Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser hijacked, and suspicious aaa java program


  • This topic is locked This topic is locked
39 replies to this topic

#1 bassman1966

bassman1966

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 13 March 2011 - 10:59 PM

My xp laptop had a browser hijack, and my ESET was unable to find it. I opened a call with them, they had me try various 3rd party tools, still no fix. One of the tools that their pgm tried to launch was combo fix. It gave me an error message saying I did not have access to the network and could not download combofix. That was NOT true. I reported this via email to ESET, but they then sent another set of things to try. Still no fix. I googled to find combo fix, downloaded it and ran it. It got rid of the browser hijack. Only after that did I find your materials and correct procedures. So the browser hijack seems to be gone, but there is a second issue. I noticed about a month ago that when I listed programs in "add/remove programs" that there is an application called aaa. I see at least one other user on your forum reports this as well. I would like to find and get rid of this, and also just know my computer is as clean as possible, then do a good backup.

I followed your procedures and created the DDS.txt and the attach.txt files. When I run GMER, it runs for a long time and then the computer is completely locked up with no display at all. I have to power it off. Happened three times. So I ran it again and captured a screen for you. See attached image reg-suspicious3.jpg The last line in the capture looks very suspicious to me. Thanks in advance for your help.

DDS.txt contents are below
xxxxxxxx


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by David Talbott at 20:30:36.51 on Fri 03/11/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1321 [GMT -8:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\David Talbott\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AutorunsDisabled - No File
BHO: SkypeIEPluginBHO - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [DeleteLog] c:\windows\system32\oobe\DeleteLog.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [Auto EPSON Stylus Photo R200 Series on nancy-xp] c:\windows\system32\spool\drivers\w32x86\3\e_s4i2h1.exe /p47 "auto epson stylus photo r200 series on nancy-xp" /o33 "\\nancy-xp\EPSONStylus Photo R200" /M "Stylus Photo R200"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\david talbott\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - c:\windows\downlo~1\mywebex\419\mwmie.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} - hxxp://www.symantec.com/techsupp/activedata/nprdtinf.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157047432984
DPF: {86425144-8E97-41D5-8BCF-302812D44692} - hxxp://ravenas.razorstream.com/eve-service/objects/RSControl40.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} - hxxps://install.cox.net/CoxSelfInstall/CoxSelfInstallAx10.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxp://livewc01.custhelp.com/7560-b440h/rnl/java/RntX.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: AutorunsDisabled - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\davidt~1\applic~1\mozilla\firefox\profiles\butapy3w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\documents and settings\david talbott\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2006-9-1 10240]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-11 115008]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-10 14336]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 HP8207_8307Fltr;Hewlett-Packard;c:\windows\system32\drivers\HP8207_8307.sys [2010-4-1 9600]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
S3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2010-8-14 36224]
S3 esihdrv;esihdrv;\??\c:\docume~1\davidt~1\locals~1\temp\esihdrv.sys --> c:\docume~1\davidt~1\locals~1\temp\esihdrv.sys [?]
S3 ICDSX;Sony IC Recorder (SX);c:\windows\system32\drivers\IcdSX.sys [2006-10-13 31744]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-2-28 1405384]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [2010-9-8 704000]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [2010-9-8 24192]
S3 usbvm328;FlexiCAM USB 2.0 with sound;c:\windows\system32\drivers\usbvm326.sys [2006-12-10 235136]
S3 vmfilter326;326 MRD filter service;c:\windows\system32\drivers\vmfilter326.sys [2006-12-10 476800]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2010-8-14 134912]
S4 gupdate1ca0e2712ebad14;Google Update Service (gupdate1ca0e2712ebad14);c:\program files\google\update\GoogleUpdate.exe [2009-7-26 133104]
S4 pciinfo;HP Pci Information;\??\c:\docume~1\davidt~1\locals~1\temp\hpispz\hpdom\pciinfo.sys --> c:\docume~1\davidt~1\locals~1\temp\hpispz\hpdom\pciinfo.sys [?]
S4 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-20 24652]
.
=============== Created Last 30 ================
.
2011-03-10 20:03:54 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-10 20:03:53 785368 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-10 20:03:53 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-10 20:03:53 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-10 20:03:53 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-10 20:03:53 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-10 20:03:53 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-10 20:03:53 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-10 15:57:52 72080 ----a-w- c:\documents and settings\david talbott\g2mdlhlpx.exe
2011-03-10 02:12:40 -------- d-sha-r- C:\cmdcons
2011-03-10 02:06:29 98816 ----a-w- c:\windows\sed.exe
2011-03-10 02:06:29 89088 ----a-w- c:\windows\MBR.exe
2011-03-10 02:06:29 256512 ----a-w- c:\windows\PEV.exe
2011-03-10 02:06:29 161792 ----a-w- c:\windows\SWREG.exe
2011-03-10 02:06:17 -------- d-----w- C:\ComboFix
2011-03-09 22:12:33 -------- d-----w- c:\docume~1\davidt~1\applic~1\ErrorExpert
2011-03-04 20:34:18 -------- d-----w- c:\docume~1\davidt~1\applic~1\SUPERAntiSpyware.com
2011-03-04 20:34:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-03-04 20:34:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-04 20:02:14 -------- d-----w- c:\docume~1\davidt~1\applic~1\Malwarebytes
2011-03-04 20:02:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-04 20:02:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-04 20:01:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-04 20:01:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-03 03:24:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-03-02 02:37:14 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-02 02:02:29 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-02 02:00:30 -------- d-----w- c:\docume~1\davidt~1\locals~1\applic~1\Sunbelt Software
2011-03-02 01:57:04 -------- dc----w- c:\docume~1\alluse~1\applic~1\{48F52499-ADE3-4774-9621-FB173785947D}
2011-02-18 22:21:35 -------- d-----w- c:\docume~1\davidt~1\applic~1\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
2011-02-18 18:28:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-18 18:28:41 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-02-14 19:13:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
2011-02-14 18:45:27 67032 ----a-w- c:\program files\mozilla firefox\plugins\npContribute.dll
2011-02-14 18:10:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\ALM
2011-02-14 17:57:09 -------- d-----w- c:\documents and settings\david talbott\Adobe Flash Builder 4
2011-02-14 17:35:24 -------- d-----w- c:\program files\My Company Name
.
==================== Find3M ====================
.
2011-02-05 01:48:32 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-05 01:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-03 03:46:32 256 ----a-w- c:\windows\system32\pool.bin
2011-02-03 03:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-30 07:48:37 86016 --sha-r- c:\windows\system32\hticonsq.dll
2011-01-30 07:48:36 86016 --sha-r- c:\windows\system32\freecellz.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 20:32:10.06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:06 PM

Posted 18 March 2011 - 08:45 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#3 bassman1966

bassman1966
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 19 March 2011 - 04:27 AM

Hello and thank you in advance for helping me. Let me know what you would like me to do.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:06 PM

Posted 19 March 2011 - 05:18 PM

Let's check what might be on-board before we go in a bit harder

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#5 bassman1966

bassman1966
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 19 March 2011 - 08:54 PM

Hi and thanks. Ran it and it did not find anything. Here is the log:



2011/03/19 18:52:39.0625 4960 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/19 18:52:40.0078 4960 ================================================================================
2011/03/19 18:52:40.0078 4960 SystemInfo:
2011/03/19 18:52:40.0078 4960
2011/03/19 18:52:40.0078 4960 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/19 18:52:40.0078 4960 Product type: Workstation
2011/03/19 18:52:40.0078 4960 ComputerName: DTALBOTT
2011/03/19 18:52:40.0078 4960 UserName: David Talbott
2011/03/19 18:52:40.0078 4960 Windows directory: C:\WINDOWS
2011/03/19 18:52:40.0078 4960 System windows directory: C:\WINDOWS
2011/03/19 18:52:40.0078 4960 Processor architecture: Intel x86
2011/03/19 18:52:40.0078 4960 Number of processors: 1
2011/03/19 18:52:40.0078 4960 Page size: 0x1000
2011/03/19 18:52:40.0078 4960 Boot type: Normal boot
2011/03/19 18:52:40.0078 4960 ================================================================================
2011/03/19 18:52:40.0281 4960 Initialize success
2011/03/19 18:52:57.0078 4048 ================================================================================
2011/03/19 18:52:57.0078 4048 Scan started
2011/03/19 18:52:57.0078 4048 Mode: Manual;
2011/03/19 18:52:57.0078 4048 ================================================================================
2011/03/19 18:52:59.0125 4048 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/03/19 18:52:59.0265 4048 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/19 18:52:59.0328 4048 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/03/19 18:52:59.0421 4048 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/19 18:52:59.0500 4048 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
2011/03/19 18:52:59.0546 4048 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/19 18:52:59.0703 4048 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/03/19 18:52:59.0781 4048 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/03/19 18:52:59.0875 4048 ArcCD (a82f1a1b09593c73efd02a59dc94920c) C:\WINDOWS\system32\drivers\ArcCD.sys
2011/03/19 18:52:59.0937 4048 ArcRec (1af9061b61741a912368ab4dc309d25e) C:\WINDOWS\system32\drivers\ArcRec.sys
2011/03/19 18:52:59.0968 4048 ArcUdfs (3ee9e41102a2c6b8f7dbad5d44abda05) C:\WINDOWS\system32\drivers\ArcUdfs.sys
2011/03/19 18:53:00.0015 4048 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/19 18:53:00.0093 4048 Asapi (7de1504dba7e72313bb4ca5587df86cf) C:\WINDOWS\system32\drivers\Asapi.sys
2011/03/19 18:53:00.0265 4048 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/19 18:53:00.0343 4048 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/19 18:53:00.0828 4048 ati2mtag (c51608bba3248be2f6d21b132910752a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/03/19 18:53:01.0093 4048 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/19 18:53:01.0171 4048 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/19 18:53:01.0234 4048 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/03/19 18:53:01.0312 4048 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/03/19 18:53:01.0375 4048 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/19 18:53:01.0453 4048 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/03/19 18:53:01.0484 4048 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/03/19 18:53:01.0546 4048 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/03/19 18:53:01.0593 4048 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/03/19 18:53:01.0640 4048 BTWUSB (e76dc88f00d50f46072feb2371769978) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/03/19 18:53:01.0703 4048 CAMCAUD (c2ef37f09cfee9665e6cd7c0b0afb84f) C:\WINDOWS\system32\drivers\camc6aud.sys
2011/03/19 18:53:01.0796 4048 CAMCHALA (512df898de5c0654647acd5c82f0bd99) C:\WINDOWS\system32\drivers\camc6hal.sys
2011/03/19 18:53:02.0000 4048 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/19 18:53:02.0046 4048 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/19 18:53:02.0125 4048 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/19 18:53:02.0171 4048 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/19 18:53:02.0250 4048 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2011/03/19 18:53:02.0312 4048 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/19 18:53:02.0406 4048 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/19 18:53:02.0500 4048 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/19 18:53:02.0687 4048 DELTAFW (f1ba14ee05c7cb5e118ee9370b025903) C:\WINDOWS\system32\drivers\deltafw.sys
2011/03/19 18:53:02.0734 4048 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/19 18:53:02.0812 4048 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/19 18:53:02.0890 4048 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/19 18:53:02.0953 4048 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/19 18:53:03.0015 4048 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/19 18:53:03.0078 4048 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/03/19 18:53:03.0140 4048 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/03/19 18:53:03.0187 4048 dot4ufd (e9674cdc15f5a26e9b1b42f8d0185d06) C:\WINDOWS\system32\DRIVERS\hppaufd0.sys
2011/03/19 18:53:03.0265 4048 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/19 18:53:03.0343 4048 eabfiltr (c6aca0190ee7b614673ee0c91863b1eb) C:\WINDOWS\system32\drivers\EABFiltr.sys
2011/03/19 18:53:03.0421 4048 eabusb (da1011db09ad641de40cd5cca70c0c43) C:\WINDOWS\system32\drivers\eabusb.sys
2011/03/19 18:53:03.0484 4048 eamon (d42dd9021acd47683b33adf21bca49aa) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/03/19 18:53:03.0593 4048 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2011/03/19 18:53:03.0687 4048 epfw (73411c14a8c6062bb6a510772cf2f38c) C:\WINDOWS\system32\DRIVERS\epfw.sys
2011/03/19 18:53:03.0765 4048 Epfwndis (490329bf80f333e788df9596a752a915) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
2011/03/19 18:53:03.0937 4048 epfwtdi (bdde7dd8fcdb1de7e879bb320b0605c0) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
2011/03/19 18:53:04.0171 4048 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/19 18:53:04.0234 4048 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/19 18:53:04.0296 4048 FilterService (5c329e2ab8dd62310213cbfac0178539) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/03/19 18:53:04.0343 4048 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/19 18:53:04.0390 4048 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/19 18:53:04.0437 4048 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/19 18:53:04.0500 4048 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/19 18:53:04.0531 4048 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/19 18:53:04.0593 4048 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/03/19 18:53:04.0656 4048 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/19 18:53:04.0718 4048 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINDOWS\system32\DRIVERS\hidbth.sys
2011/03/19 18:53:04.0765 4048 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/19 18:53:04.0828 4048 HP8207_8307Fltr (8646a96efba33fbc25fd7073c9ad9002) C:\WINDOWS\system32\drivers\HP8207_8307.sys
2011/03/19 18:53:04.0921 4048 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/19 18:53:04.0968 4048 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/19 18:53:05.0015 4048 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/19 18:53:05.0078 4048 HSFHWATI (14794f142befc962ab142584607a6631) C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
2011/03/19 18:53:05.0140 4048 HSF_DP (f99bb4e2b462198b2b0a82d0949f0c41) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/03/19 18:53:05.0250 4048 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/19 18:53:05.0453 4048 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/19 18:53:05.0515 4048 ICDSX (9404719c43986ef811e69520db411516) C:\WINDOWS\system32\Drivers\ICDSX.sys
2011/03/19 18:53:05.0578 4048 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/19 18:53:05.0703 4048 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/19 18:53:05.0765 4048 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/19 18:53:05.0828 4048 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/19 18:53:05.0890 4048 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/19 18:53:05.0953 4048 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/19 18:53:06.0015 4048 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/19 18:53:06.0062 4048 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/19 18:53:06.0109 4048 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/19 18:53:06.0171 4048 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/19 18:53:06.0218 4048 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/19 18:53:06.0281 4048 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/19 18:53:06.0359 4048 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/19 18:53:06.0562 4048 Lvckap (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
2011/03/19 18:53:06.0781 4048 lvmvdrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
2011/03/19 18:53:06.0953 4048 lvpopflt (e8acf6dd83956fb63ceb058d5f51b18a) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2011/03/19 18:53:07.0062 4048 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/03/19 18:53:07.0140 4048 LVPrcMon (4fd5a6335fb4fc1f758088b2f90613fe) C:\WINDOWS\system32\drivers\LVPrcMon.sys
2011/03/19 18:53:07.0234 4048 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/03/19 18:53:07.0359 4048 LVUVC (922be6770499220dc27b529ca236815a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/03/19 18:53:07.0515 4048 MAFWBOOT (d8d131d0fe08b62604651e45d3a2ba7a) C:\WINDOWS\system32\drivers\mafwboot.sys
2011/03/19 18:53:07.0609 4048 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
2011/03/19 18:53:07.0687 4048 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/19 18:53:07.0765 4048 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/03/19 18:53:07.0828 4048 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/19 18:53:07.0890 4048 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/19 18:53:07.0968 4048 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/19 18:53:08.0031 4048 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/19 18:53:08.0093 4048 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/19 18:53:08.0156 4048 mozyFilter (b8e08bfcab2be31804cea983d2094faf) C:\WINDOWS\system32\DRIVERS\mozy.sys
2011/03/19 18:53:08.0234 4048 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/19 18:53:08.0312 4048 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/19 18:53:08.0406 4048 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/03/19 18:53:08.0437 4048 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/19 18:53:08.0531 4048 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/19 18:53:08.0593 4048 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/19 18:53:08.0656 4048 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/19 18:53:08.0718 4048 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/19 18:53:08.0953 4048 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/19 18:53:09.0078 4048 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/19 18:53:09.0156 4048 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/19 18:53:09.0281 4048 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/19 18:53:09.0359 4048 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/19 18:53:09.0453 4048 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/19 18:53:09.0625 4048 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/19 18:53:09.0875 4048 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/19 18:53:10.0109 4048 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/19 18:53:10.0156 4048 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/19 18:53:10.0203 4048 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/19 18:53:10.0296 4048 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/19 18:53:10.0359 4048 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/19 18:53:10.0421 4048 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/19 18:53:10.0515 4048 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/19 18:53:10.0562 4048 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/19 18:53:10.0609 4048 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/19 18:53:10.0656 4048 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/19 18:53:10.0734 4048 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/19 18:53:10.0765 4048 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/19 18:53:10.0828 4048 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/19 18:53:10.0875 4048 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/19 18:53:10.0937 4048 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/19 18:53:11.0109 4048 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/03/19 18:53:11.0343 4048 pelmouse (670824151bf5a291d395f57ef2999cbf) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
2011/03/19 18:53:11.0375 4048 pelusblf (ee8c61ce8a018a6ad1dfbd90b452e845) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
2011/03/19 18:53:11.0468 4048 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\PenClass.sys
2011/03/19 18:53:11.0640 4048 pfc (f2b3785d7282bac66d4b644fc88749f0) C:\WINDOWS\system32\drivers\pfc.sys
2011/03/19 18:53:11.0718 4048 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/03/19 18:53:11.0765 4048 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/19 18:53:11.0812 4048 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/03/19 18:53:11.0859 4048 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/19 18:53:11.0921 4048 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/19 18:53:11.0984 4048 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/19 18:53:12.0218 4048 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/19 18:53:12.0265 4048 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/19 18:53:12.0328 4048 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/19 18:53:12.0375 4048 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/19 18:53:12.0421 4048 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/19 18:53:12.0484 4048 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/19 18:53:12.0531 4048 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/19 18:53:12.0609 4048 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/19 18:53:12.0656 4048 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/19 18:53:12.0703 4048 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/03/19 18:53:12.0750 4048 RimSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/03/19 18:53:12.0828 4048 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/03/19 18:53:12.0875 4048 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/03/19 18:53:12.0921 4048 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/03/19 18:53:13.0015 4048 RTL8023xp (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/03/19 18:53:13.0062 4048 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/03/19 18:53:13.0171 4048 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/03/19 18:53:13.0218 4048 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/03/19 18:53:13.0296 4048 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/03/19 18:53:13.0359 4048 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/19 18:53:13.0437 4048 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/19 18:53:13.0484 4048 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/19 18:53:13.0546 4048 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/19 18:53:13.0671 4048 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/19 18:53:13.0781 4048 SMNDIS5 (4ef5ea44583c37383c289d4b8c354698) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS
2011/03/19 18:53:13.0843 4048 snapman380 (5ce1cf27620b144e212d407cdb14d339) C:\WINDOWS\system32\DRIVERS\snman380.sys
2011/03/19 18:53:13.0906 4048 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
2011/03/19 18:53:14.0046 4048 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/19 18:53:14.0218 4048 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/19 18:53:14.0343 4048 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/19 18:53:14.0421 4048 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/03/19 18:53:14.0468 4048 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/19 18:53:14.0531 4048 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/19 18:53:14.0578 4048 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/19 18:53:14.0750 4048 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/03/19 18:53:14.0906 4048 SynTP (f484c77f748729129d5cc9c965d9f701) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/03/19 18:53:14.0953 4048 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/19 18:53:15.0031 4048 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/19 18:53:15.0109 4048 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/19 18:53:15.0203 4048 tdrpman174 (d953f161177dab3c8440844a9ab6e5a2) C:\WINDOWS\system32\DRIVERS\tdrpm174.sys
2011/03/19 18:53:15.0296 4048 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/19 18:53:15.0343 4048 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/19 18:53:15.0437 4048 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
2011/03/19 18:53:15.0500 4048 tifsfilter (6dcb8ddb481cd3c40fa68593723b4d89) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/03/19 18:53:15.0546 4048 timounter (394fc70b88b7958fa85798bbc76d140a) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/03/19 18:53:15.0703 4048 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/19 18:53:15.0812 4048 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/19 18:53:15.0921 4048 USA19H (6d1e41657fdb48f9147598c773297513) C:\WINDOWS\system32\DRIVERS\USA19H2k.sys
2011/03/19 18:53:16.0000 4048 USA19H2KP (8a217fc16dd14ab8ad2eaa1f08b3b5c5) C:\WINDOWS\system32\DRIVERS\USA19H2kp.SYS
2011/03/19 18:53:16.0078 4048 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/03/19 18:53:16.0109 4048 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/03/19 18:53:16.0156 4048 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/19 18:53:16.0234 4048 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/19 18:53:16.0281 4048 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/19 18:53:16.0328 4048 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/03/19 18:53:16.0359 4048 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/19 18:53:16.0406 4048 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/19 18:53:16.0453 4048 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/19 18:53:16.0531 4048 usbvm328 (7e509c31f6bccddbbd2d9c80044f45b9) C:\WINDOWS\system32\Drivers\usbvm326.sys
2011/03/19 18:53:16.0593 4048 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/19 18:53:16.0625 4048 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/03/19 18:53:16.0718 4048 vmfilter326 (80bf2142fa299016921c22b0ab6773b4) C:\WINDOWS\system32\drivers\vmfilter326.sys
2011/03/19 18:53:16.0781 4048 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/19 18:53:16.0875 4048 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/19 18:53:16.0953 4048 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/03/19 18:53:17.0046 4048 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/19 18:53:17.0156 4048 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/19 18:53:17.0281 4048 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/03/19 18:53:17.0375 4048 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/03/19 18:53:17.0453 4048 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/19 18:53:17.0531 4048 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/19 18:53:17.0593 4048 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/19 18:53:17.0625 4048 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
2011/03/19 18:53:17.0750 4048 ================================================================================
2011/03/19 18:53:17.0750 4048 Scan finished
2011/03/19 18:53:17.0750 4048 ================================================================================

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:06 PM

Posted 19 March 2011 - 09:01 PM

Okay, so let's now run Combofix. Please let me know how the redirects are after each instruction.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#7 bassman1966

bassman1966
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 19 March 2011 - 09:50 PM

Please refer to my very first post in this string. It describes how I had run combofix before. That is just FYI. I followed your instructions, ran combofix. Below is the contents of C:\ComboFix.txt



ComboFix 11-03-19.01 - David Talbott 03/19/2011 19:26:26.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1313 [GMT -7:00]
Running from: c:\documents and settings\David Talbott\Desktop\Comfix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\David Talbott\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-20 to 2011-03-20 )))))))))))))))))))))))))))))))
.
.
2011-03-19 18:07 . 2011-03-19 18:07 -------- d-----w- c:\windows\LastGood
2011-03-17 23:11 . 2011-03-17 23:11 -------- d-----w- c:\documents and settings\David Talbott\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-03-12 22:34 . 2011-03-12 22:34 -------- d-----w- c:\program files\iPod
2011-03-12 22:34 . 2011-03-12 22:35 -------- d-----w- c:\program files\iTunes
2011-03-12 22:21 . 2011-03-12 22:21 -------- d-----w- c:\program files\Bonjour
2011-03-10 20:03 . 2011-03-04 11:50 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-10 20:03 . 2011-03-04 11:49 785368 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-10 20:03 . 2011-03-04 11:49 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-10 20:03 . 2011-03-04 11:49 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-10 20:03 . 2011-03-04 11:49 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-10 20:03 . 2011-03-04 11:49 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-10 20:03 . 2011-03-04 11:49 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-10 20:03 . 2011-03-04 11:49 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-10 02:06 . 2011-03-20 02:22 -------- d-----w- C:\ComboFix
2011-03-09 22:12 . 2011-03-09 22:12 -------- d-----w- c:\documents and settings\David Talbott\Application Data\ErrorExpert
2011-03-04 20:34 . 2011-03-04 20:34 -------- d-----w- c:\documents and settings\David Talbott\Application Data\SUPERAntiSpyware.com
2011-03-04 20:34 . 2011-03-04 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-03-04 20:34 . 2011-03-05 03:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-04 20:02 . 2011-03-04 20:02 -------- d-----w- c:\documents and settings\David Talbott\Application Data\Malwarebytes
2011-03-04 20:02 . 2011-03-04 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-04 20:02 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-04 20:01 . 2011-03-04 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-04 20:01 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-03 21:18 . 2011-03-03 21:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\ESET
2011-03-03 03:24 . 2011-03-03 03:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-03-02 02:37 . 2011-02-28 10:10 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-02 02:02 . 2011-03-02 02:02 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-02 02:00 . 2011-03-02 02:00 -------- d-----w- c:\documents and settings\David Talbott\Local Settings\Application Data\Sunbelt Software
2011-03-02 01:57 . 2011-03-02 01:57 -------- dc----w- c:\documents and settings\All Users\Application Data\{48F52499-ADE3-4774-9621-FB173785947D}
2011-02-18 22:21 . 2011-02-18 22:21 -------- d-----w- c:\documents and settings\David Talbott\Application Data\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
2011-02-18 18:28 . 2011-02-03 05:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-18 18:28 . 2011-02-03 05:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 00:36 . 2008-09-11 18:06 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-19 00:36 . 2008-04-04 00:48 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-05 01:48 . 2005-08-06 05:01 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-05 01:48 . 2005-08-06 05:01 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-03 03:19 . 2007-04-22 17:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2004-08-10 15:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-10 15:00 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-10 15:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-10 15:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2006-06-20 04:26 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-10 15:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-21 23:04 . 2009-09-11 14:23 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-12-21 23:04 . 2009-09-11 14:17 141264 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-12-21 21:47 . 2009-09-11 14:26 134000 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-12-21 21:47 . 2009-06-19 16:10 33120 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-12-20 23:59 . 2004-08-10 15:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-10 15:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-10 15:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-10 15:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-10 15:00 385024 ----a-w- c:\windows\system32\html.iec
2011-03-04 11:50 . 2011-03-10 20:03 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-10_02.26.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 09:19 . 2007-11-07 09:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2007-11-07 10:19 . 2007-11-07 10:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 13:07 . 2008-07-29 13:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
- 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
- 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 13:07 . 2008-07-29 13:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2011-03-19 17:32 . 2011-03-19 17:32 16384 c:\windows\temp\Perflib_Perfdata_704.dat
+ 2011-03-19 17:32 . 2011-03-19 17:32 16384 c:\windows\temp\Perflib_Perfdata_138.dat
+ 2011-03-18 21:40 . 2001-08-18 05:36 23040 c:\windows\system32\spool\drivers\w32x86\3\HPCJRUI.DLL
+ 2011-03-18 21:40 . 2008-04-14 00:11 10752 c:\windows\system32\spool\drivers\w32x86\3\HPCJRR.DLL
+ 2011-03-18 21:40 . 2001-08-18 05:36 28160 c:\windows\system32\spool\drivers\w32x86\3\HPCCLJUI.DLL
+ 2011-03-18 21:40 . 2001-08-18 05:36 40960 c:\windows\system32\spool\drivers\w32x86\3\HPCCLJ1.DLL
+ 2011-03-18 21:40 . 2001-08-18 05:36 16896 c:\windows\system32\spool\drivers\w32x86\3\hpcabout.dll
- 2005-08-17 17:21 . 2011-03-02 16:45 97960 c:\windows\system32\perfc009.dat
+ 2005-08-17 17:21 . 2011-03-16 16:13 97960 c:\windows\system32\perfc009.dat
+ 2011-03-12 22:27 . 2011-02-19 00:36 41984 c:\windows\system32\DRVSTORE\usbaapl_05A32DBD3911A2EF4222EF5BE7BB535FAB37D6C4\usbaapl.sys
- 2010-07-28 01:44 . 2010-07-28 01:44 91424 c:\windows\system32\dnssd.dll
+ 2010-10-07 20:23 . 2010-10-07 20:23 91424 c:\windows\system32\dnssd.dll
+ 2011-03-19 18:07 . 2010-09-28 23:44 41984 c:\windows\LastGood\System32\Drivers\usbaapl.sys
+ 2011-03-17 23:52 . 2011-03-17 23:52 28160 c:\windows\Installer\1bfcd67.msi
+ 2011-03-18 21:40 . 2001-08-18 05:34 8192 c:\windows\system32\spool\drivers\w32x86\3\hpcstr.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
- 2008-07-29 11:54 . 2008-07-29 11:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 10:54 . 2008-07-29 10:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2011-03-18 21:40 . 2001-08-18 05:34 136192 c:\windows\system32\spool\drivers\w32x86\3\hpcfont.dll
+ 2005-08-17 17:21 . 2011-03-16 16:13 513426 c:\windows\system32\perfh009.dat
- 2005-08-17 17:21 . 2011-03-02 16:45 513426 c:\windows\system32\perfh009.dat
- 2010-07-28 01:44 . 2010-07-28 01:44 197920 c:\windows\system32\dnssdX.dll
+ 2010-10-07 20:23 . 2010-10-07 20:23 197920 c:\windows\system32\dnssdX.dll
- 2010-07-28 01:44 . 2010-07-28 01:44 107808 c:\windows\system32\dns-sd.exe
+ 2010-10-07 20:23 . 2010-10-07 20:23 107808 c:\windows\system32\dns-sd.exe
+ 2011-03-12 22:19 . 2011-03-12 22:19 811520 c:\windows\Installer\69db79.msi
+ 2011-03-12 22:22 . 2011-03-12 22:22 897024 c:\windows\Installer\{C73F2967-062E-48F2-A462-D335B8950183}\SafariIco.exe
+ 2011-03-12 22:36 . 2011-03-12 22:36 380928 c:\windows\Installer\{2A697B53-0DE3-42DA-B41D-C3F804B1C538}\iTunesIco.exe
+ 2008-07-29 15:05 . 2008-07-29 15:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2011-03-12 22:27 . 2011-02-19 00:36 4184352 c:\windows\system32\DRVSTORE\usbaapl_05A32DBD3911A2EF4222EF5BE7BB535FAB37D6C4\usbaaplrc.dll
+ 2011-03-19 18:07 . 2010-09-28 23:44 4184352 c:\windows\LastGood\System32\usbaaplrc.dll
+ 2011-03-12 22:36 . 2011-03-12 22:36 5448704 c:\windows\Installer\69e6dd.msi
+ 2011-03-12 22:27 . 2011-03-12 22:27 3085312 c:\windows\Installer\69de3a.msi
+ 2011-03-12 22:24 . 2011-03-12 22:24 1710592 c:\windows\Installer\69dd71.msi
+ 2011-03-12 22:22 . 2011-03-12 22:22 3140608 c:\windows\Installer\69dc50.msi
+ 2011-03-12 22:21 . 2011-03-12 22:21 1984000 c:\windows\Installer\69db9d.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-02-08 21:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-02-08 21:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"DeleteLog"="c:\windows\system32\oobe\DeleteLog.exe" [2005-01-07 36864]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"Auto EPSON Stylus Photo R200 Series on nancy-xp"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 57344]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-13 2219184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2011-2-8 3600184]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPMonitor.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HPMonitor.exe.lnk
backup=c:\windows\pss\HPMonitor.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpwmsd.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpwmsd.exe.lnk
backup=c:\windows\pss\hpwmsd.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
backup=c:\windows\pss\TabUserW.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^David Talbott^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\David Talbott\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^David Talbott^Start Menu^Programs^Startup^Digsby.lnk]
path=c:\documents and settings\David Talbott\Start Menu\Programs\Startup\Digsby.lnk
backup=c:\windows\pss\Digsby.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-01-21 06:34 377232 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-01-21 06:45 960536 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 19:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft MediaImpression Monitor]
2010-07-20 17:09 80384 ----a-w- c:\program files\Kodak\MediaImpression\ArcMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-11-11 05:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CardScanAgent]
2008-08-28 02:30 152824 ----a-w- c:\program files\CardScan\CardScan\CardScanAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2005-08-01 22:26 233534 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2005-12-07 18:56 409600 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 04:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R200 Series]
2003-07-08 10:00 99840 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-05-12 15:57 133104 ----atw- c:\documents and settings\David Talbott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 07:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2005-03-17 21:45 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2006-11-22 01:09 842584 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 23:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2007-02-20 15:30 67128 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-26 00:33 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-26 00:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAFWTaskbarApp]
2004-06-23 23:13 151552 ----a-w- c:\windows\system32\mafwTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 17:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2004-07-14 22:36 57344 ----a-w- c:\windows\system32\ICO.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2005-03-17 21:25 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2005-12-12 19:39 94208 ------w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-14 00:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 17:22 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-09-30 06:13 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-26 19:25 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-01-21 06:06 4359280 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
2010-05-25 19:10 5475403 ----a-w- c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2010-06-01 17:17 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FileZilla\\FileZilla.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [9/1/2006 4:04 PM 10240]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/11/2009 7:23 AM 115008]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/10/2004 8:00 AM 14336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [1/12/2011 5:41 PM 810144]
R3 HP8207_8307Fltr;Hewlett-Packard;c:\windows\system32\drivers\HP8207_8307.sys [4/1/2010 9:15 PM 9600]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 2:06 AM 231424]
S3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [8/15/2010 12:21 AM 36224]
S3 esihdrv;esihdrv;\??\c:\docume~1\DAVIDT~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\DAVIDT~1\LOCALS~1\Temp\esihdrv.sys [?]
S3 ICDSX;Sony IC Recorder (SX);c:\windows\system32\drivers\IcdSX.sys [10/13/2006 4:54 PM 31744]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/28/2011 3:10 AM 1405384]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]
S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [9/8/2010 7:54 PM 704000]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [9/8/2010 7:54 PM 24192]
S3 usbvm328;FlexiCAM USB 2.0 with sound;c:\windows\system32\drivers\usbvm326.sys [12/10/2006 5:59 PM 235136]
S3 vmfilter326;326 MRD filter service;c:\windows\system32\drivers\vmfilter326.sys [12/10/2006 5:59 PM 476800]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [8/15/2010 12:21 AM 134912]
S4 gupdate1ca0e2712ebad14;Google Update Service (gupdate1ca0e2712ebad14);c:\program files\Google\Update\GoogleUpdate.exe [7/26/2009 12:27 PM 133104]
S4 pciinfo;HP Pci Information;\??\c:\docume~1\DAVIDT~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\DAVIDT~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/20/2008 8:40 PM 24652]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - KLMD25
*Deregistered* - ArcRec
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-02-28 13:06]
.
2011-03-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-DTALBOTT-David Talbott.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-02-14 11:44]
.
2011-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2011-03-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-26 19:25]
.
2011-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 19:27]
.
2011-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 19:27]
.
2011-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2726773567-1998073907-1882516597-1005Core.job
- c:\documents and settings\David Talbott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-12 15:57]
.
2011-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2726773567-1998073907-1882516597-1005UA.job
- c:\documents and settings\David Talbott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-12 15:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\David Talbott\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {86425144-8E97-41D5-8BCF-302812D44692} - hxxp://ravenas.razorstream.com/eve-service/objects/RSControl40.cab
FF - ProfilePath - c:\documents and settings\David Talbott\Application Data\Mozilla\Firefox\Profiles\butapy3w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-19 19:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\||A~*]
"???w?Z?4??????<w??"=multi:"Z\00\03\00\00\00\04\00\00\00\00\00\00\00\00\00\00\00\00@\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\0e\1f\0e\00\09!\01L!This program cannot be run in DOS mode.\0d\0d\0a$\00\00\00\00\00\00\00w{\16\15\16\15\16\15x\16\15{\16\15\1c\19H\16\15\16\14|\16\15oh\16\15oxv\16\15o{\16\15o\16\15g\16\15i\16\15m\16\15Rich\16\15\00\00\00\00\00\00\00\00PE\00\00L\01\04\00TH\00\00\00\00\00\00\00\00\00\02!\0b\01\08\00\00x\03\00\00r\05\00\00\00\00\00\01\00\00\10\00\00\00\03\00\00\00\00\10\00\10\00\00\00\02\00\00\05\00\00\00\08\00\00\00\04\00\00\00\00\00\00\00\000\09\00\00\04\00\00W\09\00\02\00\00\00\00\00\10\00\00\10\00\00\00\00\10\00\00\10\00\00\00\00\00\00\10\00\00\00\03\00\03\00\00v\03\00\00\00\00\00\03\00\\'\05\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\09\00\1f\00\00\12\00\00\1c\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\04\01\00@\00\00\00\00\00\00\00\00\00\00\00\00\10\00\00p\02\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00.text\00\00\00'v\03\00\00\10\00\00\00x\03\00\00\04\00\00\00\00\00\00\00\00\00\00\00\00\00\00 \00\00`.data\00\00\00X=\00\00\00\03\00\00\1a\00\00\00|\03\00\00\00\00\00\00\00\00\00\00\00\00\00@\00\00.rsrc\00\00\00\000\05\00\00\03\00\00(\05\00\00\03\00\00\00\00\00\00\00\00\00\00\00\00\00@\00\00@.reloc\00\00R.\00\00\00\00\09\00\000\00\00\00\08\00\00\00\00\00\00\00\00\00\00\00\00\00@\00\00B\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\03\00\04\03\00\12\03\00(\03\00:\03\00T\03\00d\03\00v\03\00\03\00\03\00\00\00\00\00Vz\03\00jz\03\00zz\03\00z\03\00z\03\00z\03\00z\03\00z\03\00z\03\00\00{\03\00\16{\03\00({\03\004{\03\00D{\03\00P{\03\00b{\03\00|{\03\00{\03\00{\03\00{\03\00{\03\00{\03\00{\03\00{\03\00\0c|\03\00\18|\03\00&|\03\000|\03\00H|\03\00X|\03\00p|\03\00|\03\00|\03\00|\03\00|\03\00|\03\00|\03\00|\03\00\12}\03\00,}\03\00F}\03\00T}\03\00b}\03\00p}\03\00}\03\00}\03\00}\03\00}\03\00}\03\00}\03\00\12~\03\00&~\03\002~\03\00<~\03\00Jz\03\00Z~\03\00f~\03\00~~\03\00~\03\00~\03\00~\03\00~\03\00~\03\00~\03\00\06\03\00\12\03\00.\03\00>\03\00L\03\00^\03\00p\03\00\03\00\03\00\03\00\03\00\03\00\03\00\03\00\02\03\00\12\03\00(\03\008\03\00H\03\00T\03\00d\03\00r\03\00\03\00\03\00\03\00x\03\00f\03\00T\03\00D\03\00.\03\00\16\03\00\04\03\00\03\00\03\004z\03\00(z\03\00\14z\03\00\06z\03\00y\03\00y\03\00y\03\00y\03\00y\03\00H~\03\00y\03\00\00\00\00\00\06\00\00\02\00\00\00\00\00\00\03\00\00\00\00\00\00\00\14\00\00@\00\00J\00\00v\00\00t\00\003\00\00\00\00g\00\00 \00\00?\00\00F\00\00\00\00P\00\00\00\00\08\00\00\00\00y\00\001\00\00}\00\00\00\00\00\00\11\00\00\"\00\00\00\00\00\00\00\00\00\00\03\00\03\00\00\00\00\00\00\00\00\00X\03\10\00\00\00\00\00\00\00\00\01\10\0c\02\10\1c\02\10Y\02\10\02\10\00\00\00\00\00\00\00\00P\02\10\1d\02\10\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00TH\00\00\00\00\02\00\00\00$\00\00\00\00\05\01\00\00\00\00$\05\01\10\08\01\10\01\10\05\01\10d\01\10d\01\10\05\01\10Ae\01\10d\01\10@\06\01\10N|\01\10d\01\10string too long\00invalid string position\00\00\00\00\00\06\01\10\08\01\10\01\10Unknown exception\00\00\00\06\01\10\01\10.\00/\00\\\00\00\00?\00*\00\00\00\00\00csm\01\00\00\00\00\00\00\00\00\00\00\00\03\00\00\00 \05\19\00\00\00\00\00\00\00\00CorExitProcess\00\00.mixcrt\00EncodePointer\00\00\00KERNEL32.DLL\00\00\00\00DecodePointer\00\00\00FlsFree\00FlsSetValue\00FlsGetValue\00FlsAlloc\00\00\00\00P\03\10\03\10\00\00\00\00\01\02\03\04\05\06\07\08\09\0a\0b\0c\0d\0e\0f\10\11\12\13\14\15\16\17\18\19\1a\1b\1c\1d\1e\1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\00c\00c\00s\00=\00\00\00\00\00U\00T\00F\00-\008\00\00\00U\00T\00F\00-\001\006\00L\00E\00\00\00\00\00U\00N\00I\00C\00O\00D\00E\00\00\00.\00c\00o\00m\00\00\00\00\00.\00b\00a\00t\00\00\00\00\00.\00c\00m\00d\00\00\00\00\00.\00e\00x\00e\00\00\00\00\00\00\00\00\005\02\10\06\01\103\02\10\01\10bad exception\00\00\00runtime error \00\00\0d\0a\00\00TLOSS error\0d\0a\00\00\00SING error\0d\0a\00\00\00\00DOMAIN error\0d\0a\00\00\00\00\00\00R6034\0d\0aAn application has made an attempt to load the C runtime library incorrectly.\0aPlease contact the application's support team for more information.\0d\0a\00\00\00\00\00\00R6033\0d\0a- Attempt to use MSIL code from this assembly during native code initialization\0aThis indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.\0d\0a\00\00R6032\0d\0a- not enough space for locale information\0d\0a\00\00\00\00\00\00R6031\0d\0a- Attempt to initialize the CRT more than once.\0aThis indicates a bug in your application.\0d\0a\00\00R6030\0d\0a- CRT not initialized\0d\0a\00\00R6028\0d\0a- unable to initialize heap\0d\0a\00\00\00\00R6027\0d\0a- not enough space for lowio initialization\0d\0a\00\00\00\00R6026\0d\0a- not enough space for stdio initialization\0d\0a\00\00\00\00R6025\0d\0a- pure virtual function call\0d\0a\00\00\00R6024\0d\0a- not enough space for _onexit/atexit table\0d\0a\00\00\00\00R6019\0d\0a- unable to open console device\0d\0a\00\00\00\00R6018\0d\0a- unexpected heap error\0d\0a\00\00\00\00R6017\0d\0a- unexpected multithread lock error\0d\0a\00\00\00\00R6016\0d\0a- not enough space for thread data\0d\0a\00\0d\0aThis application has requested the Runtime to t\00\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1332)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-03-19 19:42:02
ComboFix-quarantined-files.txt 2011-03-20 02:41
ComboFix2.txt 2011-03-10 02:29
.
Pre-Run: 130,066,661,376 bytes free
Post-Run: 130,071,072,768 bytes free
.
- - End Of File - - 84A12A11145496190E48766C5E6A5EBD

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:06 PM

Posted 20 March 2011 - 07:28 AM

Please refer to my very first post in this string. It describes how I had run combofix before.


I was aware that you had run it before but you said you Googled to find a copy so it could well have been an old copy or a fake copy. I can see now that the one you ran was a new copy so that's fine. I did miss that you had dealt with the redirect though.

Please run OTL, which will find the aaa program if it's still on the system

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#9 bassman1966

bassman1966
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 20 March 2011 - 02:09 PM

OK ran OTL and here are the logs:

OTL logfile created on: 3/20/2011 12:03:25 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\David Talbott\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 121.15 Gb Free Space | 40.64% Space Free | Partition Type: NTFS

Computer Name: DTALBOTT | User Name: David Talbott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\David Talbott\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\HPQ\shared\HpqToaster.exe ()
PRC - C:\WINDOWS\system32\hpzipm12.exe (HP)
PRC - C:\WINDOWS\system32\ICO.EXE (Primax Electronics Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\David Talbott\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Symantec Core LC) -- File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_d76cf65.dll ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP)
SRV - (TabletService) -- C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
SRV - (ICDSPTSV) -- C:\WINDOWS\system32\IcdSptSv.exe (Sony Corporation)


========== Driver Services (SafeList) ==========

DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (epfw) -- C:\WINDOWS\system32\drivers\epfw.sys (ESET)
DRV - (Epfwndis) -- C:\WINDOWS\system32\drivers\epfwndis.sys (ESET)
DRV - (epfwtdi) -- C:\WINDOWS\system32\drivers\epfwtdi.sys (ESET)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (HP8207_8307Fltr) -- C:\WINDOWS\system32\drivers\HP8207_8307.sys (Hewlett-Packard)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174) -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys (Acronis)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman380) Acronis Snapshots Manager (Build 380) -- C:\WINDOWS\system32\DRIVERS\snman380.sys (Acronis)
DRV - (ArcCD) -- C:\WINDOWS\System32\drivers\ArcCD.sys (ArcSoft Inc.)
DRV - (USA19H) -- C:\WINDOWS\system32\drivers\USA19H2k.sys (Keyspan)
DRV - (Lvckap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (lvmvdrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (USA19H2KP) -- C:\WINDOWS\system32\drivers\USA19H2kp.sys (Keyspan)
DRV - (ArcUdfs) -- C:\WINDOWS\System32\drivers\ArcUdfs.sys (ArcSoft Inc.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam Fusion(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (usbvm328) -- C:\WINDOWS\system32\drivers\usbvm326.sys (Vimicro Corporation)
DRV - (vmfilter326) -- C:\WINDOWS\system32\drivers\vmfilter326.sys (Vimicro Corporation)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (pelusblf) -- C:\WINDOWS\system32\drivers\pelusblf.sys (Primax Electronics Ltd.)
DRV - (LVPrcMon) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys ()
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (pelmouse) -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS (Primax Electronics Ltd.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWATI) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (dot4ufd) -- C:\WINDOWS\system32\drivers\hppaufd0.sys (HP)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (DELTAFW) -- C:\WINDOWS\system32\drivers\deltafw.sys (Midiman/M-Audio)
DRV - (MAFWBOOT) Bootloader Service for M-Audio FW Driver (WDM) -- C:\WINDOWS\system32\drivers\mafwboot.sys (Midiman/M-Audio)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (ICDSX) Sony IC Recorder (SX) -- C:\WINDOWS\system32\drivers\IcdSX.sys (Sony Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (SMNDIS5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys (Smith Micro Software, Inc.)
DRV - (sonypvs1) -- C:\WINDOWS\system32\drivers\sonypvs1.sys (Sony Corporation)
DRV - (PenClass) -- C:\WINDOWS\System32\Drivers\PenClass.sys (Wacom Technology Corporation)
DRV - (Asapi) -- C:\WINDOWS\System32\drivers\asapi.sys (VOB Computersysteme GmbH)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 08:00:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/02/14 11:45:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/18 13:45:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/19 19:47:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/10 13:03:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/03/01 18:28:36 | 000,000,000 | ---D | M]

[2009/04/16 12:51:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Talbott\Application Data\Mozilla\Extensions
[2009/04/16 12:51:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Talbott\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/03/12 14:16:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Talbott\Application Data\Mozilla\Firefox\Profiles\butapy3w.default\extensions
[2010/04/27 10:56:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David Talbott\Application Data\Mozilla\Firefox\Profiles\butapy3w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/03 14:15:36 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\David Talbott\Application Data\Mozilla\Firefox\Profiles\butapy3w.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2010/11/15 12:29:58 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\David Talbott\Application Data\Mozilla\Firefox\Profiles\butapy3w.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/01/10 17:27:25 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\David Talbott\Application Data\Mozilla\Firefox\Profiles\butapy3w.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/04/15 19:16:23 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\David Talbott\Application Data\Mozilla\Firefox\Profiles\butapy3w.default\extensions\[email protected]
[2010/10/03 14:23:31 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Documents and Settings\David Talbott\Application Data\Mozilla\Firefox\Profiles\butapy3w.default\extensions\vshare@toolbar
[2011/03/10 13:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/10 13:03:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/11 07:09:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/09/07 10:27:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/04 00:30:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2011/02/18 11:28:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DAVID TALBOTT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BUTAPY3W.DEFAULT\EXTENSIONS\[email protected]
[2009/05/18 13:45:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/19 19:47:05 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2010/03/27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/10/26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2010/12/12 16:16:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/12/12 16:16:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/12/12 16:16:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/12/12 16:16:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/12/12 16:16:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/12/12 16:16:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/12/12 16:16:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/01/01 01:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 01:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/01 01:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 01:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 01:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/03/19 19:38:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Auto EPSON Stylus Photo R200 Series on nancy-xp] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DeleteLog] C:\WINDOWS\system32\oobe\DeleteLog.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\David Talbott\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\WINDOWS\DOWNLO~1\MyWebEx\419\mwmie.dll ()
O9 - Extra 'Tools' menuitem : Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\WINDOWS\DOWNLO~1\MyWebEx\419\mwmie.dll ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} http://www.symantec.com/techsupp/activedata/nprdtinf.cab (Reg Error: Key error.)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157047432984 (MUWebControl Class)
O16 - DPF: {86425144-8E97-41D5-8BCF-302812D44692} http://ravenas.razorstream.com/eve-service/objects/RSControl40.cab (RazorStreamControl.CaptureControl)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} https://install.cox.net/CoxSelfInstall/CoxSelfInstallAx10.ocx (CoxSelfInstallAx10 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} http://livewc01.custhelp.com/7560-b440h/rnl/java/RntX.cab (Live Collaboration)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\David Talbott\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David Talbott\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/03/20 11:44:43 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David Talbott\Desktop\OTL.exe
[2011/03/17 16:11:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Talbott\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/12 15:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/12 15:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/12 15:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/03/12 15:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/03/11 21:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Talbott\Desktop\gmer
[2011/03/10 12:27:50 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\David Talbott\Desktop\TDSSKiller.exe
[2011/03/09 19:29:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/03/09 19:12:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/09 19:06:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/09 19:06:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/09 19:06:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/09 19:06:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/09 19:06:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/09 19:06:17 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/03/09 19:03:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/09 15:12:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Talbott\Application Data\ErrorExpert
[2011/03/09 14:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Talbott\Desktop\Autoruns
[2011/03/07 10:56:43 | 000,109,744 | ---- | C] (ESET spol. s r.o.) -- C:\Documents and Settings\David Talbott\Desktop\ESETMerondOCleaner.exe
[2011/03/07 10:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Talbott\Desktop\stand alone eleven
[2011/03/07 10:47:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Talbott\Desktop\standalone ten
[2011/03/07 10:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Talbott\Desktop\standalone nine
[2011/03/07 10:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Talbott\Desktop\standalone eight
[2011/03/07 10:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Talbott\Desktop\standalone seven
[2011/03/07 10:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Talbott\Desktop\stanalone six
[2011/03/07 10:46:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Talbott\Desktop\standalone five
[2011/03/07 10:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Talbott\Desktop\stand alone four
[2011/03/07 10:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Talbott\Desktop\stand alone three
[2011/03/07 10:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Talbott\Desktop\standalone 2
[2011/03/07 10:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Talbott\Desktop\standalone one
[2011/03/07 10:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Talbott\Desktop\2ESET Support Case Update 661722 - browser(s) hijacked_files
[2011/03/04 13:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Talbott\Application Data\SUPERAntiSpyware.com
[2011/03/04 13:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/03/04 13:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/03/04 13:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/03/04 13:32:34 | 010,589,368 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\David Talbott\Desktop\superantispyware.exe
[2011/03/04 13:22:00 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\David Talbott\Desktop\mbam-setup.exe
[2011/03/04 13:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Talbott\Application Data\Malwarebytes
[2011/03/04 13:02:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/04 13:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/04 13:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/04 13:01:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/04 13:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/04 12:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Talbott\Desktop\ESET Support Case Update 661722 - browser(s) hijacked_files
[2011/03/03 20:33:36 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/03/03 14:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\ESET
[2011/03/02 20:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/03/02 11:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Talbott\My Documents\clients
[2011/03/01 19:02:29 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/03/01 19:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Talbott\Local Settings\Application Data\Sunbelt Software
[2011/03/01 18:57:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{48F52499-ADE3-4774-9621-FB173785947D}
[2011/03/01 18:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/03/01 18:47:15 | 123,540,208 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\David Talbott\Desktop\Ad-Aware90Install2011-02-28.exe
[2011/03/01 18:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011/02/18 15:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Talbott\Application Data\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[8 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[65 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/20 11:44:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Talbott\Desktop\OTL.exe
[2011/03/20 11:38:23 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\Microsoft Office Outlook 2007.lnk
[2011/03/20 11:33:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/20 11:33:36 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2011/03/20 11:33:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/20 11:33:04 | 2145,636,352 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/19 19:38:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/19 19:18:11 | 004,297,371 | R--- | M] () -- C:\Documents and Settings\David Talbott\Desktop\Comfix.exe
[2011/03/19 18:50:40 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\tdsskiller.zip
[2011/03/18 19:46:51 | 000,004,782 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2011/03/18 19:46:51 | 000,003,470 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2011/03/18 11:49:44 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\David Talbott\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/03/18 09:59:57 | 000,034,916 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\screenshot-tmp.jpg
[2011/03/16 09:13:14 | 000,513,426 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/16 09:13:14 | 000,097,960 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/15 11:23:48 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\DVDVideoSoft Free Studio.lnk
[2011/03/15 11:23:29 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\Free YouTube to MP3 Converter.lnk
[2011/03/13 20:40:01 | 000,236,688 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\reg-suspicious3.jpg
[2011/03/13 15:32:00 | 000,012,255 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\reg-suspicious2.jpg
[2011/03/13 15:30:47 | 000,012,660 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\reg-suspicious1.jpg
[2011/03/12 17:58:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\David Talbott\defogger_reenable
[2011/03/12 15:35:43 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/12 15:22:40 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/03/12 15:22:40 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\David Talbott\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/03/11 21:28:31 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\gmer.zip
[2011/03/11 21:25:25 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\dds.scr
[2011/03/11 17:02:58 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\Defogger.exe
[2011/03/10 14:05:30 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\David Talbott\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/10 13:16:16 | 000,002,356 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\Google Chrome.lnk
[2011/03/10 13:03:57 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\David Talbott\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/10 13:03:57 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\David Talbott\Desktop\TDSSKiller.exe
[2011/03/10 08:24:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/03/09 20:24:06 | 000,046,310 | ---- | M] () -- C:\Documents and Settings\David Talbott\My Documents\lindsey fireman's ball.jpg
[2011/03/09 19:12:44 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/03/09 19:01:13 | 004,284,346 | R--- | M] () -- C:\Documents and Settings\David Talbott\Desktop\ComboFix.exe
[2011/03/09 14:11:17 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2726773567-1998073907-1882516597-1005UA.job
[2011/03/09 14:11:17 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2726773567-1998073907-1882516597-1005Core.job
[2011/03/09 14:11:16 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/09 14:11:16 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/09 14:11:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/03/09 14:11:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/09 14:11:05 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-DTALBOTT-David Talbott.job
[2011/03/09 14:10:58 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/03/08 21:10:15 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/07 15:45:39 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/07 15:35:56 | 000,013,945 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\eset cl scan log.rtf
[2011/03/07 12:04:55 | 000,000,324 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\DisableAutorun.reg
[2011/03/07 10:56:26 | 000,109,744 | ---- | M] (ESET spol. s r.o.) -- C:\Documents and Settings\David Talbott\Desktop\ESETMerondOCleaner.exe
[2011/03/07 10:37:38 | 000,959,581 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\advanced-cleanup.exe
[2011/03/07 10:32:26 | 000,144,012 | ---- | M] () -- C:\Documents and Settings\David Talbott\My Documents\metlife group claim form.pdf
[2011/03/07 10:27:45 | 000,109,068 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\2ESET Support Case Update 661722 - browser(s) hijacked.htm
[2011/03/07 08:17:42 | 000,012,836 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\3501362225
[2011/03/07 08:17:41 | 000,012,836 | ---- | M] () -- C:\Documents and Settings\David Talbott\Local Settings\Application Data\3501362225
[2011/03/06 18:59:34 | 000,217,537 | ---- | M] () -- C:\Documents and Settings\David Talbott\My Documents\metlife check001.jpg
[2011/03/05 17:33:25 | 000,001,569 | ---- | M] () -- C:\Documents and Settings\David Talbott\My Documents\mike and sharks two.sonic
[2011/03/05 16:53:27 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\David Talbott\My Documents\mike and sharks sources 1.sonic
[2011/03/04 14:37:36 | 000,026,488 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\bogus warning.jpg
[2011/03/04 14:19:12 | 000,007,930 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\AdvancedResults.zip
[2011/03/04 13:34:07 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/04 13:32:35 | 010,589,368 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\David Talbott\Desktop\superantispyware.exe
[2011/03/04 13:22:00 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\David Talbott\Desktop\mbam-setup.exe
[2011/03/04 13:02:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/04 12:57:18 | 000,001,245 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\install_mrt.exe
[2011/03/04 12:10:23 | 000,959,581 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\first-advanced-cleanup.exe
[2011/03/04 12:06:53 | 000,077,600 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\ESET Support Case Update 661722 - browser(s) hijacked.htm
[2011/03/04 00:22:34 | 000,374,196 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\BasicResults.zip
[2011/03/03 16:06:21 | 000,951,394 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\basic-cleanup.exe
[2011/03/02 20:26:56 | 000,712,032 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/03/02 20:24:31 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\sdsetup[1].exe
[2011/03/02 14:14:09 | 000,310,801 | ---- | M] () -- C:\Documents and Settings\David Talbott\My Documents\2011-03-02.pdf
[2011/03/01 19:02:28 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/03/01 18:57:03 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\David Talbott\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/03/01 18:57:03 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/03/01 18:55:09 | 123,540,208 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\David Talbott\Desktop\Ad-Aware90Install2011-02-28.exe
[2011/03/01 17:21:25 | 048,753,152 | ---- | M] () -- C:\Documents and Settings\David Talbott\Desktop\ess_nt32_enu.msi
[2011/02/28 03:10:41 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/02/22 11:26:30 | 000,000,437 | ---- | M] () -- C:\Documents and Settings\David Talbott\My Documents\ChatLog Market Research Phase 2 2011_02_22 10_26.rtf
[2011/02/21 21:38:49 | 000,098,228 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/21 15:33:15 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/02/18 17:36:58 | 004,184,352 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2011/02/18 15:29:50 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk
[8 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[65 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/19 19:18:01 | 004,297,371 | R--- | C] () -- C:\Documents and Settings\David Talbott\Desktop\Comfix.exe
[2011/03/19 18:50:46 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\tdsskiller.zip
[2011/03/18 09:59:57 | 000,034,916 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\screenshot-tmp.jpg
[2011/03/13 20:39:55 | 000,236,688 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\reg-suspicious3.jpg
[2011/03/13 15:31:59 | 000,012,255 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\reg-suspicious2.jpg
[2011/03/13 15:30:46 | 000,012,660 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\reg-suspicious1.jpg
[2011/03/12 17:58:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\David Talbott\defogger_reenable
[2011/03/12 15:35:43 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/12 15:22:40 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/03/12 15:22:40 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/03/11 21:28:36 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\gmer.zip
[2011/03/11 21:25:31 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\dds.scr
[2011/03/11 17:03:04 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\Defogger.exe
[2011/03/11 11:15:44 | 000,002,356 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\Google Chrome.lnk
[2011/03/10 13:03:57 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/10 08:05:59 | 2145,636,352 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/09 20:24:06 | 000,046,310 | ---- | C] () -- C:\Documents and Settings\David Talbott\My Documents\lindsey fireman's ball.jpg
[2011/03/09 19:12:44 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/03/09 19:12:40 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/09 19:06:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/09 19:06:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/09 19:06:29 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/09 19:06:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/09 19:06:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/09 19:01:13 | 004,284,346 | R--- | C] () -- C:\Documents and Settings\David Talbott\Desktop\ComboFix.exe
[2011/03/07 12:43:13 | 000,013,945 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\eset cl scan log.rtf
[2011/03/07 12:08:01 | 000,000,324 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\DisableAutorun.reg
[2011/03/07 10:37:34 | 000,959,581 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\advanced-cleanup.exe
[2011/03/07 10:32:26 | 000,144,012 | ---- | C] () -- C:\Documents and Settings\David Talbott\My Documents\metlife group claim form.pdf
[2011/03/07 10:27:45 | 000,109,068 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\2ESET Support Case Update 661722 - browser(s) hijacked.htm
[2011/03/06 19:16:31 | 000,012,836 | ---- | C] () -- C:\Documents and Settings\David Talbott\Local Settings\Application Data\3501362225
[2011/03/06 19:16:31 | 000,012,836 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3501362225
[2011/03/06 18:59:33 | 000,217,537 | ---- | C] () -- C:\Documents and Settings\David Talbott\My Documents\metlife check001.jpg
[2011/03/05 16:55:51 | 000,001,569 | ---- | C] () -- C:\Documents and Settings\David Talbott\My Documents\mike and sharks two.sonic
[2011/03/05 14:41:43 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\DVDVideoSoft Free Studio.lnk
[2011/03/05 14:41:32 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\Free YouTube to MP3 Converter.lnk
[2011/03/05 14:29:05 | 000,002,495 | ---- | C] () -- C:\Documents and Settings\David Talbott\My Documents\mike and sharks sources 1.sonic
[2011/03/05 13:31:00 | 001,394,812 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\wtfirst-advanced.exe
[2011/03/05 13:31:00 | 000,135,168 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\zip.exe
[2011/03/05 13:31:00 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\advanced.ini
[2011/03/04 14:37:35 | 000,026,488 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\bogus warning.jpg
[2011/03/04 14:19:12 | 000,007,930 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\AdvancedResults.zip
[2011/03/04 13:34:07 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/04 13:02:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/04 12:57:18 | 000,001,245 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\install_mrt.exe
[2011/03/04 12:10:27 | 000,959,581 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\first-advanced-cleanup.exe
[2011/03/04 12:06:53 | 000,077,600 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\ESET Support Case Update 661722 - browser(s) hijacked.htm
[2011/03/04 00:22:34 | 000,374,196 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\BasicResults.zip
[2011/03/03 16:06:14 | 000,951,394 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\basic-cleanup.exe
[2011/03/03 15:41:09 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\David Talbott\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/03/02 20:26:30 | 000,712,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/03/02 20:24:31 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\sdsetup[1].exe
[2011/03/02 14:14:09 | 000,310,801 | ---- | C] () -- C:\Documents and Settings\David Talbott\My Documents\2011-03-02.pdf
[2011/03/01 19:37:14 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/03/01 19:09:50 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/03/01 18:57:03 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\David Talbott\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/03/01 18:57:03 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/03/01 17:08:13 | 048,753,152 | ---- | C] () -- C:\Documents and Settings\David Talbott\Desktop\ess_nt32_enu.msi
[2011/02/23 13:02:32 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-DTALBOTT-David Talbott.job
[2011/02/22 11:26:30 | 000,000,437 | ---- | C] () -- C:\Documents and Settings\David Talbott\My Documents\ChatLog Market Research Phase 2 2011_02_22 10_26.rtf
[2011/02/03 00:37:11 | 001,434,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/30 00:48:36 | 000,086,016 | RHS- | C] () -- C:\WINDOWS\System32\hticonsq.dll
[2011/01/30 00:48:36 | 000,086,016 | RHS- | C] () -- C:\WINDOWS\System32\freecellz.dll
[2010/09/09 18:35:18 | 000,000,252 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2010/09/09 18:35:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TabUnst.dll
[2010/09/09 18:35:17 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\wintab.dll
[2010/09/09 18:34:01 | 000,013,408 | ---- | C] () -- C:\WINDOWS\System32\tabinst.dll
[2010/09/09 18:34:01 | 000,004,032 | ---- | C] () -- C:\WINDOWS\System32\tabins16.dll
[2010/09/08 19:54:03 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\k19hinst.dll
[2010/09/01 20:54:06 | 000,001,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/08/21 16:59:22 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\David Talbott\Application Data\winscp.rnd
[2010/03/17 13:09:03 | 000,008,596 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2010/03/17 13:09:03 | 000,000,229 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2010/03/17 13:08:40 | 000,153,916 | ---- | C] () -- C:\WINDOWS\PMUninst.ini
[2010/03/17 13:08:40 | 000,055,664 | ---- | C] () -- C:\WINDOWS\System32\KST_SiXX.ini
[2010/03/17 13:08:40 | 000,000,554 | ---- | C] () -- C:\WINDOWS\xUninstEx.ini
[2010/03/17 13:08:40 | 000,000,162 | ---- | C] () -- C:\WINDOWS\xUninst.ini
[2010/03/17 13:08:36 | 000,647,168 | ---- | C] () -- C:\WINDOWS\System32\HPBDO.DLL
[2010/03/17 13:08:36 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\HPWHEEL.DLL
[2009/12/26 13:01:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/12/26 12:56:44 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/10/23 16:37:02 | 000,098,228 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/29 18:46:56 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/09/29 18:46:56 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/07/22 15:50:55 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/04/16 12:51:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/28 11:40:19 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/02 21:04:38 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/09/21 18:35:53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/11 10:54:24 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2008/08/28 10:25:55 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/19 09:32:53 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2008/04/28 17:00:41 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/03/10 11:51:46 | 000,164,296 | ---- | C] () -- C:\WINDOWS\Subliminal Desktop Pro Uninstaller.exe
[2008/01/14 21:46:56 | 000,000,141 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/10/15 12:02:01 | 000,069,454 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2007/10/15 12:02:01 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2007/10/11 19:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/24 17:06:19 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw54.bin
[2007/07/13 15:06:17 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2007/07/13 15:04:53 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/03/29 19:25:16 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\mafwTray.exe
[2007/03/29 18:49:58 | 000,118,784 | ---- | C] () -- C:\WINDOWS\dsdxirmv.exe
[2007/01/16 21:39:09 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/01/12 08:39:41 | 000,001,377 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/29 09:57:53 | 000,030,365 | ---- | C] () -- C:\Documents and Settings\David Talbott\Application Data\Comma Separated Values (Windows).ADR
[2006/12/11 21:12:27 | 000,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/12/11 20:55:21 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2006/12/11 20:53:24 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
[2006/12/10 17:59:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\setupfilter.exe
[2006/11/28 17:11:42 | 000,038,515 | ---- | C] () -- C:\Documents and Settings\David Talbott\Application Data\Microsoft Excel.ADR
[2006/10/14 02:21:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2006/10/13 16:53:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2006/10/13 16:53:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
[2006/09/27 22:26:34 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hpclj3600g.ini
[2006/09/27 22:24:49 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hpclj3600m.ini
[2006/09/20 21:14:16 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT
[2006/09/07 16:11:09 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2006/09/01 10:08:08 | 000,038,484 | ---- | C] () -- C:\Documents and Settings\David Talbott\Application Data\Tab Separated Values (Windows).ADR
[2006/08/10 21:42:23 | 000,000,459 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/08/10 21:42:23 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/08/10 21:42:23 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/08/10 21:41:17 | 000,001,208 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006/08/10 21:41:17 | 000,000,147 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006/08/10 21:41:17 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf05a.dat
[2006/08/10 21:40:41 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2006/08/10 21:34:29 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/07/03 10:33:51 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\David Talbott\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/22 21:25:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/19 20:29:21 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\David Talbott\Local Settings\Application Data\fusioncache.dat
[2006/05/23 17:25:56 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/02/16 08:40:40 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/02/16 08:38:52 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/02/16 08:38:52 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/02/16 08:24:27 | 000,000,225 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/02/16 08:06:26 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/16 07:59:53 | 000,087,275 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2005/12/09 16:37:42 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/12/02 03:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/08 10:49:00 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/08/17 10:39:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/17 10:39:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/17 10:21:10 | 000,513,426 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/17 10:21:10 | 000,097,960 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/17 10:21:06 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/17 10:03:56 | 003,730,344 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/17 09:58:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/17 09:53:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 22:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 12:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2002/12/24 16:30:14 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2002/05/28 14:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 14:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2002/02/19 22:52:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VFWAVSplitterInternal10.dll
[2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/03/11 11:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/01/13 20:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008/05/24 15:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/11/30 19:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BSD
[2010/08/24 10:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2006/10/22 17:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CardScan
[2006/11/15 09:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/02/24 14:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/09/01 20:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2008/03/08 12:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007/12/24 16:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2006/02/16 08:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/11/19 14:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickMediaConverter
[2011/03/17 15:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/02/02 21:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/04/07 10:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/01/01 11:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/03/02 20:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/12/31 21:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/03/11 11:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/05/22 12:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/21 16:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/07/07 14:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/01 18:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{48F52499-ADE3-4774-9621-FB173785947D}
[2009/10/13 12:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/08 08:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/12/26 21:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\acccore
[2009/10/18 14:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\Acronis
[2009/11/19 14:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\Actecom
[2010/11/16 22:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\Amazon
[2008/06/29 23:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\Azureus
[2009/07/22 16:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\Blackberry Desktop
[2009/10/08 17:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\BNeReader
[2010/11/30 19:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\BSD
[2007/03/29 19:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\Cakewalk
[2006/10/22 11:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\CardScan
[2011/03/17 16:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/07/31 13:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\Clone2Go Video Converter Free Version
[2010/04/28 23:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1
[2006/10/22 13:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\Corex
[2008/12/10 15:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\CoxFastConnect20
[2008/08/30 16:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\DNA
[2011/02/17 20:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\DVDVideoSoftIEHelpers
[2007/09/24 17:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\EPSON
[2011/03/09 15:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\ErrorExpert
[2009/02/24 14:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\ESET
[2010/11/30 19:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\GetRightToGo
[2006/07/03 11:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\GlobalSCAPE
[2006/07/17 19:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\Leadertech
[2006/07/10 14:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\LinkedIn
[2008/01/14 22:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\Netscape
[2006/09/05 09:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\Nikon
[2006/09/06 21:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\Opera
[2011/02/02 21:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\Research In Motion
[2011/02/18 15:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2010/09/01 15:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\Roni Music
[2006/09/29 15:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\Smith Micro
[2010/05/20 15:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\TechSmith
[2008/04/28 17:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\TrojanHunter
[2006/12/31 21:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\Ulead Systems
[2010/02/06 19:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\Windows Desktop Search
[2010/04/15 16:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Talbott\Application Data\Windows Search
[2011/03/09 14:10:58 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


HERE IS SECOND LOG


OTL Extras logfile created on: 3/20/2011 12:03:25 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\David Talbott\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 121.15 Gb Free Space | 40.64% Space Free | Partition Type: NTFS

Computer Name: DTALBOTT | User Name: David Talbott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"1044:TCP" = 1044:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\BearShare\BearShare.exe" = C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare -- (Free Peers, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\FileZilla\FileZilla.exe" = C:\Program Files\FileZilla\FileZilla.exe:*:Enabled:FileZilla -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01979CA0-B550-47D0-AD16-553B2C3FCF97}" = Auction Sentry Deluxe
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03942BA2-F630-437B-BE9D-A51086EA8728}" = MusicSafe
"{054C3038-FFAC-446D-9682-E25891DC2E05}" = QuickBooks Product Listing Service
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06053AB3-B607-B752-3252-4A2EA9E9761E}" = CCC Help Dutch
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{084709F7-38C5-4609-B55F-2417939315EB}" = Adobe Premiere Pro
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0B4A8658-43F1-50CA-AF30-C67E3AE2C9ED}" = CCC Help Greek
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CC61470-D776-2353-D5CB-C7BC20204863}" = CCC Help Finnish
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{12655AB3-9285-A2F0-5BBC-C5C45E4D718C}" = CCC Help Czech
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}" = HP Driver Diagnostics
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1AB80D06-778A-480C-A563-A2CF059FD4EB}" = ArcSoft MediaImpression for Kodak
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24700C01-3A72-29D4-001B-6EE6BF71EB5E}" = CCC Help Korean
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26262388-95BF-58B0-CD46-A8F957BB67BF}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 24
"{27525601-6772-407E-89C5-B58F492A5166}" = Send Personally
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2DFA6BF1-1AA1-43A3-B18D-64C9760BFF2F}" = HP Mouse Suite
"{2E97DE76-851A-48AA-A0D6-665860FAD9CA}" = Keyspan USB Serial Adapter
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{329376FB-FB6C-C587-F483-07E3418456F5}" = ccc-utility
"{335B1821-D274-4EFD-9EFE-3C0FD38EBE65}" = BN eReader
"{33A38A8B-9E1E-BCBB-EA87-CE797EC75080}" = CCC Help Chinese Traditional
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{369EEB32-64D1-F22A-1B2C-A3E81582E767}" = CCC Help Japanese
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = AcronisTrueImageHome
"{38D80A4C-D893-4985-BA3F-0B1D9E848CED}" = ESET Smart Security
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3FCD8F30-057D-C96F-AEF4-B0D77DE9730C}" = CCC Help Portuguese
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{45B914D8-DE1C-4004-9B47-13E013841739}" = BlackBerry Web Tool for DST 2007 Device Updates
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.0
"{461073BF-9642-4A73-B58E-157358D412AB}" = 6200
"{46605BDE-7F82-DB0F-7906-3279A7E639BE}" = Catalyst Control Center Localization All
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{480A8E00-D808-7D79-977B-CEBBB3BEB409}" = CCC Help French
"{48AFBB60-8CF5-4605-BB04-704DD8702B80}" = VZAccess Manager for RIM
"{48C7FD10-D6AD-8EE0-2E8E-0480C4EEB1BD}" = Catalyst Control Center HydraVision Full
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{4E10E7FC-36CD-4C22-AC20-9E15692E8C2F}" = Virtual Sound Canvas DXi
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.42
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5CA7ABC3-5F89-3A1D-A113-046EA4C7FCEB}" = ccc-core-static
"{5EC786D5-C0CA-42E0-AF88-5379EF9D91EC}" = First Step Guide
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6518675B-CC8D-4AB3-A3F6-CC02FF6548D7}" = 6200_Help
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Wizard 3.0
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{6F77AD48-BA04-F868-2D04-FC1BFF5E00BA}" = Catalyst Control Center Graphics Light
"{71009363-B52E-4E12-8CB1-B53D05F710BD}" = MyFax SendFax Outlook Plug-In
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72A819E7-4146-B9EA-1292-C4A77F657B4E}" = eBay Desktop
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788907C5-C83B-9785-A1F0-67050017324E}" = CCC Help Spanish
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1
"{7F5F1767-88C6-CBFC-5DD3-D853343FD5AE}" = CCC Help German
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{84DE3702-3262-BE38-27E8-5ED423D803C6}" = CCC Help Chinese Standard
"{85BCA736-A0F4-448E-9BC1-6EA08693E10B}" = HP Image Zone Express
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A3E7E93-7749-4D37-8975-75BEB9A47ECC}" = CardScan 8.0.5
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 TBYB
"{8F41F431-071E-5B44-2EEE-5C51173D6498}" = MozyHome
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92CFE459-E641-4293-8884-83FB2B97FDFC}" = Firewire Family
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{95053B5A-42E0-830E-85BD-733FAFC28BA7}" = ccc-core-preinstall
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B40D533-4F38-893D-EE5A-17226104BBC2}" = Skins
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A08CB73B-5DEA-185D-5D98-2230004D75ED}" = CCC Help Danish
"{A22D91C3-E7BD-CBEE-7CDC-DE4C42FA27B7}" = CCC Help Hungarian
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.8
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{AD0DD974-ADC2-8C10-DFA6-C1203A6E5106}" = CCC Help Polish
"{B014F739-B305-5319-D996-6612BD60ED74}" = CCC Help Swedish
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B6D69E59-AE82-4CD0-AD12-847949620AC1}" = BlackBerry v4.1.0 for the 7130e Series Wireless Device
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C3F81504-72F3-4262-9449-487404DA75BB}" = 6200Trb
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C570CAF4-D734-5412-C842-9AB150803074}" = Catalyst Control Center Core Implementation
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}" = Sibelius Scorch (ActiveX Only)
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 F2
"{D01F5B2C-2776-6C46-441C-E819C08DF4FF}" = CCC Help Turkish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.2
"{D17A2FDC-5C16-439C-A0E1-FF350079447E}" = HP User Guides 0026
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCA53F-F568-D08A-458F-F7C9769A30ED}" = CCC Help Norwegian
"{D89B70AB-CF91-36A4-8658-FACA3AF6A654}" = Catalyst Control Center Graphics Previews Common
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEBD63AC-C256-4237-A6C9-D166CF456422}" = PDF2Office v2.5
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF1274DC-02D4-B2D7-6197-5D24E1EF84B1}" = CCC Help Thai
"{E000D42E-5842-20A6-EEB1-6DED8C2746C5}" = CCC Help Italian
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E7679B31-21F5-4AAE-1620-0DFACF702325}" = Catalyst Control Center Graphics Full New
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EED52BB5-3A22-42F2-9B76-BB743F6739B7}" = HP Color LaserJet 3600
"{F0AE7C9A-C253-4CB2-BB6C-1445749DCE4D}" = WebEx MeetMeNow
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F83491F9-7CDF-46A7-9994-9E002CE5CE75}" = CCC Help Russian
"{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}" = ImageMixer VCD2
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FDE409B1-1FF3-DC39-083E-C0F4ED496D5E}" = CCC Help English
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"074EEF5F-3BE8-4112-B253-C5D6CDE2924C" = Zuma Deluxe from Hewlett-Packard Laptops (remove only)
"0E5266B4-9069-401A-93AE-5FF9F1712016" = Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
"103EFD47-9F2C-4490-95DD-AE6C442AFB92" = SCRABBLE from Hewlett-Packard Laptops (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86" = Tradewinds from Hewlett-Packard Laptops (remove only)
"320F055A-570F-4335-B026-16A836DB9549" = Final Drive Nitro from Hewlett-Packard Laptops (remove only)
"382C11F0-1A18-4F76-B8E0-15CA7F209C22" = Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
"384E0BF4-1E1F-45A6-B60E-42144A3F15CD" = Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
"4C061F83-EE92-445A-A03F-184B0BD59242" = Jewel Quest from Hewlett-Packard Laptops (remove only)
"5658FB14-16A4-4DAE-946B-1457BE31572E" = Boggle Supreme from Hewlett-Packard Laptops (remove only)
"5758A0E8-A112-4A1D-82EC-EC72F7F16B88" = Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
"5DE4D54F-AA79-43A4-9C8A-C173E7E2B025" = 5 Card Slingo from Hewlett-Packard Laptops (remove only)
"6E377D95-DF37-4E67-B64B-68C314600BCB" = Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
"6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89" = FATE from Hewlett-Packard Laptops (remove only)
"7948472C-423F-4134-B68F-48D660A05D71" = Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
"7A940E33-6993-404B-ABA6-ED62E8FBE615" = Bounce Symphony from Hewlett-Packard Laptops (remove only)
"7ED8A70C-9597-40BE-AEA0-0573182F1F51" = Super Granny from Hewlett-Packard Laptops (remove only)
"7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54" = Polar Bowler from Hewlett-Packard Laptops (remove only)
"9F3399B2-9ED6-4339-84A2-686432638B86" = Blasterball 2 from Hewlett-Packard Laptops (remove only)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AIM_6" = AIM 6
"Akamai" = Akamai NetSession Interface
"All ATI Software" = ATI - Software Uninstall Utility
"Amazing Slow Downer" = Amazing Slow Downer (remove only)
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"ASAPI Update" = ASAPI Update
"ATI Display Driver" = ATI Display Driver
"AudibleDownloadManager" = Audible Download Manager
"Azureus Vuze" = Azureus Vuze
"B0202B33-E73D-4FCD-AC88-0B2971AFC116" = Slyder from Hewlett-Packard Laptops (remove only)
"B0769D17-E72A-4E87-A83F-1F7A3F080008" = Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
"B3EC2608F8BC019ECB3AF1F39B0CFB2735168ED2" = Windows Driver Package - Hewlett-Packard (HidUsb) HIDClass (10/07/2009 1.00)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BearShare" = BearShare
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"C264D692-8E15-4141-96A2-5621332E5DD0" = Slingo Deluxe from Hewlett-Packard Laptops (remove only)
"Cakewalk VST Adapter 4" = Cakewalk VST Adapter 4
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Clone2Go Video Converter Free Version_is1" = Clone2Go Video Converter Free Version 1.8.5
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1" = eBay Desktop
"D2E44AA4-8665-4490-A6C9-2D0744B47B27" = Polar Golfer from Hewlett-Packard Laptops (remove only)
"DED8E2B5-BA9F-448F-84E8-0AEF79876F95" = Snowboard SuperJam
"Digsby" = Digsby
"DreamStation DXi2" = DreamStation DXi2
"DVDFab HD Decrypter_is1" = DVDFab HD Decrypter 3.2.0.0
"E332F38A-75F6-4EF2-88CC-246E8A1CB5D7" = Oasis from Hewlett-Packard Laptops (remove only)
"E76A7EFF-7758-49EE-B3FA-9699830A2D6B" = Mah Jong Quest from Hewlett-Packard Laptops (remove only)
"E90E3AE9-73E4-4E5C-BB0F-673989A808D0" = Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
"E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2" = Crystal Maze from Hewlett-Packard Laptops (remove only)
"EF860173-4FB7-4DE1-8BE8-5400F05A0DC5" = Puzzle Express from Hewlett-Packard Laptops (remove only)
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"F2566CC2-D4C4-44ED-A838-3F8288D8D3FE" = Flip Words from Hewlett-Packard Laptops (remove only)
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileZilla" = FileZilla (remove only)
"FLVPlayer" = FLV Player 1.3.3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.34.305
"Google Updater" = Google Updater
"GoogleVideoPlayer" = Google Video Player
"HaaliMkx" = Haali Media Splitter
"HP Color LaserJet 3600" = HP Color LaserJet 3600
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Wizard 3.0
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"KeepV Flash Converter_is1" = KeepV Flash Converter
"legacyqcam_10.51" = Logitech Legacy USB Camera Driver Package
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MouseSuite98" = Mouse Suite
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"Polipo" = Polipo 1.0.4.1
"PROR" = Microsoft Office Professional 2007
"RAR Password Cracker" = RAR Password Cracker 4.12
"RealAlt_is1" = Real Alternative 1.50
"Replay Media Catcher 3.0" = Replay Media Catcher 3.0
"SONAR 3 Producer Edition" = SONAR 3 Producer Edition
"Sony Digital Voice Editor 2" = Sony Digital Voice Editor 2
"Steinberg WaveLab v4.00c" = Steinberg WaveLab v4.00c
"Subliminal Desktop Pro" = Subliminal Desktop Pro
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tor" = Tor 0.2.1.26
"Uninstall_is1" = Uninstall 1.0.0.1
"Vidalia" = Vidalia 0.2.9
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wacom Tablet Driver" = Wacom Tablet Driver
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.8
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"aaa" = aaa
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/19/2011 1:33:53 PM | Computer Name = DTALBOTT | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

Error - 3/19/2011 4:15:51 PM | Computer Name = DTALBOTT | Source = Application Error | ID = 1000
Description = Faulting application bearshare.exe, version 5.2.5.3, faulting module
bearshare.exe, version 5.2.5.3, fault address 0x00297e80.

Error - 3/19/2011 5:19:28 PM | Computer Name = DTALBOTT | Source = Application Error | ID = 1000
Description = Faulting application bearshare.exe, version 5.2.5.3, faulting module
bearshare.exe, version 5.2.5.3, fault address 0x00297e80.

Error - 3/19/2011 8:49:51 PM | Computer Name = DTALBOTT | Source = Application Error | ID = 1000
Description = Faulting application bearshare.exe, version 5.2.5.3, faulting module
bearshare.exe, version 5.2.5.3, fault address 0x00297e80.

Error - 3/19/2011 10:36:23 PM | Computer Name = DTALBOTT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 3/20/2011 5:17:12 AM | Computer Name = DTALBOTT | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 3816 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 3/20/2011 5:17:12 AM | Computer Name = DTALBOTT | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

Error - 3/20/2011 2:33:45 PM | Computer Name = DTALBOTT | Source = Application Error | ID = 1000
Description = Faulting application Tablet.exe, version 4.7.8.6, faulting module
Tablet.exe, version 4.7.8.6, fault address 0x0003f97d.

Error - 3/20/2011 2:35:11 PM | Computer Name = DTALBOTT | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 3932 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 3/20/2011 2:35:11 PM | Computer Name = DTALBOTT | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

[ OSession Events ]
Error - 2/6/2010 9:52:23 PM | Computer Name = DTALBOTT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 178
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/5/2010 2:44:22 AM | Computer Name = DTALBOTT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 48932
seconds with 900 seconds of active time. This session ended with a crash.

Error - 8/23/2010 4:15:40 PM | Computer Name = DTALBOTT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 19890
seconds with 1680 seconds of active time. This session ended with a crash.

Error - 9/21/2010 8:32:57 PM | Computer Name = DTALBOTT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31670
seconds with 2760 seconds of active time. This session ended with a crash.

Error - 1/17/2011 10:40:14 PM | Computer Name = DTALBOTT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1261
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/19/2011 10:36:43 PM | Computer Name = DTALBOTT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/19/2011 10:36:46 PM | Computer Name = DTALBOTT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/19/2011 10:36:49 PM | Computer Name = DTALBOTT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/19/2011 10:36:53 PM | Computer Name = DTALBOTT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/20/2011 5:17:10 AM | Computer Name = DTALBOTT | Source = Service Control Manager | ID = 7022
Description = The TabletService service hung on starting.

Error - 3/20/2011 2:35:08 PM | Computer Name = DTALBOTT | Source = Service Control Manager | ID = 7022
Description = The TabletService service hung on starting.

Error - 3/20/2011 2:36:30 PM | Computer Name = DTALBOTT | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service iPod Service
with arguments "-Service" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 3/20/2011 2:36:49 PM | Computer Name = DTALBOTT | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the iPod Service service
to connect.

Error - 3/20/2011 2:36:49 PM | Computer Name = DTALBOTT | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%1053

Error - 3/20/2011 2:36:49 PM | Computer Name = DTALBOTT | Source = Service Control Manager | ID = 7034
Description = The TabletService service terminated unexpectedly. It has done this
1 time(s).


< End of report >

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:06 PM

Posted 20 March 2011 - 07:52 PM

Rerun OTL, as shown. This is just a clean up there is no malware deletion here.

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
BHO: AutorunsDisabled - No File
BHO: SkypeIEPluginBHO - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Please run ESET next

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#11 bassman1966

bassman1966
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 20 March 2011 - 08:54 PM

OK, I ran OTL fix. This is the log:

========== OTL ==========
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.22.3 log created on 03202011_183755




Then I downloaded and ran the online ESET scanner. It recognized that I already have ESET installed. I have run scans with my ESET before, and it could not find anything. I ran the online scan anyway and it did not find any threats, so there is nothing I can send you.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:06 PM

Posted 21 March 2011 - 04:07 PM

Looks good, let's check for the aaa folder

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :folderfind
    aaa
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#13 bassman1966

bassman1966
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 21 March 2011 - 11:57 PM

OK, ran SystemLook. Here is the log:

SystemLook 04.09.10 by jpshortstuff
Log created at 21:40 on 21/03/2011 by David Talbott
Administrator - Elevation successful

========== folderfind ==========

Searching for "aaa"
No folders found.

-= EOF =-

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:06 PM

Posted 22 March 2011 - 05:08 PM

Is the aaa program still in add/remove programs?
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#15 bassman1966

bassman1966
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 22 March 2011 - 08:03 PM

Yes, it is still there.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users