010-01-20 20:47 -------- d-----w- c:\program files\Lexmark 2300 Series
2010-01-16 17:47 . 2010-01-16 17:33 -------- d-----w- c:\program files\Mad Scientist Productions
2010-01-16 17:38 . 2010-01-05 21:42 -------- d-----w- c:\program files\Immunet Protect
2010-01-16 15:33 . 2009-06-02 14:45 -------- d-----w- c:\users\Colm\AppData\Roaming\CyberLink
2010-01-15 21:25 . 2010-01-09 22:08 -------- d-----w- c:\program files\Common Files\Real
2010-01-15 17:11 . 2010-01-15 17:11 -------- d-----w- c:\program files\AeriaGames
2010-01-15 03:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-14 23:26 . 2009-09-14 21:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 23:26 . 2009-12-24 19:52 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-14 11:12 . 2009-10-03 11:36 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 19:57 . 2010-01-12 19:56 -------- d-----w- c:\program files\FileZilla FTP Client
2010-01-11 22:36 . 2010-01-11 22:36 -------- d-----w- c:\program files\Safari
2010-01-08 23:42 . 2010-01-08 23:42 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-01-07 18:37 . 2010-01-07 18:37 -------- d-----w- c:\programdata\TechSmith
2010-01-07 18:36 . 2010-01-07 18:36 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-01-07 18:35 . 2010-01-07 18:35 -------- d-----w- c:\program files\TechSmith
2010-01-07 16:07 . 2009-09-14 21:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2009-09-14 21:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 20:17 . 2010-01-05 20:17 -------- d-----w- c:\program files\MiPony
2010-01-05 19:44 . 2010-01-05 19:41 -------- d-----w- c:\program files\Nakido
2010-01-03 00:37 . 2010-01-03 00:37 -------- d-----w- c:\program files\Nvu
2010-01-02 14:35 . 2010-01-02 14:35 -------- d-----w- c:\program files\WinSCP
2010-01-02 06:38 . 2010-01-21 19:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 19:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 19:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 19:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-01 23:27 . 2010-01-01 23:27 -------- d-----w- c:\program files\Tap Maker
2010-01-01 17:34 . 2010-01-01 17:34 -------- d-----w- c:\program files\iPhone Explorer
2009-12-31 17:05 . 2009-12-31 17:05 -------- d-----w- c:\program files\Sector69
2009-12-30 21:10 . 2009-12-30 21:10 -------- d-----w- c:\users\Colm\AppData\Roaming\KompoZer
2009-12-30 15:26 . 2009-11-24 21:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-30 15:25 . 2009-11-24 21:07 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-30 15:25 . 2009-05-25 19:14 38784 ----a-w- c:\users\Colm\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-27 22:56 . 2009-12-27 22:56 -------- d-----w- c:\program files\Air Mouse
2009-12-27 22:36 . 2009-12-27 22:12 -------- d-----w- c:\program files\UltraVNC
2009-12-25 11:20 . 2009-05-17 13:34 -------- d-----w- c:\users\Colm\AppData\Roaming\Apple Computer
2009-12-25 11:13 . 2009-05-17 13:30 -------- d-----w- c:\programdata\Apple
2009-12-24 19:38 . 2009-08-19 15:57 -------- d-----w- c:\program files\StumbleUpon
2009-12-24 19:34 . 2009-12-24 19:34 -------- d-----w- c:\program files\ImRe
2009-12-19 20:20 . 2009-12-19 20:20 -------- d-----w- c:\program files\Gabest
2009-12-18 23:04 . 2009-12-18 23:03 -------- d-----w- c:\program files\Flash Convert
2009-12-17 20:14 . 2009-12-17 20:13 -------- d-----w- c:\program files\Yawcam
2009-12-04 10:03 . 2009-12-04 10:03 251376 ----a-w- c:\users\Colm\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-11-28 12:18 . 2009-05-09 17:26 76856 ----a-w- c:\users\Colm\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-25 18:00 . 2009-09-16 14:26 680 ----a-w- c:\users\Colm\AppData\Local\d3d9caps.dat
2009-11-25 12:38 . 2009-11-25 12:38 138240 ----a-w- c:\users\Colm\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-11-25 12:38 . 2009-11-25 12:38 138240 ----a-w- c:\users\Colm\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-11-25 12:38 . 2009-11-25 12:38 138240 ----a-w- c:\users\Colm\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-11-25 12:38 . 2009-11-25 12:38 138240 ----a-w- c:\users\Colm\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-11-24 23:54 . 2009-05-10 20:02 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:50 . 2009-05-10 20:03 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-05-10 20:03 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-05-10 20:02 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-24 23:49 . 2009-05-10 20:03 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-05-10 20:03 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-05-10 20:03 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-17 10:01 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-10-25 17:09 . 2008-10-25 16:56 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-26 319280]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-11 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-11 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"LXCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2007-02-22 73728]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-01 1800464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):27,eb,7e,f6,e6,3e,ca,01

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [10/05/2009 20:03 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [01/02/2010 15:48 130960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [01/02/2010 15:48 29520]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\System32\SAVRKBootTasks.sys [04/02/2010 08:38 18816]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [10/05/2009 20:03 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [10/05/2009 20:02 53328]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 02:33 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [25/10/2008 18:11 365952]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [21/08/2009 19:24 66592]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [25/10/2008 17:02 193840]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:33 21504]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [08/12/2009 22:41 120232]
S4 gupdate1c9d0f57a744239;Google Update Service (gupdate1c9d0f57a744239);c:\program files\Google\Update\GoogleUpdate.exe [09/05/2009 22:28 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 22:28]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 22:28]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3257623526-4123984516-161913098-1000Core.job
- c:\users\Colm\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-29 15:33]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3257623526-4123984516-161913098-1000UA.job
- c:\users\Colm\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-29 15:33]

2010-02-05 c:\windows\Tasks\User_Feed_Synchronization-{F2A32BAD-8815-408D-9F45-D8CFFF25C714}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gmail.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ie&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
FF - ProfilePath - c:\users\Colm\AppData\Roaming\Mozilla\Firefox\Profiles\ttycu9pu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/firefox
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFxViewer.dll
FF - plugin: c:\users\Colm\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\Colm\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-05 17:38
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\C909.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4012)
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxcgcoms.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-02-05 17:50:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-05 17:50

Pre-Run: 53,406,650,368 bytes free
Post-Run: 54,341,505,024 bytes free

- - End Of File - - 42346F074ACF9C59EE489A8DF3400572

Re: HELP! Computer is infected with rootkit!5th February 2010, 6:49 pm

Hello.

Click Start >> Control Panel.
Under the Programs click Uninstall a Program
Highlight the following:

Java(TM) 6 Update 7
Click on the Uninstall/Change button at the top.

Next,

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

Driver::
ezSharedSvc

NetSvc::
ezSharedSvc

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: HELP! Computer is infected with rootkit!5th February 2010, 7:44 pm

ComboFix 10-02-04.08 - Colm 05/02/2010 19:04:24.2.1 - x86
Microsoft

Windows Vista

Home Basic 6.0.6002.2.1252.353.1033.18.1790.637 [GMT 0:00]
Running from: c:\users\Colm\Desktop\ComboFix.exe
Command switches used :: c:\users\Colm\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ezSharedSvc

((((((((((((((((((((((((( Files Created from 2010-01-05 to 2010-02-05 )))))))))))))))))))))))))))))))
.

2010-02-05 19:26 . 2010-02-05 19:31 -------- d-----w- c:\users\Colm\AppData\Local\temp
2010-02-05 19:26 . 2010-02-05 19:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-05 19:26 . 2010-02-05 19:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-05 15:30 . 2010-02-05 15:30 -------- d-----w- C:\_OTL
2010-02-04 08:38 . 2009-06-18 12:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-02-03 22:13 . 2010-02-03 22:13 -------- d-----w- c:\program files\Sophos
2010-02-01 18:32 . 2010-02-01 18:55 -------- d-----w- c:\programdata\Trymedia
2010-02-01 18:26 . 2010-02-01 18:26 -------- d-----w- c:\program files\Infogrames
2010-02-01 16:23 . 2010-02-01 16:24 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-02-01 16:23 . 2010-02-01 16:23 -------- d-----w- c:\program files\DVDVideoSoft
2010-02-01 15:48 . 2010-02-01 16:02 -------- d-----w- c:\programdata\Comodo
2010-02-01 15:48 . 2010-02-01 18:19 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-01 15:48 . 2010-02-01 18:19 130960 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-01 15:48 . 2010-02-01 15:48 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-02-01 15:48 . 2010-02-01 15:48 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-01 15:48 . 2010-02-01 15:48 -------- d-----w- c:\program files\COMODO
2010-02-01 15:15 . 2010-02-01 15:36 -------- d-----w- c:\users\Colm\AppData\Roaming\Atari
2010-02-01 14:58 . 2010-02-01 14:58 -------- d-----w- c:\users\Colm\AppData\Roaming\Leadertech
2010-01-31 18:50 . 2010-01-31 18:50 -------- d-----w- c:\users\Colm\AppData\Roaming\dvdcss
2010-01-30 23:11 . 2010-01-30 23:11 -------- d-----w- c:\users\Colm\AppData\Local\Stardock
2010-01-30 21:54 . 2010-01-30 21:54 -------- d-----w- c:\program files\Stardock
2010-01-30 10:53 . 2010-01-30 10:56 -------- d-----w- c:\programdata\Keyword Elite 2.0
2010-01-30 10:51 . 2010-01-30 16:27 -------- d-----w- c:\program files\Keyword Elite 2.0
2010-01-25 17:20 . 2010-01-25 17:20 -------- d-----w- c:\users\Colm\AppData\Local\IsolatedStorage
2010-01-20 20:51 . 2010-01-20 20:51 -------- d-----w- c:\programdata\Ezprint
2010-01-20 20:50 . 2010-02-04 18:42 -------- d-----w- c:\program files\Lx_cats
2010-01-20 20:50 . 2007-01-30 06:32 118272 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxcgpp5c.dll
2010-01-20 20:47 . 2010-01-20 20:51 -------- d-----w- c:\program files\Lexmark 2300 Series
2010-01-16 17:33 . 2010-01-16 17:47 -------- d-----w- c:\program files\Mad Scientist Productions
2010-01-15 17:22 . 2007-10-22 03:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2010-01-15 17:22 . 2007-10-02 09:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2010-01-15 17:22 . 2007-10-12 15:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-01-15 17:22 . 2007-10-12 15:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-01-15 17:22 . 2007-07-20 00:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2010-01-15 17:22 . 2007-10-22 03:37 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2010-01-15 17:20 . 2007-03-05 12:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2010-01-15 17:20 . 2006-09-28 16:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-01-15 17:20 . 2006-07-28 09:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2010-01-15 17:20 . 2006-07-28 09:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2010-01-15 17:11 . 2010-01-15 17:11 -------- d-----w- c:\program files\AeriaGames
2010-01-14 17:04 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-14 17:04 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 19:57 . 2010-02-02 20:00 -------- d-----w- c:\users\Colm\AppData\Roaming\FileZilla
2010-01-12 19:56 . 2010-01-12 19:57 -------- d-----w- c:\program files\FileZilla FTP Client
2010-01-11 22:36 . 2010-01-11 22:36 -------- d-----w- c:\program files\Safari
2010-01-09 22:08 . 2010-01-15 21:25 -------- d-----w- c:\program files\Common Files\Real
2010-01-08 23:42 . 2010-01-08 23:42 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-01-08 21:21 . 2010-01-08 21:21 -------- d-----w- c:\users\Colm\AppData\Local\TechSmith
2010-01-07 18:37 . 2009-08-19 05:18 107864 ----a-w- c:\windows\system32\tsccvid.dll
2010-01-07 18:37 . 2010-01-07 18:37 -------- d-----w- c:\windows\system32\QuickTime
2010-01-07 18:37 . 2010-01-07 18:37 -------- d-----w- c:\programdata\TechSmith
2010-01-07 18:36 . 2010-01-07 18:36 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-01-07 18:35 . 2010-01-07 18:35 -------- d-----w- c:\program files\TechSmith

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 19:32 . 2009-05-14 18:12 -------- d-----w- c:\users\Colm\AppData\Roaming\uTorrent
2010-02-05 19:03 . 2009-05-09 17:44 -------- d-----w- c:\users\Colm\AppData\Roaming\Skype
2010-02-05 18:55 . 2008-10-25 18:07 -------- d-----w- c:\program files\Java
2010-02-05 18:46 . 2009-05-11 19:18 -------- d-----r- c:\program files\Skype
2010-02-05 18:46 . 2009-05-09 17:41 -------- d-----w- c:\programdata\Skype
2010-02-05 17:39 . 2009-05-09 17:44 -------- d-----w- c:\users\Colm\AppData\Roaming\skypePM
2010-02-05 17:33 . 2009-09-30 17:44 -------- d-----w- c:\program files\Cheat Engine
2010-02-04 18:41 . 2009-05-17 21:29 -------- d-----w- c:\users\Colm\AppData\Roaming\vlc
2010-02-03 21:50 . 2009-05-09 17:44 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-02-03 21:50 . 2009-01-11 20:48 -------- d-----w- c:\programdata\NVIDIA
2010-02-03 21:49 . 2009-05-09 20:43 41952 ----a-w- c:\programdata\nvModes.dat
2010-02-01 15:41 . 2008-10-25 16:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-01 12:47 . 2009-11-28 12:25 -------- d-----w- c:\users\Colm\AppData\Roaming\DMCache
2010-01-28 21:49 . 2010-01-03 00:37 -------- d-----w- c:\users\Colm\AppData\Roaming\Nvu
2010-01-26 23:21 . 2009-05-09 22:24 -------- d-----w- c:\program files\Google
2010-01-26 23:17 . 2008-10-25 17:05 -------- d-----w- c:\program files\HP Games
2010-01-26 23:08 . 2009-12-18 20:48 -------- d-----w- c:\program files\BSR Screen Recorder 4
2010-01-26 22:50 . 2009-05-14 18:13 -------- d-----w- c:\program files\uTorrent
2010-01-26 21:09 . 2008-10-25 17:47 -------- d-----w- c:\programdata\Microsoft Help
2010-01-25 20:05 . 2010-01-05 20:17 -------- d-----w- c:\users\Colm\AppData\Roaming\Mipony
2010-01-25 17:12 . 2009-06-17 18:50 -------- d-----w- c:\program files\Electronic Arts
2010-01-22 21:14 . 2009-07-15 15:47 -------- d-----w- c:\program files\Steam
2010-01-22 15:31 . 2009-10-01 19:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-16 17:38 . 2010-01-05 21:42 -------- d-----w- c:\program files\Immunet Protect
2010-01-16 15:33 . 2009-06-02 14:45 -------- d-----w- c:\users\Colm\AppData\Roaming\CyberLink
2010-01-15 03:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-14 23:26 . 2009-09-14 21:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 23:26 . 2009-12-24 19:52 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-14 11:12 . 2009-10-03 11:36 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 16:07 . 2009-09-14 21:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2009-09-14 21:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 20:17 . 2010-01-05 20:17 -------- d-----w- c:\program files\MiPony
2010-01-05 19:44 . 2010-01-05 19:41 -------- d-----w- c:\program files\Nakido
2010-01-03 00:37 . 2010-01-03 00:37 -------- d-----w- c:\program files\Nvu
2010-01-02 14:35 . 2010-01-02 14:35 -------- d-----w- c:\program files\WinSCP
2010-01-02 06:38 . 2010-01-21 19:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 19:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 19:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 19:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-01 23:27 . 2010-01-01 23:27 -------- d-----w- c:\program files\Tap Maker
2010-01-01 17:34 . 2010-01-01 17:34 -------- d-----w- c:\program files\iPhone Explorer
2009-12-31 17:05 . 2009-12-31 17:05 -------- d-----w- c:\program files\Sector69
2009-12-30 21:10 . 2009-12-30 21:10 -------- d-----w- c:\users\Colm\AppData\Roaming\KompoZer
2009-12-30 15:26 . 2009-11-24 21:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-30 15:25 . 2009-11-24 21:07 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-30 15:25 . 2009-05-25 19:14 38784 ----a-w- c:\users\Colm\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-27 22:56 . 2009-12-27 22:56 -------- d-----w- c:\program files\Air Mouse
2009-12-27 22:36 . 2009-12-27 22:12 -------- d-----w- c:\program files\UltraVNC
2009-12-25 11:20 . 2009-05-17 13:34 -------- d-----w- c:\users\Colm\AppData\Roaming\Apple Computer
2009-12-25 11:13 . 2009-05-17 13:30 -------- d-----w- c:\programdata\Apple
2009-12-24 19:38 . 2009-08-19 15:57 -------- d-----w- c:\program files\StumbleUpon
2009-12-24 19:34 . 2009-12-24 19:34 -------- d-----w- c:\program files\ImRe
2009-12-19 20:20 . 2009-12-19 20:20 -------- d-----w- c:\program files\Gabest
2009-12-18 23:04 . 2009-12-18 23:03 -------- d-----w- c:\program files\Flash Convert
2009-12-17 20:14 . 2009-12-17 20:13 -------- d-----w- c:\program files\Yawcam
2009-12-04 10:03 . 2009-12-04 10:03 251376 ----a-w- c:\users\Colm\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-11-28 12:18 . 2009-05-09 17:26 76856 ----a-w- c:\users\Colm\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-25 18:00 . 2009-09-16 14:26 680 ----a-w- c:\users\Colm\AppData\Local\d3d9caps.dat
2009-11-25 12:38 . 2009-11-25 12:38 138240 ----a-w- c:\users\Colm\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-11-25 12:38 . 2009-11-25 12:38 138240 ----a-w- c:\users\Colm\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-11-25 12:38 . 2009-11-25 12:38 138240 ----a-w- c:\users\Colm\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-11-25 12:38 . 2009-11-25 12:38 138240 ----a-w- c:\users\Colm\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-11-24 23:54 . 2009-05-10 20:02 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:50 . 2009-05-10 20:03 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-05-10 20:03 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-05-10 20:02 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-24 23:49 . 2009-05-10 20:03 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-05-10 20:03 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-05-10 20:03 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-17 10:01 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-10-25 17:09 . 2008-10-25 16:56 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-26 319280]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-11 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-11 92704]
"LXCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2007-02-22 73728]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-01 1800464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):27,eb,7e,f6,e6,3e,ca,01

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [10/05/2009 20:03 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [01/02/2010 15:48 130960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [01/02/2010 15:48 29520]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\System32\SAVRKBootTasks.sys [04/02/2010 08:38 18816]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [10/05/2009 20:03 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [10/05/2009 20:02 53328]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [25/10/2008 18:11 365952]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [21/08/2009 19:24 66592]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [25/10/2008 17:02 193840]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:33 21504]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [08/12/2009 22:41 120232]
S4 gupdate1c9d0f57a744239;Google Update Service (gupdate1c9d0f57a744239);c:\program files\Google\Update\GoogleUpdate.exe [09/05/2009 22:28 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 22:28]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 22:28]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3257623526-4123984516-161913098-1000Core.job
- c:\users\Colm\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-29 15:33]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3257623526-4123984516-161913098-1000UA.job
- c:\users\Colm\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-29 15:33]

2010-02-05 c:\windows\Tasks\User_Feed_Synchronization-{F2A32BAD-8815-408D-9F45-D8CFFF25C714}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gmail.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ie&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
FF - ProfilePath - c:\users\Colm\AppData\Roaming\Mozilla\Firefox\Profiles\ttycu9pu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/firefox
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFxViewer.dll
FF - plugin: c:\users\Colm\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\Colm\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\C909.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3708)
c:\program files\WinSCP\DragExt.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxcgcoms.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Completion time: 2010-02-05 19:40:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-05 19:40

Pre-Run: 56,555,749,376 bytes free
Post-Run: 57,686,327,296 bytes free

- - End Of File - - 8029E51DAE262D8F8A52A6ACA65109C7

Re: HELP! Computer is infected with rootkit!5th February 2010, 8:30 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

Re: HELP! Computer is infected with rootkit!5th February 2010, 8:50 pm

Thank you SO much for all of your help! I thought I was going to have to reinstall windows!! My machine is running beautifully! Do you think that my computer security is sufficient or would you like to reccomend me some (free) programs.
Thanks once again, You are a legend! Thank You!

Re: HELP! Computer is infected with rootkit!5th February 2010, 9:06 pm

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck. Big Grin

Re: HELP! Computer is infected with rootkit!5th February 2010, 11:22 pm

Thanks so much for all your help! You're great!

HELP! Computer is infected with rootkit!

descriptionHELP! Computer is infected with rootkit!4th February 2010, 7:07 pm

descriptionRe: HELP! Computer is infected with rootkit!4th February 2010, 8:55 pm

descriptionRe: HELP! Computer is infected with rootkit!4th February 2010, 9:28 pm

descriptionRe: HELP! Computer is infected with rootkit!4th February 2010, 9:28 pm

descriptionRe: HELP! Computer is infected with rootkit!4th February 2010, 9:57 pm

descriptionRe: HELP! Computer is infected with rootkit!4th February 2010, 10:59 pm

descriptionRe: HELP! Computer is infected with rootkit!4th February 2010, 11:42 pm

descriptionRe: HELP! Computer is infected with rootkit!5th February 2010, 3:34 pm

descriptionRe: HELP! Computer is infected with rootkit!5th February 2010, 4:51 pm

descriptionRe: HELP! Computer is infected with rootkit!5th February 2010, 5:58 pm

descriptionRe: HELP! Computer is infected with rootkit!5th February 2010, 6:49 pm

descriptionRe: HELP! Computer is infected with rootkit!5th February 2010, 7:44 pm

descriptionRe: HELP! Computer is infected with rootkit!5th February 2010, 8:30 pm

descriptionRe: HELP! Computer is infected with rootkit!5th February 2010, 8:50 pm

descriptionRe: HELP! Computer is infected with rootkit!5th February 2010, 9:06 pm

descriptionRe: HELP! Computer is infected with rootkit!5th February 2010, 11:22 pm

descriptionRe: HELP! Computer is infected with rootkit!