unable to complete step 1 of prework - Page 3

webparatus · 09-28-2009

Combofix is telling me that norton antivirus is running. I can't locate this program anywhere and can't shut it down. I followed the instructions in your reply and don't see this. I don't want to risk damage. Advice on what to do?

Crush · 09-28-2009

Just let ComboFix run. The reason for disabling your AV protection is so ComboFix is not blocked as it is sometimes picked up as Malware.

As an aside, you're not running Norton AV, correct?

This tool: Download and run the Norton Removal Tool

will remove all traces of Norton from the machine in question.

webparatus · 09-28-2009

I let combofix run, it restarted then gave location of the log. Every shortcut I select gives an error message stating its an Illegal operation on a registry key that is marked for deletion. I opened the location for the cf log, clicked on it and received the same message.

webparatus · 09-28-2009

I restarted and all is ok with 1 exception that I'll post in a sep reply. Here's the CF log

ComboFix 09-09-27.05 - Daddy 09/28/2009 13:31.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3518.2326 [GMT -4:00]
Running from: c:\users\Daddy\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-4025531258-4204101123-3166441073-500
c:\users\Daddy\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Download programs.url
c:\users\Daddy\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Games.url
c:\users\Daddy\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Translator.url
c:\users\Daddy\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Videos.url
c:\users\Daddy\Desktop\Download programs.url
c:\users\Daddy\FAVORI~1\Download programs.url
c:\users\Daddy\FAVORI~1\Games.url
c:\users\Daddy\FAVORI~1\Translator.url
c:\users\Daddy\FAVORI~1\Videos.url
c:\users\Daddy\Favorites\Download programs.url
c:\users\Daddy\Favorites\Games.url
c:\users\Daddy\Favorites\Translator.url
c:\users\Daddy\Favorites\Videos.url
c:\windows\Installer\WMEncoder64.msi
c:\windows\TEMP\logishrd\LVPrcInj01.dll
H:\AUTORUN.INF

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SfX

((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 )))))))))))))))))))))))))))))))
.

2009-09-28 17:46 . 2009-09-28 17:50 -------- d-----w- c:\users\Daddy\AppData\Local\temp
2009-09-28 17:46 . 2009-09-28 17:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-28 15:53 . 2009-09-28 15:53 -------- d-----w- C:\NVIDIA
2009-09-28 15:36 . 2009-09-28 15:36 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-28 15:36 . 2009-09-28 15:36 -------- d-----w- c:\windows\system32\AGEIA
2009-09-28 15:34 . 2008-05-30 18:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2009-09-28 00:04 . 2009-09-28 00:04 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2009-09-26 00:42 . 2006-01-07 16:09 7548 ----a-w- c:\windows\system32\drivers\Samhid.sys
2009-09-26 00:09 . 2009-09-26 00:09 -------- d-----w- C:\_OTM
2009-09-23 15:04 . 2009-09-23 15:04 -------- d-----w- c:\users\Daddy\AppData\Roaming\Leadertech
2009-09-23 15:04 . 2009-09-23 15:04 -------- d-----w- c:\programdata\Logishrd
2009-09-23 15:03 . 2009-09-23 15:03 -------- d-----w- c:\program files\Logitech
2009-09-22 23:04 . 2009-09-22 23:04 -------- d-----w- c:\program files\Trend Micro
2009-09-22 17:54 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-22 17:54 . 2009-09-22 17:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-22 17:54 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-18 17:45 . 2009-09-18 17:45 680 ----a-w- c:\users\Daddy\AppData\Local\d3d9caps.dat
2009-09-18 17:29 . 2009-09-18 17:30 -------- d-----w- c:\program files\QuickTime
2009-09-18 17:29 . 2009-09-18 17:29 -------- d-----w- c:\programdata\Apple Computer
2009-09-18 17:27 . 2009-09-18 17:27 -------- d-----w- c:\program files\Common Files\Apple
2009-09-18 17:27 . 2009-09-18 17:27 -------- d-----w- c:\program files\Apple Software Update
2009-09-18 17:27 . 2009-09-18 17:27 -------- d-----w- c:\programdata\Apple
2009-09-18 11:18 . 2009-09-18 11:18 37504 ----a-w- c:\windows\system32\drivers\FILTER.sys
2009-09-16 21:22 . 2009-09-18 17:16 -------- d-----w- c:\users\Brittani\AppData\Local\TSVNCache
2009-09-16 21:22 . 2009-09-16 21:22 -------- d-----w- c:\users\Brittani\AppData\Roaming\Subversion
2009-09-12 15:17 . 2009-09-12 15:17 -------- d-----w- c:\program files\SystemRequirementsLab
2009-09-12 15:17 . 2009-09-12 15:17 -------- d-----w- c:\users\Daddy\AppData\Roaming\SystemRequirementsL ab
2009-09-11 02:01 . 2009-09-11 02:01 -------- d-----w- c:\program files\Watchtower
2009-09-09 05:17 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 05:17 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 05:17 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 05:17 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 05:17 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-03 19:48 . 2009-09-09 07:07 -------- d-----w- c:\users\Corey\AppData\Local\TSVNCache
2009-09-02 19:05 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 19:05 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-09-28 17:52 . 2009-08-15 23:13 -------- d-----w- c:\users\Daddy\AppData\Roaming\Skype
2009-09-28 17:50 . 2009-09-28 16:01 32879 ----a-w- c:\programdata\nvModes.dat
2009-09-28 17:50 . 2008-07-11 09:33 -------- d-----w- c:\programdata\NVIDIA
2009-09-28 17:50 . 2009-09-26 02:12 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-09-28 17:47 . 2007-11-02 01:22 4132 ----a-w- c:\windows\bthservsdp.dat
2009-09-28 17:42 . 2008-08-28 22:22 -------- d-----w- c:\program files\Steam
2009-09-28 17:17 . 2007-12-21 20:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-28 16:07 . 2009-08-15 23:07 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-09-28 16:02 . 2009-08-15 23:15 -------- d-----w- c:\users\Daddy\AppData\Roaming\skypePM
2009-09-28 15:56 . 2007-10-25 14:18 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-28 15:36 . 2008-04-21 02:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-28 14:43 . 2008-09-25 03:01 -------- d-----w- c:\program files\Lx_cats
2009-09-28 11:36 . 2008-10-12 23:27 -------- d-----w- c:\programdata\Google Updater
2009-09-28 00:07 . 2009-09-28 00:07 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_010 01.Wdf
2009-09-27 23:19 . 2008-08-28 22:22 -------- d-----w- c:\program files\Common Files\Steam
2009-09-26 00:42 . 2009-05-10 23:53 -------- d-----w- c:\program files\PHILIPS
2009-09-23 15:03 . 2007-10-25 14:14 -------- d-----w- c:\programdata\Logitech
2009-09-22 17:51 . 2009-08-06 18:13 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-09-17 22:19 . 2008-02-10 15:24 3188 ----a-w- c:\users\Brittani\AppData\Roaming\wklnhst.dat
2009-09-11 00:28 . 2009-08-29 03:23 -------- d-----w- c:\program files\CoffeeCup Software
2009-09-09 07:10 . 2009-03-26 10:54 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 07:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-09 04:13 . 2007-10-25 14:12 -------- d-----w- c:\program files\Java
2009-09-08 21:35 . 2009-08-24 23:04 -------- d-----w- c:\users\Daddy\AppData\Roaming\FileZilla
2009-08-29 06:17 . 2009-08-29 06:17 -------- d-----w- c:\program files\PDFCreator
2009-08-29 01:11 . 2009-08-29 00:24 -------- d-----w- c:\users\Daddy\AppData\Roaming\TortoiseSVN
2009-08-28 23:33 . 2009-08-27 15:54 -------- d-----w- c:\users\Mommy\AppData\Roaming\Skype
2009-08-28 22:05 . 2009-08-28 22:05 -------- d-----w- c:\users\Daddy\AppData\Roaming\Subversion
2009-08-28 21:05 . 2007-11-02 02:16 1060 ----a-w- c:\users\Daddy\AppData\Roaming\wklnhst.dat
2009-08-28 20:05 . 2009-08-27 15:56 -------- d-----w- c:\users\Mommy\AppData\Roaming\skypePM
2009-08-25 23:09 . 2009-08-20 22:28 1947 ----a-w- c:\windows\eReg.dat
2009-08-25 22:58 . 2007-10-25 14:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-25 21:40 . 2008-11-27 23:39 -------- d-----w- c:\program files\Maxis
2009-08-24 22:55 . 2009-08-24 22:55 -------- d-----w- c:\program files\FileZilla FTP Client
2009-08-18 17:53 . 2009-08-18 17:53 -------- d-----w- c:\users\Mommy\AppData\Roaming\Petroglyph
2009-08-18 17:52 . 2009-08-18 17:52 -------- d-----w- c:\users\Mommy\AppData\Roaming\LucasArts
2009-08-17 06:42 . 2009-08-17 06:42 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-08-17 06:42 . 2009-08-17 06:42 1346080 ----a-w- c:\windows\system32\nvsvs.dll
2009-08-17 06:41 . 2009-08-17 06:41 3176992 ----a-w- c:\windows\system32\nvwss.dll
2009-08-17 06:41 . 2009-08-17 06:41 4033056 ----a-w- c:\windows\system32\nvvitvs.dll
2009-08-17 06:41 . 2009-08-17 06:41 195104 ----a-w- c:\windows\system32\nvmccss.dll
2009-08-17 06:41 . 2009-08-17 06:41 1292832 ----a-w- c:\windows\system32\nvmobls.dll
2009-08-17 06:41 . 2009-08-17 06:41 3553824 ----a-w- c:\windows\system32\nvgames.dll
2009-08-17 06:41 . 2009-08-17 06:41 92704 ----a-w- c:\windows\system32\nvmctray.dll
2009-08-17 06:41 . 2009-08-17 06:41 764448 ----a-w- c:\windows\system32\nvsvc.dll
2009-08-17 06:41 . 2009-08-17 06:41 4930080 ----a-w- c:\windows\system32\nvdisps.dll
2009-08-17 06:41 . 2009-08-17 06:41 215584 ----a-w- c:\windows\system32\nvvsvc.exe
2009-08-17 06:41 . 2009-08-17 06:41 143360 ----a-w- c:\windows\system32\nvshext.dll
2009-08-17 06:41 . 2009-08-17 06:41 13904416 ----a-w- c:\windows\system32\nvcpl.dll
2009-08-17 04:57 . 2009-08-17 04:57 9545152 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-08-17 04:57 . 2009-08-17 04:57 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-17 04:57 . 2009-08-17 04:57 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-08-17 04:57 . 2009-08-17 04:57 2169376 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-17 04:57 . 2009-08-17 04:57 1985536 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-17 04:57 . 2009-08-17 04:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-17 04:57 . 2009-08-17 04:57 155648 ----a-w- c:\windows\system32\nvcod162.dll
2009-08-17 04:57 . 2009-08-17 04:57 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-17 04:57 . 2009-08-17 04:57 10858496 ----a-w- c:\windows\system32\nvoglv32.dll
2009-08-17 04:57 . 2007-10-25 21:41 7569920 ----a-w- c:\windows\system32\nvd3dum.dll
2009-08-17 04:57 . 2007-10-25 21:41 1044992 ----a-w- c:\windows\system32\nvapi.dll
2009-08-16 05:55 . 2009-08-15 23:13 -------- d-----w- c:\users\Corey\AppData\Roaming\Skype
2009-08-15 23:52 . 2009-08-08 14:03 -------- d-----w- c:\users\Daddy\AppData\Roaming\TeamViewer
2009-08-15 23:15 . 2009-08-15 23:15 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-15 23:13 . 2009-08-15 23:13 -------- d-----w- c:\program files\Common Files\Skype
2009-08-15 23:13 . 2009-08-15 23:13 -------- d-----r- c:\program files\Skype
2009-08-15 23:13 . 2009-08-15 23:13 -------- d-----w- c:\programdata\Skype
2009-08-14 18:08 . 2009-08-14 18:08 -------- d-----w- c:\programdata\Roblox
2009-08-14 18:08 . 2009-08-14 18:08 -------- d-----w- c:\program files\Roblox
2009-08-14 17:01 . 2009-09-09 05:18 900168 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 17:01 . 2009-09-09 05:18 220232 ----a-w- c:\windows\system32\drivers\netio.sys
2009-08-14 17:01 . 2009-09-09 05:18 98376 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2009-08-14 16:29 . 2009-09-09 05:18 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-09 05:18 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:23 . 2009-09-09 05:18 438272 ----a-w- c:\windows\system32\IKEEXT.DLL
2009-08-14 16:22 . 2009-09-09 05:18 595456 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2009-08-14 16:21 . 2009-09-09 05:18 328704 ----a-w- c:\windows\system32\BFE.DLL
2009-08-14 14:16 . 2009-09-09 05:18 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-09 05:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-09 05:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-09 05:18 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-09 05:18 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-09 05:18 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-09 05:18 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-12 16:06 . 2009-08-12 16:06 -------- d-----w- c:\users\Corey\AppData\Roaming\Microsoft Corporation
2009-08-11 16:35 . 2007-10-25 21:41 485920 ----a-w- c:\windows\system32\nvuninst.exe
2009-08-08 14:42 . 2009-08-08 14:42 -------- d-----w- c:\program files\Secunia
2009-08-08 14:03 . 2009-08-08 14:03 -------- d-----w- c:\program files\TeamViewer
2009-08-07 17:13 . 2009-08-07 17:13 -------- d-----w- c:\users\Daddy\AppData\Roaming\Coby
2009-08-06 18:13 . 2009-08-06 18:13 -------- d-----w- c:\program files\DVDVideoSoft
2009-08-01 14:11 . 2008-06-01 01:44 117992 ----a-w- c:\users\Mommy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-01 14:11 . 2009-08-01 14:11 -------- d-----w- c:\users\Mommy\AppData\Roaming\Microsoft Corporation
2009-07-31 21:09 . 2009-07-31 21:09 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-07-31 19:23 . 2008-12-25 14:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-31 11:18 . 2009-07-31 11:18 -------- d-----w- c:\users\Daddy\AppData\Roaming\Microsoft Corporation
2009-07-31 11:18 . 2009-07-31 11:18 -------- d-----w- c:\users\Daddy\AppData\Roaming\Add-in Express Ltd
2009-07-31 11:18 . 2009-07-31 11:18 -------- d-----w- c:\program files\Ever Profits Toolbar
2009-07-29 17:44 . 2008-06-01 01:44 1460 ----a-w- c:\users\Mommy\AppData\Roaming\wklnhst.dat
2009-07-18 16:06 . 2009-07-31 18:16 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-31 18:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-31 18:16 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-10-25 21:51 . 2007-10-25 21:44 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\Daddy\AppData\Local\Google\Updat e\GoogleUpdate.exe" [2008-09-22 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-11-15 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"lxcimon.exe"="c:\program files\Lexmark 7300 Series\lxcimon.exe" [2007-05-11 205744]
"LXCICATS"="c:\windows\system32\spool\DRIVERS\W32X 86\3\LXCItime.dll" [2006-11-21 106496]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\i suspm.exe" [2006-03-20 213936]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"hcwemMON"="hcwemMON.exe" - c:\windows\hcwemMON.exe [2007-03-29 61440]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-12 101136]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-17 4907008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\users\Public\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleD esktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4025531258-4204101123-3166441073-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"TCP Query User{D2CE6332-EA8A-4FFB-AE7E-E90BFD46D45E}c:\\program files\\motorola\\software update\\msu.exe"= UDP:c:\program files\motorola\software update\msu.exe:msu
"UDP Query User{A2B33A75-9EE0-42C1-AC1D-112C33004DB5}c:\\program files\\motorola\\software update\\msu.exe"= TCP:c:\program files\motorola\software update\msu.exe:msu
"TCP Query User{236F59A2-4666-44A7-BB76-3DB45A519184}g:\\program files\\azureus\\azureus.exe"= Disabled:UDP:g:\program files\azureus\azureus.exe:Azureus
"UDP Query User{A29B9C2B-DC94-4BFC-8D7F-D4D7B9CB673E}g:\\program files\\azureus\\azureus.exe"= Disabled:TCP:g:\program files\azureus\azureus.exe:Azureus
"{2603EE8E-9495-4E3A-87A9-16026B583BA6}"= Disabled:UDP:c:\program files\TurboTax\Deluxe 2006\32bit\ttax.exe:TurboTax
"{F80A4035-AB2C-4D28-AD6E-32FA2FD56F0E}"= Disabled:TCP:c:\program files\TurboTax\Deluxe 2006\32bit\ttax.exe:TurboTax
"{252E427E-6301-4928-936A-531B1CDB2309}"= Disabled:UDP:c:\program files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:TurboTax Update Manager
"{BF6AF64A-CF91-451E-962F-3567C9118C7C}"= Disabled:TCP:c:\program files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:TurboTax Update Manager
"{C12091B1-8E36-44E6-839B-EAE7EB60431E}"= UDP:c:\program files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{416F4A42-3D2A-4F54-BD22-D7F8D5B39D01}"= TCP:c:\program files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{5AD16288-B543-4A4D-A78C-3C2BC6CBB090}"= UDP:c:\program files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{707EC318-7BB0-4F9E-AB68-43483EAB2907}"= TCP:c:\program files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager
"TCP Query User{79A80287-AB5F-4526-8E64-245053AEA04A}g:\\program files\\azureus\\ares\\ares.exe"= UDP:g:\program files\azureus\ares\ares.exe:Ares p2p for windows
"UDP Query User{9CB9A80C-304D-4FC4-B306-7AE325E97AD8}g:\\program files\\azureus\\ares\\ares.exe"= TCP:g:\program files\azureus\ares\ares.exe:Ares p2p for windows
"{FA28F3FC-B3DB-4296-9C95-540A04ED9E8D}"= UDP:c:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{D85EF9AF-4E5D-43B2-8533-B797E04CC5F1}"= TCP:c:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{B1C09A5C-9D3B-40E0-9AC0-EF6D062A5F9E}"= UDP:c:\windows\System32\lxcicoms.exe:Lexmark Communications System
"{99A46FFE-7BF6-485C-9CE4-DE24480EF164}"= TCP:c:\windows\System32\lxcicoms.exe:Lexmark Communications System
"{5F072036-7774-4E9A-A938-BE9AD23434B7}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxc ipswx.exe:Printer Status Window
"{4C8B1C38-572B-4B60-B584-CF3D37AE37F2}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxc ipswx.exe:Printer Status Window
"TCP Query User{7993D4F5-2882-4269-8206-5C63C0F06117}g:\\orb\\bin\\orbir.exe"= UDP:g:\orb\bin\orbir.exe:OrbIR
"UDP Query User{AE5F8AB4-94A1-4911-BA58-BF18BF249847}g:\\orb\\bin\\orbir.exe"= TCP:g:\orb\bin\orbir.exe:OrbIR
"{15C566B4-75F9-4A48-9B65-7AD86F5BCB1F}"= UDP:g:\orb\bin\Orb.exe:Orb
"{11C03324-B714-49F7-864B-BBFDE974DFA3}"= TCP:g:\orb\bin\Orb.exe:Orb
"{2F1C8BFF-3BC0-4779-9251-48D6EE5F4DAB}"= UDP:g:\orb\bin\OrbTray.exe:OrbTray
"{3F945F5E-359C-42DF-9892-8A29366B3D35}"= TCP:g:\orb\bin\OrbTray.exe:OrbTray
"{111C82EF-351E-4B75-BC62-458829B4A0D6}"= UDP:g:\orb\bin\OrbIR.exe:OrbIR
"{1B2037FF-250B-447B-BB02-65F14972A6A9}"= TCP:g:\orb\bin\OrbIR.exe:OrbIR
"{E0185C3A-4452-4C00-8B08-AEC3D6CE34CA}"= UDP:g:\orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{0F9732F6-F820-41F0-AD57-FD9B8E7371C0}"= TCP:g:\orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{4478A4F1-3D47-43B5-A9F0-5FBB16612DA0}"= UDP:g:\orb\bin\xmltv.exe:OrbTVGuide
"{0FEB1CCA-CB6D-40FC-82DA-9A9A322E0BC5}"= TCP:g:\orb\bin\xmltv.exe:OrbTVGuide
"TCP Query User{96DCBCB3-180F-4372-8FFE-1ED749852AB3}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{D699B469-FE3C-4342-BDA0-817411563250}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{D2FBC9BF-8DFD-422F-A90B-51A2179CD646}c:\\program files\\steam\\steamapps\\chichidood\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\chichidood\team fortress 2\hl2.exe:hl2
"UDP Query User{10CCA184-E302-4629-B519-4FA672D415D8}c:\\program files\\steam\\steamapps\\chichidood\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\chichidood\team fortress 2\hl2.exe:hl2
"TCP Query User{B23FA66A-26F5-4D4E-B573-ADE80C5D73F7}c:\\program files\\steam\\steamapps\\chichidood\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\chichidood\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{D98C1A21-8831-4C0F-9B45-35FD6CACC094}c:\\program files\\steam\\steamapps\\chichidood\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\chichidood\half-life 2 deathmatch\hl2.exe:hl2
"{781AD427-457F-4E56-9451-556853FFC1A8}"= UDP:c:\program files\TeamViewer\Version4\TeamViewer.exe:Teamviewe r Remote Control Application
"{3C66E4B4-CA57-442F-B021-9EEF92F8BFE5}"= TCP:c:\program files\TeamViewer\Version4\TeamViewer.exe:Teamviewe r Remote Control Application
"{1EF2BF6F-E189-45D5-B662-ED58E8BDE601}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{E5F8D0A1-B817-486E-ADB4-B80D8694B349}c:\\program files\\coffeecup software\\coffee.exe"= UDP:c:\program files\coffeecup software\coffee.exe:CoffeeCup HTML Editor
"UDP Query User{81364C15-1A96-46D8-86A7-AC9748E362CA}c:\\program files\\coffeecup software\\coffee.exe"= TCP:c:\program files\coffeecup software\coffee.exe:CoffeeCup HTML Editor
"TCP Query User{D8668583-5F0E-438D-8A64-F7C52BC3D842}c:\\users\\daddy\\appdata\\local\\tem p\\usmt\\migwiz.exe"= UDP:c:\users\daddy\appdata\local\temp\usmt\migwiz. exe:migwiz.exe
"UDP Query User{1B322559-8092-443A-A0E3-161BCDE0356E}c:\\users\\daddy\\appdata\\local\\tem p\\usmt\\migwiz.exe"= TCP:c:\users\daddy\appdata\local\temp\usmt\migwiz. exe:migwiz.exe
"{6016CAFB-A63C-4CE4-84B1-423F58B437DF}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{AB4F4B3F-9E21-40B4-A1E8-BCB4729D6FF3}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{AE28B219-59B1-4D8B-9CA6-02B879355A0A}"= UDP:c:\program files\Steam\steamapps\common\batman arkham asylum - demo\Binaries\ShippingPC-BmGame.exe:Batman: Arkham Asylum - Demo
"{D9C8BD4D-893F-4B13-85EE-C9FF84477234}"= TCP:c:\program files\Steam\steamapps\common\batman arkham asylum - demo\Binaries\ShippingPC-BmGame.exe:Batman: Arkham Asylum - Demo
"{D6947A1D-EED7-4DC8-A9FB-4AC9CBFD8BD9}"= UDP:c:\users\Daddy\AppData\Local\Temp\7zS69CB.tmp\ SymNRT.exe:Norton Removal Tool
"{3E1143D2-A219-4167-A027-B5A75F012DE5}"= TCP:c:\users\Daddy\AppData\Local\Temp\7zS69CB.tmp\ SymNRT.exe:Norton Removal Tool

R1 Filter;Filter;c:\windows\System32\drivers\FILTER.s ys [9/18/2009 7:18 AM 37504]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [12/5/2007 6:17 AM 77824]
R2 lxci_device;lxci_device;c:\windows\system32\lxcico ms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [8/17/2009 1:32 AM 239648]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [7/30/2009 11:29 AM 185640]
R3 btusbflt;Bluetooth USB Filter;c:\windows\System32\drivers\btusbflt.sys [7/25/2008 11:41 PM 42280]
R3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/25/2007 10:28 AM 1840128]
S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\Wi nTV\HCWTVS~1.EXE [1/26/2008 9:35 PM 815104]
S3 samhid;samhid;c:\windows\System32\drivers\Samhid.s ys [9/25/2009 8:42 PM 7548]
S3 TridVid;Trident Analog plus Digital Video;c:\windows\System32\drivers\TridVid.sys [3/1/2007 4:29 PM 159104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2009-09-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-15 19:48]

2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025531258-4204101123-3166441073-1000Core.job
- c:\users\Daddy\AppData\Local\Google\Update\GoogleU pdate.exe [2008-09-22 00:57]

2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025531258-4204101123-3166441073-1000UA.job
- c:\users\Daddy\AppData\Local\Google\Update\GoogleU pdate.exe [2008-09-22 00:57]

2009-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025531258-4204101123-3166441073-1001Core.job
- c:\users\Mommy\AppData\Local\Google\Update\GoogleU pdate.exe [2008-10-07 21:27]

2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025531258-4204101123-3166441073-1001UA.job
- c:\users\Mommy\AppData\Local\Google\Update\GoogleU pdate.exe [2008-10-07 21:27]

2009-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025531258-4204101123-3166441073-1002Core.job
- c:\users\Corey\AppData\Local\Google\Update\GoogleU pdate.exe [2009-02-09 00:04]

2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025531258-4204101123-3166441073-1002UA.job
- c:\users\Corey\AppData\Local\Google\Update\GoogleU pdate.exe [2009-02-09 00:04]

2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025531258-4204101123-3166441073-1003Core.job
- c:\users\Brittani\AppData\Local\Google\Update\Goog leUpdate.exe [2009-02-08 23:58]

2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025531258-4204101123-3166441073-1003UA.job
- c:\users\Brittani\AppData\Local\Google\Update\Goog leUpdate.exe [2009-02-08 23:58]

2009-09-28 c:\windows\Tasks\User_Feed_Synchronization-{9F922272-2EA2-463B-A1AC-9883A0ECF0BA}.job
- c:\windows\system32\msfeedssync.exe [2008-03-22 07:33]

2009-09-28 c:\windows\Tasks\User_Feed_Synchronization-{D7BA776F-6F2E-4264-92B8-918ADAB389E5}.job
- c:\windows\system32\msfeedssync.exe [2008-03-22 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sbc.yahoo.com/dsl
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = 59.39.19.36:80
uInternet Settings,ProxyOverride = <local>
IE: &Search - ?p=ZCman000
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: orb.com\mycast
Trusted Zone: turbotax.com
FF - ProfilePath - c:\users\Daddy\AppData\Roaming\Mozilla\Firefox\Pro files\7bxvarog.default\
FF - prefs.js: browser.startup.homepage - hxxp://anonymouse.org/
FF - component: c:\users\Daddy\AppData\Roaming\Mozilla\Firefox\Pro files\7bxvarog.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\users\Daddy\AppData\Local\Google\Update\1.2.183 .7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Orb - g:\orb\bin\OrbTray.exe
AddRemove-HijackThis - c:\users\Daddy\AppData\Local\Temp\Temp2_HiJackThis .zip\HijackThis.exe

************************************************** ************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCICATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCItim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files:

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\S-1-5-21-4025531258-4204101123-3166441073-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\nvvsvc.exe
c:\program files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\System32\lxcicoms.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Secunia\PSI\psi.exe
c:\windows\ehome\ehrecvr.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
************************************************** ************************
.
Completion time: 2009-09-28 13:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-28 17:58

Pre-Run: 339,801,468,928 bytes free
Post-Run: 343,583,481,856 bytes free

455 --- E O F --- 2009-09-28 16:08

Thanks

webparatus · 09-28-2009

This pops up all the time since the pc was infected

top of box say Windows- No Disk

I hope you don't mind the pick or that its hard to read

Thank You

Crush · 09-28-2009

Please visit Virustotal

Click the Browse.. button
Navigate to the file c:\windows\system32\drivers\lvuvc.hs
Click the Open button
Click the Send button
Copy and paste the results into a new reply in this thread please.

If VirusTotal is busy please use Jotti

webparatus · 09-30-2009

Virustotal says: 0 bytes size received / Se ha recibido un archivo vacio
Jotti: File is empty!

09-28-2009	#15
webparatus Bronze Member Join Date: Sep 2009 Posts: 15 PC Experience: Some Experience	Re: unable to complete step 1 of prework Combofix is telling me that norton antivirus is running. I can't locate this program anywhere and can't shut it down. I followed the instructions in your reply and don't see this. I don't want to risk damage. Advice on what to do?

09-28-2009	#16
Crush Tech Support Team Join Date: Sep 2008 Location: Caldwell, New Jersey Posts: 10,112 PC Experience: Always Learning New Things	Re: unable to complete step 1 of prework Just let ComboFix run. The reason for disabling your AV protection is so ComboFix is not blocked as it is sometimes picked up as Malware. As an aside, you're not running Norton AV, correct? This tool: Download and run the Norton Removal Tool will remove all traces of Norton from the machine in question. __________________ Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this

09-28-2009	#17
webparatus Bronze Member Join Date: Sep 2009 Posts: 15 PC Experience: Some Experience	Re: unable to complete step 1 of prework I let combofix run, it restarted then gave location of the log. Every shortcut I select gives an error message stating its an Illegal operation on a registry key that is marked for deletion. I opened the location for the cf log, clicked on it and received the same message. Last edited by webparatus; 09-28-2009 at 07:15 PM.

09-28-2009	#18
webparatus Bronze Member Join Date: Sep 2009 Posts: 15 PC Experience: Some Experience	Re: unable to complete step 1 of prework I restarted and all is ok with 1 exception that I'll post in a sep reply. Here's the CF log ComboFix 09-09-27.05 - Daddy 09/28/2009 13:31.1.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3518.2326 [GMT -4:00] Running from: c:\users\Daddy\Desktop\ComboFix.exe SP: Windows Defender disabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500 c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-4025531258-4204101123-3166441073-500 c:\users\Daddy\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Download programs.url c:\users\Daddy\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Games.url c:\users\Daddy\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Translator.url c:\users\Daddy\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Videos.url c:\users\Daddy\Desktop\Download programs.url c:\users\Daddy\FAVORI~1\Download programs.url c:\users\Daddy\FAVORI~1\Games.url c:\users\Daddy\FAVORI~1\Translator.url c:\users\Daddy\FAVORI~1\Videos.url c:\users\Daddy\Favorites\Download programs.url c:\users\Daddy\Favorites\Games.url c:\users\Daddy\Favorites\Translator.url c:\users\Daddy\Favorites\Videos.url c:\windows\Installer\WMEncoder64.msi c:\windows\TEMP\logishrd\LVPrcInj01.dll H:\AUTORUN.INF . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SfX ((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 ))))))))))))))))))))))))))))))) . 2009-09-28 17:46 . 2009-09-28 17:50 -------- d-----w- c:\users\Daddy\AppData\Local\temp 2009-09-28 17:46 . 2009-09-28 17:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-09-28 15:53 . 2009-09-28 15:53 -------- d-----w- C:\NVIDIA 2009-09-28 15:36 . 2009-09-28 15:36 -------- d-----w- c:\program files\AGEIA Technologies 2009-09-28 15:36 . 2009-09-28 15:36 -------- d-----w- c:\windows\system32\AGEIA 2009-09-28 15:34 . 2008-05-30 18:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll 2009-09-28 00:04 . 2009-09-28 00:04 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories 2009-09-26 00:42 . 2006-01-07 16:09 7548 ----a-w- c:\windows\system32\drivers\Samhid.sys 2009-09-26 00:09 . 2009-09-26 00:09 -------- d-----w- C:\_OTM 2009-09-23 15:04 . 2009-09-23 15:04 -------- d-----w- c:\users\Daddy\AppData\Roaming\Leadertech 2009-09-23 15:04 . 2009-09-23 15:04 -------- d-----w- c:\programdata\Logishrd 2009-09-23 15:03 . 2009-09-23 15:03 -------- d-----w- c:\program files\Logitech 2009-09-22 23:04 . 2009-09-22 23:04 -------- d-----w- c:\program files\Trend Micro 2009-09-22 17:54 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-22 17:54 . 2009-09-22 17:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-22 17:54 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-18 17:45 . 2009-09-18 17:45 680 ----a-w- c:\users\Daddy\AppData\Local\d3d9caps.dat 2009-09-18 17:29 . 2009-09-18 17:30 -------- d-----w- c:\program files\QuickTime 2009-09-18 17:29 . 2009-09-18 17:29 -------- d-----w- c:\programdata\Apple Computer 2009-09-18 17:27 . 2009-09-18 17:27 -------- d-----w- c:\program files\Common Files\Apple 2009-09-18 17:27 . 2009-09-18 17:27 -------- d-----w- c:\program files\Apple Software Update 2009-09-18 17:27 . 2009-09-18 17:27 -------- d-----w- c:\programdata\Apple 2009-09-18 11:18 . 2009-09-18 11:18 37504 ----a-w- c:\windows\system32\drivers\FILTER.sys 2009-09-16 21:22 . 2009-09-18 17:16 -------- d-----w- c:\users\Brittani\AppData\Local\TSVNCache 2009-09-16 21:22 . 2009-09-16 21:22 -------- d-----w- c:\users\Brittani\AppData\Roaming\Subversion 2009-09-12 15:17 . 2009-09-12 15:17 -------- d-----w- c:\program files\SystemRequirementsLab 2009-09-12 15:17 . 2009-09-12 15:17 -------- d-----w- c:\users\Daddy\AppData\Roaming\SystemRequirementsL ab 2009-09-11 02:01 . 2009-09-11 02:01 -------- d-----w- c:\program files\Watchtower 2009-09-09 05:17 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll 2009-09-09 05:17 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll 2009-09-09 05:17 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2009-09-09 05:17 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2009-09-09 05:17 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll 2009-09-03 19:48 . 2009-09-09 07:07 -------- d-----w- c:\users\Corey\AppData\Local\TSVNCache 2009-09-02 19:05 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-09-02 19:05 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-09-28 17:52 . 2009-08-15 23:13 -------- d-----w- c:\users\Daddy\AppData\Roaming\Skype 2009-09-28 17:50 . 2009-09-28 16:01 32879 ----a-w- c:\programdata\nvModes.dat 2009-09-28 17:50 . 2008-07-11 09:33 -------- d-----w- c:\programdata\NVIDIA 2009-09-28 17:50 . 2009-09-26 02:12 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2009-09-28 17:47 . 2007-11-02 01:22 4132 ----a-w- c:\windows\bthservsdp.dat 2009-09-28 17:42 . 2008-08-28 22:22 -------- d-----w- c:\program files\Steam 2009-09-28 17:17 . 2007-12-21 20:11 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-09-28 16:07 . 2009-08-15 23:07 -------- d-----w- c:\program files\Common Files\LogiShrd 2009-09-28 16:02 . 2009-08-15 23:15 -------- d-----w- c:\users\Daddy\AppData\Roaming\skypePM 2009-09-28 15:56 . 2007-10-25 14:18 -------- d-----w- c:\program files\NVIDIA Corporation 2009-09-28 15:36 . 2008-04-21 02:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-28 14:43 . 2008-09-25 03:01 -------- d-----w- c:\program files\Lx_cats 2009-09-28 11:36 . 2008-10-12 23:27 -------- d-----w- c:\programdata\Google Updater 2009-09-28 00:07 . 2009-09-28 00:07 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_010 01.Wdf 2009-09-27 23:19 . 2008-08-28 22:22 -------- d-----w- c:\program files\Common Files\Steam 2009-09-26 00:42 . 2009-05-10 23:53 -------- d-----w- c:\program files\PHILIPS 2009-09-23 15:03 . 2007-10-25 14:14 -------- d-----w- c:\programdata\Logitech 2009-09-22 17:51 . 2009-08-06 18:13 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-09-17 22:19 . 2008-02-10 15:24 3188 ----a-w- c:\users\Brittani\AppData\Roaming\wklnhst.dat 2009-09-11 00:28 . 2009-08-29 03:23 -------- d-----w- c:\program files\CoffeeCup Software 2009-09-09 07:10 . 2009-03-26 10:54 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-09 07:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-09-09 04:13 . 2007-10-25 14:12 -------- d-----w- c:\program files\Java 2009-09-08 21:35 . 2009-08-24 23:04 -------- d-----w- c:\users\Daddy\AppData\Roaming\FileZilla 2009-08-29 06:17 . 2009-08-29 06:17 -------- d-----w- c:\program files\PDFCreator 2009-08-29 01:11 . 2009-08-29 00:24 -------- d-----w- c:\users\Daddy\AppData\Roaming\TortoiseSVN 2009-08-28 23:33 . 2009-08-27 15:54 -------- d-----w- c:\users\Mommy\AppData\Roaming\Skype 2009-08-28 22:05 . 2009-08-28 22:05 -------- d-----w- c:\users\Daddy\AppData\Roaming\Subversion 2009-08-28 21:05 . 2007-11-02 02:16 1060 ----a-w- c:\users\Daddy\AppData\Roaming\wklnhst.dat 2009-08-28 20:05 . 2009-08-27 15:56 -------- d-----w- c:\users\Mommy\AppData\Roaming\skypePM 2009-08-25 23:09 . 2009-08-20 22:28 1947 ----a-w- c:\windows\eReg.dat 2009-08-25 22:58 . 2007-10-25 14:14 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-25 21:40 . 2008-11-27 23:39 -------- d-----w- c:\program files\Maxis 2009-08-24 22:55 . 2009-08-24 22:55 -------- d-----w- c:\program files\FileZilla FTP Client 2009-08-18 17:53 . 2009-08-18 17:53 -------- d-----w- c:\users\Mommy\AppData\Roaming\Petroglyph 2009-08-18 17:52 . 2009-08-18 17:52 -------- d-----w- c:\users\Mommy\AppData\Roaming\LucasArts 2009-08-17 06:42 . 2009-08-17 06:42 2173472 ----a-w- c:\windows\system32\nvcplui.exe 2009-08-17 06:42 . 2009-08-17 06:42 1346080 ----a-w- c:\windows\system32\nvsvs.dll 2009-08-17 06:41 . 2009-08-17 06:41 3176992 ----a-w- c:\windows\system32\nvwss.dll 2009-08-17 06:41 . 2009-08-17 06:41 4033056 ----a-w- c:\windows\system32\nvvitvs.dll 2009-08-17 06:41 . 2009-08-17 06:41 195104 ----a-w- c:\windows\system32\nvmccss.dll 2009-08-17 06:41 . 2009-08-17 06:41 1292832 ----a-w- c:\windows\system32\nvmobls.dll 2009-08-17 06:41 . 2009-08-17 06:41 3553824 ----a-w- c:\windows\system32\nvgames.dll 2009-08-17 06:41 . 2009-08-17 06:41 92704 ----a-w- c:\windows\system32\nvmctray.dll 2009-08-17 06:41 . 2009-08-17 06:41 764448 ----a-w- c:\windows\system32\nvsvc.dll 2009-08-17 06:41 . 2009-08-17 06:41 4930080 ----a-w- c:\windows\system32\nvdisps.dll 2009-08-17 06:41 . 2009-08-17 06:41 215584 ----a-w- c:\windows\system32\nvvsvc.exe 2009-08-17 06:41 . 2009-08-17 06:41 143360 ----a-w- c:\windows\system32\nvshext.dll 2009-08-17 06:41 . 2009-08-17 06:41 13904416 ----a-w- c:\windows\system32\nvcpl.dll 2009-08-17 04:57 . 2009-08-17 04:57 9545152 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2009-08-17 04:57 . 2009-08-17 04:57 485920 ----a-w- c:\windows\system32\nvudisp.exe 2009-08-17 04:57 . 2009-08-17 04:57 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2009-08-17 04:57 . 2009-08-17 04:57 2169376 ----a-w- c:\windows\system32\nvcuvid.dll 2009-08-17 04:57 . 2009-08-17 04:57 1985536 ----a-w- c:\windows\system32\nvcuda.dll 2009-08-17 04:57 . 2009-08-17 04:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-08-17 04:57 . 2009-08-17 04:57 155648 ----a-w- c:\windows\system32\nvcod162.dll 2009-08-17 04:57 . 2009-08-17 04:57 155648 ----a-w- c:\windows\system32\nvcod.dll 2009-08-17 04:57 . 2009-08-17 04:57 10858496 ----a-w- c:\windows\system32\nvoglv32.dll 2009-08-17 04:57 . 2007-10-25 21:41 7569920 ----a-w- c:\windows\system32\nvd3dum.dll 2009-08-17 04:57 . 2007-10-25 21:41 1044992 ----a-w- c:\windows\system32\nvapi.dll 2009-08-16 05:55 . 2009-08-15 23:13 -------- d-----w- c:\users\Corey\AppData\Roaming\Skype 2009-08-15 23:52 . 2009-08-08 14:03 -------- d-----w- c:\users\Daddy\AppData\Roaming\TeamViewer 2009-08-15 23:15 . 2009-08-15 23:15 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-08-15 23:13 . 2009-08-15 23:13 -------- d-----w- c:\program files\Common Files\Skype 2009-08-15 23:13 . 2009-08-15 23:13 -------- d-----r- c:\program files\Skype 2009-08-15 23:13 . 2009-08-15 23:13 -------- d-----w- c:\programdata\Skype 2009-08-14 18:08 . 2009-08-14 18:08 -------- d-----w- c:\programdata\Roblox 2009-08-14 18:08 . 2009-08-14 18:08 -------- d-----w- c:\program files\Roblox 2009-08-14 17:01 . 2009-09-09 05:18 900168 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-08-14 17:01 . 2009-09-09 05:18 220232 ----a-w- c:\windows\system32\drivers\netio.sys 2009-08-14 17:01 . 2009-09-09 05:18 98376 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2009-08-14 16:29 . 2009-09-09 05:18 104960 ----a-w- c:\windows\system32\netiohlp.dll 2009-08-14 16:29 . 2009-09-09 05:18 17920 ----a-w- c:\windows\system32\netevent.dll 2009-08-14 16:23 . 2009-09-09 05:18 438272 ----a-w- c:\windows\system32\IKEEXT.DLL 2009-08-14 16:22 . 2009-09-09 05:18 595456 ----a-w- c:\windows\system32\FWPUCLNT.DLL 2009-08-14 16:21 . 2009-09-09 05:18 328704 ----a-w- c:\windows\system32\BFE.DLL 2009-08-14 14:16 . 2009-09-09 05:18 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-08-14 14:16 . 2009-09-09 05:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-08-14 14:16 . 2009-09-09 05:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-08-14 14:16 . 2009-09-09 05:18 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-08-14 14:16 . 2009-09-09 05:18 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-08-14 14:16 . 2009-09-09 05:18 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-08-14 14:16 . 2009-09-09 05:18 10240 ----a-w- c:\windows\system32\finger.exe 2009-08-12 16:06 . 2009-08-12 16:06 -------- d-----w- c:\users\Corey\AppData\Roaming\Microsoft Corporation 2009-08-11 16:35 . 2007-10-25 21:41 485920 ----a-w- c:\windows\system32\nvuninst.exe 2009-08-08 14:42 . 2009-08-08 14:42 -------- d-----w- c:\program files\Secunia 2009-08-08 14:03 . 2009-08-08 14:03 -------- d-----w- c:\program files\TeamViewer 2009-08-07 17:13 . 2009-08-07 17:13 -------- d-----w- c:\users\Daddy\AppData\Roaming\Coby 2009-08-06 18:13 . 2009-08-06 18:13 -------- d-----w- c:\program files\DVDVideoSoft 2009-08-01 14:11 . 2008-06-01 01:44 117992 ----a-w- c:\users\Mommy\AppData\Local\GDIPFONTCACHEV1.DAT 2009-08-01 14:11 . 2009-08-01 14:11 -------- d-----w- c:\users\Mommy\AppData\Roaming\Microsoft Corporation 2009-07-31 21:09 . 2009-07-31 21:09 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2009-07-31 19:23 . 2008-12-25 14:57 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-31 11:18 . 2009-07-31 11:18 -------- d-----w- c:\users\Daddy\AppData\Roaming\Microsoft Corporation 2009-07-31 11:18 . 2009-07-31 11:18 -------- d-----w- c:\users\Daddy\AppData\Roaming\Add-in Express Ltd 2009-07-31 11:18 . 2009-07-31 11:18 -------- d-----w- c:\program files\Ever Profits Toolbar 2009-07-29 17:44 . 2008-06-01 01:44 1460 ----a-w- c:\users\Mommy\AppData\Roaming\wklnhst.dat 2009-07-18 16:06 . 2009-07-31 18:16 827904 ----a-w- c:\windows\system32\wininet.dll 2009-07-18 16:01 . 2009-07-31 18:16 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-07-18 09:46 . 2009-07-31 18:16 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2007-10-25 21:51 . 2007-10-25 21:44 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Google Update"="c:\users\Daddy\AppData\Local\Google\Updat e\GoogleUpdate.exe" [2008-09-22 133104] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-11-15 68856] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "lxcimon.exe"="c:\program files\Lexmark 7300 Series\lxcimon.exe" [2007-05-11 205744] "LXCICATS"="c:\windows\system32\spool\DRIVERS\W32X 86\3\LXCItime.dll" [2006-11-21 106496] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\i suspm.exe" [2006-03-20 213936] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264] "hcwemMON"="hcwemMON.exe" - c:\windows\hcwemMON.exe [2007-03-29 61440] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-12 101136] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-17 4907008] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Kodak EasyShare software.lnk - c:\users\Public\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleD esktopNetwork3.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter "Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4025531258-4204101123-3166441073-1000] "EnableNotificationsRef"=dword:00000002 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules] "TCP Query User{D2CE6332-EA8A-4FFB-AE7E-E90BFD46D45E}c:\\program files\\motorola\\software update\\msu.exe"= UDP:c:\program files\motorola\software update\msu.exe:msu "UDP Query User{A2B33A75-9EE0-42C1-AC1D-112C33004DB5}c:\\program files\\motorola\\software update\\msu.exe"= TCP:c:\program files\motorola\software update\msu.exe:msu "TCP Query User{236F59A2-4666-44A7-BB76-3DB45A519184}g:\\program files\\azureus\\azureus.exe"= Disabled:UDP:g:\program files\azureus\azureus.exe:Azureus "UDP Query User{A29B9C2B-DC94-4BFC-8D7F-D4D7B9CB673E}g:\\program files\\azureus\\azureus.exe"= Disabled:TCP:g:\program files\azureus\azureus.exe:Azureus "{2603EE8E-9495-4E3A-87A9-16026B583BA6}"= Disabled:UDP:c:\program files\TurboTax\Deluxe 2006\32bit\ttax.exe:TurboTax "{F80A4035-AB2C-4D28-AD6E-32FA2FD56F0E}"= Disabled:TCP:c:\program files\TurboTax\Deluxe 2006\32bit\ttax.exe:TurboTax "{252E427E-6301-4928-936A-531B1CDB2309}"= Disabled:UDP:c:\program files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:TurboTax Update Manager "{BF6AF64A-CF91-451E-962F-3567C9118C7C}"= Disabled:TCP:c:\program files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:TurboTax Update Manager "{C12091B1-8E36-44E6-839B-EAE7EB60431E}"= UDP:c:\program files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax "{416F4A42-3D2A-4F54-BD22-D7F8D5B39D01}"= TCP:c:\program files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax "{5AD16288-B543-4A4D-A78C-3C2BC6CBB090}"= UDP:c:\program files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager "{707EC318-7BB0-4F9E-AB68-43483EAB2907}"= TCP:c:\program files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager "TCP Query User{79A80287-AB5F-4526-8E64-245053AEA04A}g:\\program files\\azureus\\ares\\ares.exe"= UDP:g:\program files\azureus\ares\ares.exe:Ares p2p for windows "UDP Query User{9CB9A80C-304D-4FC4-B306-7AE325E97AD8}g:\\program files\\azureus\\ares\\ares.exe"= TCP:g:\program files\azureus\ares\ares.exe:Ares p2p for windows "{FA28F3FC-B3DB-4296-9C95-540A04ED9E8D}"= UDP:c:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War "{D85EF9AF-4E5D-43B2-8533-B797E04CC5F1}"= TCP:c:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War "{B1C09A5C-9D3B-40E0-9AC0-EF6D062A5F9E}"= UDP:c:\windows\System32\lxcicoms.exe:Lexmark Communications System "{99A46FFE-7BF6-485C-9CE4-DE24480EF164}"= TCP:c:\windows\System32\lxcicoms.exe:Lexmark Communications System "{5F072036-7774-4E9A-A938-BE9AD23434B7}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxc ipswx.exe:Printer Status Window "{4C8B1C38-572B-4B60-B584-CF3D37AE37F2}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxc ipswx.exe:Printer Status Window "TCP Query User{7993D4F5-2882-4269-8206-5C63C0F06117}g:\\orb\\bin\\orbir.exe"= UDP:g:\orb\bin\orbir.exe:OrbIR "UDP Query User{AE5F8AB4-94A1-4911-BA58-BF18BF249847}g:\\orb\\bin\\orbir.exe"= TCP:g:\orb\bin\orbir.exe:OrbIR "{15C566B4-75F9-4A48-9B65-7AD86F5BCB1F}"= UDP:g:\orb\bin\Orb.exe:Orb "{11C03324-B714-49F7-864B-BBFDE974DFA3}"= TCP:g:\orb\bin\Orb.exe:Orb "{2F1C8BFF-3BC0-4779-9251-48D6EE5F4DAB}"= UDP:g:\orb\bin\OrbTray.exe:OrbTray "{3F945F5E-359C-42DF-9892-8A29366B3D35}"= TCP:g:\orb\bin\OrbTray.exe:OrbTray "{111C82EF-351E-4B75-BC62-458829B4A0D6}"= UDP:g:\orb\bin\OrbIR.exe:OrbIR "{1B2037FF-250B-447B-BB02-65F14972A6A9}"= TCP:g:\orb\bin\OrbIR.exe:OrbIR "{E0185C3A-4452-4C00-8B08-AEC3D6CE34CA}"= UDP:g:\orb\bin\OrbStreamerClient.exe:Orb Stream Client "{0F9732F6-F820-41F0-AD57-FD9B8E7371C0}"= TCP:g:\orb\bin\OrbStreamerClient.exe:Orb Stream Client "{4478A4F1-3D47-43B5-A9F0-5FBB16612DA0}"= UDP:g:\orb\bin\xmltv.exe:OrbTVGuide "{0FEB1CCA-CB6D-40FC-82DA-9A9A322E0BC5}"= TCP:g:\orb\bin\xmltv.exe:OrbTVGuide "TCP Query User{96DCBCB3-180F-4372-8FFE-1ED749852AB3}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice "UDP Query User{D699B469-FE3C-4342-BDA0-817411563250}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice "TCP Query User{D2FBC9BF-8DFD-422F-A90B-51A2179CD646}c:\\program files\\steam\\steamapps\\chichidood\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\chichidood\team fortress 2\hl2.exe:hl2 "UDP Query User{10CCA184-E302-4629-B519-4FA672D415D8}c:\\program files\\steam\\steamapps\\chichidood\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\chichidood\team fortress 2\hl2.exe:hl2 "TCP Query User{B23FA66A-26F5-4D4E-B573-ADE80C5D73F7}c:\\program files\\steam\\steamapps\\chichidood\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\chichidood\half-life 2 deathmatch\hl2.exe:hl2 "UDP Query User{D98C1A21-8831-4C0F-9B45-35FD6CACC094}c:\\program files\\steam\\steamapps\\chichidood\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\chichidood\half-life 2 deathmatch\hl2.exe:hl2 "{781AD427-457F-4E56-9451-556853FFC1A8}"= UDP:c:\program files\TeamViewer\Version4\TeamViewer.exe:Teamviewe r Remote Control Application "{3C66E4B4-CA57-442F-B021-9EEF92F8BFE5}"= TCP:c:\program files\TeamViewer\Version4\TeamViewer.exe:Teamviewe r Remote Control Application "{1EF2BF6F-E189-45D5-B662-ED58E8BDE601}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{E5F8D0A1-B817-486E-ADB4-B80D8694B349}c:\\program files\\coffeecup software\\coffee.exe"= UDP:c:\program files\coffeecup software\coffee.exe:CoffeeCup HTML Editor "UDP Query User{81364C15-1A96-46D8-86A7-AC9748E362CA}c:\\program files\\coffeecup software\\coffee.exe"= TCP:c:\program files\coffeecup software\coffee.exe:CoffeeCup HTML Editor "TCP Query User{D8668583-5F0E-438D-8A64-F7C52BC3D842}c:\\users\\daddy\\appdata\\local\\tem p\\usmt\\migwiz.exe"= UDP:c:\users\daddy\appdata\local\temp\usmt\migwiz. exe:migwiz.exe "UDP Query User{1B322559-8092-443A-A0E3-161BCDE0356E}c:\\users\\daddy\\appdata\\local\\tem p\\usmt\\migwiz.exe"= TCP:c:\users\daddy\appdata\local\temp\usmt\migwiz. exe:migwiz.exe "{6016CAFB-A63C-4CE4-84B1-423F58B437DF}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware "{AB4F4B3F-9E21-40B4-A1E8-BCB4729D6FF3}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware "{AE28B219-59B1-4D8B-9CA6-02B879355A0A}"= UDP:c:\program files\Steam\steamapps\common\batman arkham asylum - demo\Binaries\ShippingPC-BmGame.exe:Batman: Arkham Asylum - Demo "{D9C8BD4D-893F-4B13-85EE-C9FF84477234}"= TCP:c:\program files\Steam\steamapps\common\batman arkham asylum - demo\Binaries\ShippingPC-BmGame.exe:Batman: Arkham Asylum - Demo "{D6947A1D-EED7-4DC8-A9FB-4AC9CBFD8BD9}"= UDP:c:\users\Daddy\AppData\Local\Temp\7zS69CB.tmp\ SymNRT.exe:Norton Removal Tool "{3E1143D2-A219-4167-A027-B5A75F012DE5}"= TCP:c:\users\Daddy\AppData\Local\Temp\7zS69CB.tmp\ SymNRT.exe:Norton Removal Tool R1 Filter;Filter;c:\windows\System32\drivers\FILTER.s ys [9/18/2009 7:18 AM 37504] R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [12/5/2007 6:17 AM 77824] R2 lxci_device;lxci_device;c:\windows\system32\lxcico ms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [8/17/2009 1:32 AM 239648] R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [7/30/2009 11:29 AM 185640] R3 btusbflt;Bluetooth USB Filter;c:\windows\System32\drivers\btusbflt.sys [7/25/2008 11:41 PM 42280] R3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648] S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/25/2007 10:28 AM 1840128] S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\Wi nTV\HCWTVS~1.EXE [1/26/2008 9:35 PM 815104] S3 samhid;samhid;c:\windows\System32\drivers\Samhid.s ys [9/25/2009 8:42 PM 7548] S3 TridVid;Trident Analog plus Digital Video;c:\windows\System32\drivers\TridVid.sys [3/1/2007 4:29 PM 159104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Contents of the 'Scheduled Tasks' folder 2009-09-28 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-15 19:48] 2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025531258-4204101123-3166441073-1000Core.job - c:\users\Daddy\AppData\Local\Google\Update\GoogleU pdate.exe [2008-09-22 00:57] 2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025531258-4204101123-3166441073-1000UA.job - c:\users\Daddy\AppData\Local\Google\Update\GoogleU pdate.exe [2008-09-22 00:57] 2009-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025531258-4204101123-3166441073-1001Core.job - c:\users\Mommy\AppData\Local\Google\Update\GoogleU pdate.exe [2008-10-07 21:27] 2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025531258-4204101123-3166441073-1001UA.job - c:\users\Mommy\AppData\Local\Google\Update\GoogleU pdate.exe [2008-10-07 21:27] 2009-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025531258-4204101123-3166441073-1002Core.job - c:\users\Corey\AppData\Local\Google\Update\GoogleU pdate.exe [2009-02-09 00:04] 2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025531258-4204101123-3166441073-1002UA.job - c:\users\Corey\AppData\Local\Google\Update\GoogleU pdate.exe [2009-02-09 00:04] 2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025531258-4204101123-3166441073-1003Core.job - c:\users\Brittani\AppData\Local\Google\Update\Goog leUpdate.exe [2009-02-08 23:58] 2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025531258-4204101123-3166441073-1003UA.job - c:\users\Brittani\AppData\Local\Google\Update\Goog leUpdate.exe [2009-02-08 23:58] 2009-09-28 c:\windows\Tasks\User_Feed_Synchronization-{9F922272-2EA2-463B-A1AC-9883A0ECF0BA}.job - c:\windows\system32\msfeedssync.exe [2008-03-22 07:33] 2009-09-28 c:\windows\Tasks\User_Feed_Synchronization-{D7BA776F-6F2E-4264-92B8-918ADAB389E5}.job - c:\windows\system32\msfeedssync.exe [2008-03-22 07:33] . . ------- Supplementary Scan ------- . uStart Page = hxxp://sbc.yahoo.com/dsl mStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyServer = 59.39.19.36:80 uInternet Settings,ProxyOverride = <local> IE: &Search - ?p=ZCman000 IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\wpclsp.dll Trusted Zone: orb.com\mycast Trusted Zone: turbotax.com FF - ProfilePath - c:\users\Daddy\AppData\Roaming\Mozilla\Firefox\Pro files\7bxvarog.default\ FF - prefs.js: browser.startup.homepage - hxxp://anonymouse.org/ FF - component: c:\users\Daddy\AppData\Roaming\Mozilla\Firefox\Pro files\7bxvarog.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll FF - plugin: c:\progra~1\SONYON~1\npsoe.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\users\Daddy\AppData\Local\Google\Update\1.2.183 .7\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - HKCU-Run-Orb - g:\orb\bin\OrbTray.exe AddRemove-HijackThis - c:\users\Daddy\AppData\Local\Temp\Temp2_HiJackThis .zip\HijackThis.exe ************************************************ ******************** scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCICATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCItim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: ********************************************** ********************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.aac\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.flac\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.m4a\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.mp4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.ogg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.pcm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.pls\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.spx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\S-1-5-21-4025531258-4204101123-3166441073-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl \{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl \{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\windows\System32\nvvsvc.exe c:\program files\Common Files\Logitech\Bluetooth\LBTSERV.EXE c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\System32\lxcicoms.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe c:\windows\System32\drivers\XAudio.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\ehome\ehmsas.exe c:\windows\ehome\ehsched.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Secunia\PSI\psi.exe c:\windows\ehome\ehrecvr.exe c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe c:\program files\Skype\Plugin Manager\skypePM.exe . *********************************************** ********************** . Completion time: 2009-09-28 13:58 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-28 17:58 Pre-Run: 339,801,468,928 bytes free Post-Run: 343,583,481,856 bytes free 455 --- E O F --- 2009-09-28 16:08 Thanks

09-28-2009	#19
webparatus Bronze Member Join Date: Sep 2009 Posts: 15 PC Experience: Some Experience	Not sure if you can help This pops up all the time since the pc was infected top of box say Windows- No Disk I hope you don't mind the pick or that its hard to read Thank You

09-30-2009	#21
webparatus Bronze Member Join Date: Sep 2009 Posts: 15 PC Experience: Some Experience	Re: unable to complete step 1 of prework Virustotal says: 0 bytes size received / Se ha recibido un archivo vacio Jotti: File is empty!

Similar discussions...
Thread	Thread Starter	Forum	Replies	Last Post
Pending: New logs: Prework complete	Ilovequentin	[Pending] HJT Logs	17	05-28-2009 05:27 AM
Information: How To Install Vista: Step By Step Guide	Jelly Bean	Windows Tutorials	0	01-16-2009 10:27 AM
Spyware issues - HiJackThis log attached, and PreWork is complete	r_cypher	Windows XP/2000	2	01-21-2008 03:27 AM
[Answered] unable to complete the operation on application interface unknown	AMDPhenomX4	Windows XP/2000	1	09-10-2007 02:08 AM
[Tech News] Make Internet Explorer as secure as possible with this step-by-step guide	Newsie	IT News	0	10-24-2005 09:32 PM

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode