Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bagle infection, I'm told


  • This topic is locked This topic is locked
27 replies to this topic

#1 podo

podo

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 31 January 2009 - 01:09 PM

Mod. edit. Referred her from: http://www.bleepingcomputer.com/forums/t/197337/a-laundry-list-of-windows-xp-problems/ ~ OB

My computer runs VERY slowly, taking about an hour to boot up. The screen icons are painted in short bursts, so that perhaps four icons are painted, followed by a 2 minute delay, then four more, etc. Once the computer is fully booted, programs load off the taskbar or off the screen icons with agonizing slowness, although minimized programs load quickly off the task manager (but not the taskbar). Windows explorer takes forever: the explore menu appears 2 minutes after the Start Button is pressed, and then the explore tree appears (in part) after another two minutes. Additional pieces of the explore tree appear in short bursts until eventually the whole tree can be explored.

Also: A VBScript program that was part of SmitFraudFix gave a runtime error: ActiveX component can't create object:'GetObject'

An excellent helper at BleepingComputer says I have a Bagle virus...

Here is the DDS file...

DDS (Ver_09-01-19.01) - NTFSx86
Run by Peter at 12:32:54.46 on Sat 01/31/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.my.att.net
uInternet Settings,ProxyServer = http=localhost:8080
uInternet Settings,ProxyOverride = ;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: PopSmasherNoTlbrObj Class: {0025739a-5875-4e33-8056-c03babe37f9c} - c:\program files\at&t worldnet service\toolbar\programs\PS.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: IeCaptureBho Object: {7c1ce531-09e9-4fc5-9803-1c2956615786} - c:\program files\google\google desktop search\GoogleDesktopIE.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: AT&&T Worldnet Service Toolbar: {02871142-4517-4931-8809-f89a01d2650b} - c:\program files\at&t worldnet service\toolbar\programs\PS.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
EB: Qpass: {21abba70-ff18-11d2-ad68-00105ace6321} - c:\windows\system32\SHDOCVW.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Google Update] "c:\documents and settings\peter\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [LaCie Backup] v:\program files\lacie\backup software\\LaCieBackup.exe /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "v:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [BTSETBOOTKEY] BTSetBootKey.exe
mRun: [BTUSRBDG] BtUsrBdg.exe
mRun: [iTunesHelper] "v:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [RoxioDragToDisc] "v:\program files\roxio\easy media creator 7\drag to disc\DrgToDsc.exe"
mRun: [SM1BG] c:\windows\SM1BG.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [Printing Migration] rundll32.exe c:\windows\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters
IE: {0264505A-6793-44E0-AC75-9DCE3B13185C} - c:\program files\at&t\wnclient\programs\AnyWho.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {21abba70-ff18-11d2-ad68-00105ace6321} - {21abba70-ff18-11d2-ad68-00105ace6321} - c:\windows\system32\SHDOCVW.DLL
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\system\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {24D2B385-F921-11D2-AD67-00105ACE6321} - hxxps://member.qpass.com/wallet/QpassWallet.cab
DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
DPF: {32564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8ax.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37913.7418171296
DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} - hxxp://windowsupdate.microsoft.com/R423/V31Controls/x86/w98/en/actsetup.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\SmartDownload - {D3B7D8E1-92DB-11d2-8551-0060083CFB9C} - c:\windows\system32\SDPH20.DLL
Name-Space Handler: http\SmartDownload - {D3B7D8E1-92DB-11d2-8551-0060083CFB9C} - c:\windows\system32\SDPH20.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - SABShellExecuteHook Class

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================


==================== Find3M ====================

2009-01-29 15:34 1,636 a------- c:\windows\system32\d3d9caps.dat
2009-01-20 15:21 334,720 -------- c:\windows\system32\dllcache\ds1wdm.sys
2008-12-13 01:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-12 11:18 87,336 -------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 -------- c:\windows\system32\dnssd.dll
2008-11-10 05:43 410,984 -------- c:\windows\system32\deploytk.dll
2008-10-21 21:34 61,224 -------- c:\documents and settings\peter\GoToAssistDownloadHelper.exe
2004-06-18 10:05 45,056 -------- c:\windows\inf\Slntinst.exe
2003-08-27 14:19 36,963 -------- c:\program files\common files\SM1updtr.dll
2003-08-22 10:09 45,056 -------- c:\windows\inf\slntinst_staticW2k.exe
2003-06-21 03:09 1,434 -------- c:\program files\INSTALL.LOG
2003-06-17 17:04 704,544 ----hr-- c:\documents and settings\peter\USER.DAT
2000-01-07 11:53 696,320 -------- c:\program files\common files\XCMHook.dll
2000-01-06 15:57 24,576 -------- c:\program files\common files\XCPCMenu.exe
1999-09-13 16:25 266 ---sh--- c:\program files\desktop.ini
1999-09-13 16:25 11,079 ----h--- c:\program files\folder.htt
2008-09-18 11:42 32,768 ---sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091820080919\index.dat

============= FINISH: 12:37:07.87 ===============

Attached Files


Edited by Orange Blossom, 31 January 2009 - 09:05 PM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:10:48 AM

Posted 12 February 2009 - 06:36 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:10:48 AM

Posted 16 February 2009 - 09:06 AM

Opened at member request.

Edited by KoanYorel, 21 February 2009 - 08:45 PM.

The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 AM

Posted 23 February 2009 - 04:19 PM

Hello.

Your computer may have been already compromised.

Posted ImageBackdoor Threat

IMPORTANT NOTE: Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 AM

Posted 26 February 2009 - 04:38 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 AM

Posted 28 February 2009 - 07:56 AM

Hello.

Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 AM

Posted 28 February 2009 - 09:56 PM

Hello.

Topic re-opened upon user's request..

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 podo

podo
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 28 February 2009 - 11:59 PM

Reformatting is out of the question, and re-installing Windows a distant possibility at best. I am a software developer, and this computer is 10 years old. Before I do anything that could cause a loss of data, I'd buy a new computer and transfer as much as I could. I'm not at that point yet: The computer is still working, although some functions require enormous patience. Could you please take another shot at diagnosing what is causing my problems? I'm not at all sure a Bagle infection is the main cause.

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 AM

Posted 01 March 2009 - 09:14 AM

Hello.

Let's take a closer look.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
  • After the reboot, run Gmer again and click on the Rootkit tab.
    • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
    • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
    • Click on the Scan and wait for the scan to finish.
      Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
    • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
    If GMER doesn't work in Normal Mode try running it in Safe Mode

    Important!:Please do not select the Show all checkbox during the scan..

    Download and run OTListIT2

    We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Post both logs in your next reply please.
With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 podo

podo
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 02 March 2009 - 01:04 AM

OK, I did what you asked me to, which took many hours: Here's Gmer.txt:

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2009-03-01 22:57:26
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.12 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1960] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 05052422 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1960] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 050523CC C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1960] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 050523F7 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\Peter\Favorites\AT&T WorldNet Service Favorites\Travel\Europe's low cost flights search & booking engine.url:favicon
ADS C:\Documents and Settings\Peter\Favorites\BanksAndCreditCards\Bank of America Home Personal.url:favicon
ADS C:\Documents and Settings\Peter\Favorites\BanksAndCreditCards\BankofAmerica.url:favicon
ADS C:\Documents and Settings\Peter\Favorites\BanksAndCreditCards\Chase Credit Card.url:favicon
ADS C:\Documents and Settings\Peter\Favorites\BanksAndCreditCards\Citizens Bank Citizens Bank Home.url:favicon
ADS C:\Documents and Settings\Peter\Favorites\BanksAndCreditCards\Macy's\Macys - Customer Service - Macy's Credit Card - View Credit Account.url:favicon
ADS C:\Documents and Settings\Peter\Favorites\BanksAndCreditCards\Online Investing Stocks, Personal Finance & Mutual Funds at SmartMoney.com.url:favicon
ADS C:\Documents and Settings\Peter\Favorites\BanksAndCreditCards\Portfolio (Your Portfolio) at SmartMoney.com.url:favicon
ADS C:\Documents and Settings\Peter\Favorites\BanksAndCreditCards\ShareBuilder from ING DIRECT Investing Made Easy.url:favicon
ADS C:\Documents and Settings\Peter\Favorites\EagleIslandRailings\WeatherWiseVinyl.COM - Buy Railing, Decking, Fencing, Columns, and more online!.url:favicon
ADS C:\Documents and Settings\Peter\Favorites\Galapagos\The Best Galápagos Time Transition Months Open Travel Info.url:favicon
ADS ...

---- EOF - GMER 1.0.12 ----


Next, OTListIt.txt:

OTListIt logfile created on: 3/1/2009 11:44:21 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.2 Folder = C:\Documents and Settings\Peter\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

511.54 Mb Total Physical Memory | 91.34 Mb Available Physical Memory | 17.86% Memory free
1.82 Gb Paging File | 1.30 Gb Available in Paging File | 71.62% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;V:\pagefile.sys 999 999;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 115.04 Gb Total Space | 91.59 Gb Free Space | 79.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive V: | 74.50 Gb Total Space | 45.87 Gb Free Space | 61.58% Space Free | Partition Type: NTFS

Computer Name: 58U0L
Current User Name: Peter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 90 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2007/10/19 13:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/01/09 22:17:24 | 00,020,539 | ---- | M] (Apache Software Foundation) -- V:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/02/18 10:00:14 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/10/27 12:10:14 | 00,052,736 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2000/11/17 01:02:00 | 00,114,688 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2009/01/12 21:54:31 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/10/19 13:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/01/09 22:17:24 | 00,020,539 | ---- | M] (Apache Software Foundation) -- V:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
PRC - [2007/03/05 20:58:16 | 04,554,752 | ---- | M] () -- V:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
PRC - [2009/02/18 10:00:25 | 00,484,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2007/10/19 13:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/09/17 16:56:51 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/09/17 16:56:51 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2006/11/03 18:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/09/23 21:38:04 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/11/10 05:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2003/04/15 09:48:00 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\BTSetBootKey.exe
PRC - [2003/11/05 21:21:00 | 00,053,248 | ---- | M] (Extended Systems, Inc.) -- C:\WINDOWS\system32\BtUsrBdg.exe
PRC - [2007/10/25 16:33:22 | 00,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/10/25 16:37:32 | 02,178,832 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/11/04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2004/11/17 09:21:56 | 01,691,648 | ---- | M] (Roxio) -- V:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
PRC - [2003/08/27 14:20:00 | 00,094,208 | R--- | M] (Cypress Semiconductor) -- C:\WINDOWS\SM1BG.EXE
PRC - [2009/02/18 10:00:22 | 01,601,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2007/07/28 10:53:08 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/01/24 08:55:10 | 02,633,728 | ---- | M] (LaCie Group) -- V:\Program Files\LaCie\Backup Software\LaCieBackup.exe
PRC - [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2007/10/25 16:32:58 | 00,407,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2008/02/12 20:10:40 | 21,898,024 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2008/09/27 14:15:25 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2008/09/23 11:20:00 | 00,415,072 | R--- | M] (WinZip Computing, S.L.) -- V:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2002/06/07 17:30:00 | 00,061,490 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
PRC - [2009/02/18 10:00:25 | 00,687,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/02/02 15:25:24 | 00,766,448 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/02/02 15:25:24 | 00,766,448 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/02/02 15:25:24 | 00,766,448 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/03/01 23:32:22 | 00,497,152 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peter\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/01/09 22:17:24 | 00,020,539 | ---- | M] (Apache Software Foundation) -- V:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe -- (Apache2 [Auto | Running])
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/18 10:00:14 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/10/27 12:10:14 | 00,052,736 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA [Auto | Running])
SRV - [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2000/11/17 01:02:00 | 00,114,688 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2 [Auto | Running])
SRV - [2008/09/17 16:56:51 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])
SRV - [2009/01/12 21:54:31 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/10/19 13:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
SRV - [2007/10/19 13:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2007/10/19 13:21:16 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
SRV - [2007/03/05 20:58:16 | 04,554,752 | ---- | M] () -- V:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL50 [Auto | Running])
SRV - [2006/10/19 19:36:04 | 01,087,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 12:49:00 | 00,075,136 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\atimpae.sys -- (atirage3 [On_Demand | Running])
DRV - [2009/02/18 10:00:25 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/02/18 10:00:25 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2003/09/29 09:36:12 | 00,062,359 | ---- | M] (Micro Solutions, Inc.) -- C:\WINDOWS\system32\DRIVERS\bpfinder.sys -- (bpfinder [System | Running])
DRV - [2003/09/29 09:37:44 | 00,004,538 | ---- | M] (Micro Solutions, Inc.) -- C:\WINDOWS\system32\DRIVERS\bpflt.sys -- (bpflt [On_Demand | Running])
DRV - [2003/09/29 09:40:46 | 00,005,493 | ---- | M] (Micro Solutions, Inc.) -- C:\WINDOWS\system32\DRIVERS\bppccard.sys -- (bppccard [On_Demand | Stopped])
DRV - [2003/09/29 09:57:54 | 00,019,670 | ---- | M] (Micro Solutions, Inc.) -- C:\WINDOWS\system32\DRIVERS\bppnpdrv.sys -- (bppnpdrv [On_Demand | Stopped])
DRV - [2003/09/29 09:59:26 | 00,111,180 | ---- | M] (Micro Solutions, Inc.) -- C:\WINDOWS\system32\DRIVERS\bpusbdrv.sys -- (bpusbdrv [On_Demand | Stopped])
DRV - [2004/06/23 13:13:42 | 00,010,653 | ---- | M] (Micro Solutions, Inc.) -- C:\WINDOWS\System32\DRIVERS\bpusbflt.sys -- (bpusbflt [On_Demand | Running])
DRV - [2004/09/28 15:18:00 | 00,057,512 | ---- | M] (Windigo Systems) -- C:\WINDOWS\system32\drivers\Btcomm.sys -- (BTCOMM [On_Demand | Running])
DRV - [2003/03/18 10:31:00 | 00,015,876 | ---- | M] (Windigo Systems) -- C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys -- (BTKRNBDG [On_Demand | Running])
DRV - [2005/10/27 12:10:10 | 00,011,376 | ---- | M] () -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA [Auto | Running])
DRV - [2004/11/06 18:09:32 | 00,052,464 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\CDR4_2K.SYS -- (Cdr4_2K [System | Running])
DRV - [2004/12/06 15:19:22 | 00,044,288 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2004/11/17 09:16:48 | 00,024,832 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2004/11/17 09:23:24 | 00,289,920 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Running])
DRV - [2001/08/17 14:02:48 | 00,272,640 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\cinemclc.sys -- (cinemclc [On_Demand | Running])
DRV - [2005/06/28 18:46:00 | 00,024,859 | ---- | M] (Windigo) -- C:\WINDOWS\System32\Drivers\csrbc01.sys -- (CSRBC01 [On_Demand | Stopped])
DRV - [2004/05/05 15:24:36 | 00,104,270 | ---- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\emDevice.sys -- (DCamUSBEMPIA [On_Demand | Stopped])
DRV - [2001/08/17 12:20:18 | 00,334,208 | ---- | M] (Yamaha Corp.) -- C:\WINDOWS\system32\drivers\ds1wdm.sys -- (ds1 [On_Demand | Running])
DRV - [2004/11/17 09:14:02 | 00,141,184 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp [System | Running])
DRV - [2004/11/17 09:22:46 | 00,023,936 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K [On_Demand | Running])
DRV - [2001/08/17 12:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\system32\DRIVERS\el90xbc5.sys -- (EL90XBC [On_Demand | Stopped])
DRV - [2004/09/23 19:41:04 | 00,020,608 | ---- | M] (Empia Technology, Inc.) -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio [On_Demand | Stopped])
DRV - [2004/05/05 15:24:46 | 00,005,246 | ---- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\emFilter.sys -- (FiltUSBEMPIA [On_Demand | Stopped])
DRV - [2008/04/13 13:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2009/03/01 19:44:17 | 00,068,961 | ---- | M] (GMER) -- C:\WINDOWS\System32\DRIVERS\gmer.sys -- (gmer [System | Running])
DRV - [2001/08/17 13:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\irsir.sys -- (irsir [On_Demand | Stopped])
DRV - [2007/10/19 13:16:30 | 02,109,976 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LVcKap.sys -- (LVcKap [On_Demand | Stopped])
DRV - [2007/10/11 18:59:02 | 02,142,488 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys -- (LVMVDrv [On_Demand | Stopped])
DRV - [2007/10/11 18:59:24 | 00,025,624 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
DRV - [2007/10/11 21:00:42 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2004/11/17 09:10:40 | 00,023,808 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K [On_Demand | Stopped])
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2004/12/04 22:58:24 | 00,035,936 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\Pcouffin.sys -- (Pcouffin [On_Demand | Running])
DRV - [2003/09/19 15:47:24 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2007/10/11 20:56:20 | 00,490,776 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LV561AV.SYS -- (PID_0928 [On_Demand | Running])
DRV - [2004/08/04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/11/17 09:07:30 | 00,117,632 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k [System | Running])
DRV - [2004/08/04 12:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2009/01/15 16:17:40 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/01/15 16:17:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/01/15 16:17:38 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2004/05/05 15:24:58 | 00,004,522 | ---- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\emScan.sys -- (ScanUSBEMPIA [On_Demand | Stopped])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/11/17 09:10:52 | 00,200,832 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr [System | Running])
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2001/08/17 13:28:18 | 00,794,399 | ---- | M] (U.S. Robotics, Inc.) -- C:\WINDOWS\system32\DRIVERS\USR1806V.SYS -- (USR1806V [On_Demand | Running])
DRV - [2005/06/30 11:57:00 | 00,017,792 | ---- | M] (Windigo Systems) -- C:\WINDOWS\system32\drivers\vadmulti.sys -- (vad_multi [On_Demand | Running])
DRV - [2004/08/04 12:00:00 | 00,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys -- (vdmindvd [On_Demand | Running])
DRV - [2004/08/06 13:54:26 | 00,237,056 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\zd1211u.sys -- (WLAN(WLAN) [On_Demand | Running])
DRV - [2004/01/14 11:30:00 | 00,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\ZDPNDIS5.SYS -- (ZDPNDIS5 [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.worldnet.att.net/
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.worldnet.att.net/
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.worldnet.att.net/
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.worldnet.att.net/
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-343818398-764733703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-343818398-764733703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-343818398-764733703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-343818398-764733703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.my.att.net
IE - HKU\S-1-5-21-343818398-764733703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-343818398-764733703-839522115-1003\S-1-5-21-343818398-764733703-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-343818398-764733703-839522115-1003\S-1-5-21-343818398-764733703-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> %ProgramFiles%\AVG\AVG8\FIREFOX [C:\PROGRAM FILES\AVG\AVG8\FIREFOX] -> [2009/02/20 17:59:24 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8} -> %ProgramFiles%\AVG\AVG8\TOOLBARFF [C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF] -> [2009/02/20 17:59:24 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/01/26 23:39:59 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/01/26 23:39:58 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Components -> %ProgramFiles%\NETSCAPE\NETSCAPE\COMPONENTS [C:\PROGRAM FILES\NETSCAPE\NETSCAPE\COMPONENTS] -> [2008/03/24 21:19:40 | 00,000,856 | ---- | M] ()
FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Plugins -> %ProgramFiles%\NETSCAPE\NETSCAPE\PLUGINS [C:\PROGRAM FILES\NETSCAPE\NETSCAPE\PLUGINS] -> [2008/12/10 12:45:21 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Peter\Application Data\mozilla\Extensions [2008/03/20 21:42:22 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Peter\Application Data\mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241} [2008/03/20 21:42:22 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Peter\Application Data\mozilla\Firefox\Profiles\fb3jg1vd.default\extensions [2005/07/01 22:44:08 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Peter\Application Data\mozilla\Firefox\Profiles\fb3jg1vd.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2005/07/01 22:44:08 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2008/12/10 12:46:01 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/01/26 23:39:58 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2007/05/08 20:22:44 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [2007/07/27 17:29:52 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2007/10/04 01:02:00 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [2008/09/16 20:04:34 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2008/03/27 13:46:35 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008/08/01 20:13:55 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2008/12/01 14:26:49 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2008/12/10 12:46:03 00,000,000 | ---D | M]

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PopSmasherNoTlbrObj Class) - {0025739A-5875-4e33-8056-C03BABE37F9C} - C:\Program Files\AT&T Worldnet Service\Toolbar\Programs\PS.dll (AT&T Corp.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IeCaptureBho Object) - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (Google)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-343818398-764733703-839522115-1003\..\Toolbar\WebBrowser: (no name) - {02871142-4517-4931-8809-F89A01D2650B} - C:\Program Files\AT&T Worldnet Service\Toolbar\Programs\PS.dll (AT&T Corp.)
O3 - HKU\S-1-5-21-343818398-764733703-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-343818398-764733703-839522115-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "V:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [BTSETBOOTKEY] BTSetBootKey.exe ()
O4 - HKLM..\Run: [BTUSRBDG] BtUsrBdg.exe (Extended Systems, Inc.)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [iTunesHelper] "V:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] "V:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" (Roxio)
O4 - HKLM..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
O4 - HKU\S-1-5-21-343818398-764733703-839522115-1003..\Run: [Google Update] "C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKU\S-1-5-21-343818398-764733703-839522115-1003..\Run: [LaCie Backup] V:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background (LaCie Group)
O4 - HKU\S-1-5-21-343818398-764733703-839522115-1003..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-343818398-764733703-839522115-1003..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-343818398-764733703-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-343818398-764733703-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-343818398-764733703-839522115-1003..\Run: [xReminder Pro] "C:\Program Files\xReminder Pro\xRemind.exe" (Duality Software)
O4 - HKU\.DEFAULT..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = V:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\Billminder.lnk = C:\Quickenw\billmind.exe (Intuit)
O4 - Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\Pmremind.exe ()
O4 - Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE ()
O4 - Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE ()
O4 - Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\Osa9.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-343818398-764733703-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-343818398-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-21-343818398-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-343818398-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-343818398-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-343818398-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-343818398-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-343818398-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-343818398-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-343818398-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\S-1-5-21-343818398-764733703-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O9 - Extra Button: AnyWho - {0264505A-6793-44E0-AC75-9DCE3B13185C} - File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-343818398-764733703-839522115-1003\..Trusted Sites: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-343818398-764733703-839522115-1003\..Trusted Sites: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-343818398-764733703-839522115-1003\..Trusted Sites: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-343818398-764733703-839522115-1003\..Trusted Sites: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-343818398-764733703-839522115-1003\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/F/D...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {24D2B385-F921-11D2-AD67-00105ACE6321} https://member.qpass.com/wallet/QpassWallet.cab (WalletUtils Class)
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} https://support.microsoft.com/OAS/ActiveX/odc.cab (Microsoft Data Collection Control)
O16 - DPF: {32564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv8ax.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7913.7418171296 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl..._4_0_03-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} http://windowsupdate.microsoft.com/R423/V3...en/actsetup.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://c:\windows\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://c:\windows\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://c:\windows\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/11 20:51:23 00,000,000 | ---D | M] - C:\autobio -- [ NTFS ]
O32 - AutoRun File - [1999/09/13 16:27:18 | 00,000,131 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2003/04/06 14:03:22 | 00,000,788 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/02/20 16:29:42 | 00,000,788 | ---- | M] () - C:\autoexec.na1 -- [ NTFS ]
O32 - AutoRun File - [2003/03/08 01:14:42 | 00,000,788 | ---- | M] () - C:\autoexec.na2 -- [ NTFS ]
O32 - AutoRun File - [2003/02/20 15:19:44 | 00,000,701 | ---- | M] () - C:\autoexec.nai -- [ NTFS ]
O32 - AutoRun File - [2003/02/20 04:27:12 | 00,000,623 | -HS- | M] () - C:\AUTOEXEC.WIN -- [ NTFS ]
O32 - AutoRun File - [2009/01/05 11:27:18 00,000,000 | ---D | M] - V:\autobio -- [ NTFS ]
O32 - AutoRun File - [1999/09/13 16:27:18 | 00,000,131 | ---- | M] () - V:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2003/04/06 14:03:22 | 00,000,788 | ---- | M] () - V:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/02/20 16:29:42 | 00,000,788 | ---- | M] () - V:\autoexec.na1 -- [ NTFS ]
O32 - AutoRun File - [2003/03/08 01:14:42 | 00,000,788 | ---- | M] () - V:\autoexec.na2 -- [ NTFS ]
O32 - AutoRun File - [2003/02/20 15:19:44 | 00,000,701 | ---- | M] () - V:\autoexec.nai -- [ NTFS ]
O32 - AutoRun File - [2003/02/20 04:27:12 | 00,000,623 | -HS- | M] () - V:\AUTOEXEC.WIN -- [ NTFS ]
O33 - MountPoints2\{086068e0-af13-11da-ac4b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{086068e0-af13-11da-ac4b-806d6172696f}\Shell\AutoRun - "" = Auto&Play

========== Files/Folders - Created Within 90 Days ==========

[35 C:\WINDOWS\*.tmp files]
[7 C:\Documents and Settings\Peter\My Documents\*.tmp files]
[2067/08/26 14:43:36 | 00,093,696 | ---- | C] (Networks Associates Technologies, Inc.) -- C:\WINDOWS\System32\CSLSP.DLL
[2030/10/22 00:00:00 | 00,000,000 | ---D | C] -- C:\WINDOWS
[2009/03/01 23:32:22 | 00,497,152 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Peter\Desktop\OTListIt2.exe
[2009/03/01 19:44:19 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/03/01 19:44:17 | 00,573,440 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009/03/01 19:44:17 | 00,565,311 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/03/01 19:44:17 | 00,068,961 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/03/01 19:44:17 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/02/28 17:59:56 | 00,000,383 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\WS_FTP95 LE.lnk
[2009/02/28 17:20:01 | 00,000,986 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\Shortcut to mattime.com Secure WebDisk.vbs.lnk
[2009/02/28 15:30:12 | 00,000,000 | ---D | C] -- C:\Program Files\xReminder Pro
[2009/02/24 11:47:29 | 00,000,000 | ---D | C] -- C:\website
[2009/02/23 20:58:01 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\MargaretJeffery2009.DOC
[2009/02/23 20:40:27 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\Deed to OffenhartzRevised2009.doc
[2009/02/21 17:08:12 | 00,368,961 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\dds.scr
[2009/02/21 16:58:51 | 00,048,128 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\BleepingComputer7.doc
[2009/02/18 10:00:25 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/02/05 05:10:52 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/02/04 16:17:50 | 00,001,516 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2009/02/04 16:17:30 | 00,325,128 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/02/04 16:17:27 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/02/04 16:17:16 | 33,651,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/02/04 16:17:15 | 00,401,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/02/04 16:17:15 | 00,024,151 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/02/04 16:17:14 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/02/04 16:17:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/02/04 16:17:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Application Data\AVGTOOLBAR
[2009/02/04 16:16:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/02/01 00:43:02 | 00,090,112 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\PhotoMedex.doc
[2009/01/31 17:46:27 | 00,368,971 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\dds.scr
[2009/01/31 17:09:22 | 00,360,210 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\Chase2008PeterSuimmary.pdf
[2009/01/31 17:07:32 | 00,363,692 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\Chase2008BarbaraSummary.pdf
[2009/01/31 11:55:54 | 00,141,312 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\BleepingComputer6a.doc
[2009/01/31 11:44:48 | 00,520,704 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\BleepingComputer6.doc
[2009/01/30 17:57:16 | 00,033,280 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\BleepingComputer5.doc
[2009/01/30 16:28:16 | 00,025,992 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2009/01/30 16:03:56 | 00,001,556 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2009/01/30 13:13:21 | 00,003,650 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/01/30 12:19:51 | 00,006,162 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\Kaspersky1.html
[2009/01/29 12:41:43 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\BleepingComputer4.doc
[2009/01/28 21:41:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2009/01/28 21:32:43 | 00,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2008.lnk
[2009/01/28 19:28:18 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/01/28 19:22:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/01/28 17:45:53 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/01/28 16:28:43 | 00,000,877 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\Shortcut to SDFix.exe.lnk
[2009/01/28 14:20:44 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\HelpFromBleepingComputers3.doc
[2009/01/27 12:24:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/01/27 12:24:27 | 00,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/01/27 12:24:21 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/01/27 12:24:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Application Data\SUPERAntiSpyware.com
[2009/01/26 23:39:05 | 00,000,000 | ---D | C] -- C:\temp
[2009/01/26 21:57:22 | 00,000,911 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\Shortcut to ATF-Cleaner.exe.lnk
[2009/01/26 14:17:17 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\MATTAX09.DOC
[2009/01/25 20:00:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/01/24 21:55:23 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\HelpfromBleepingCompter2.doc
[2009/01/24 13:12:06 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\ToyiasComplaint.DOC
[2009/01/23 20:38:53 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/01/23 18:23:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Application Data\Malwarebytes
[2009/01/23 18:22:45 | 00,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/23 18:22:44 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/23 18:22:41 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/23 18:22:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/23 18:22:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/22 22:05:45 | 00,031,744 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\helpfrombleepingcomputer.doc
[2009/01/22 15:17:29 | 00,000,742 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\Cobian Backup 9 (2).lnk
[2009/01/22 13:55:08 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9
[2009/01/21 20:37:34 | 00,001,401 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\HijackThis.lnk
[2009/01/21 20:37:22 | 00,000,000 | ---D | C] -- C:\HijackThis
[2009/01/20 15:24:38 | 00,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\drivers\ds1wdm.sys
[2009/01/20 15:24:36 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdmaud.drv
[2009/01/20 15:24:35 | 00,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2009/01/20 15:24:34 | 00,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2009/01/20 15:24:31 | 00,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2009/01/20 15:24:31 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2009/01/20 15:24:31 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2009/01/20 15:24:30 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2009/01/20 15:24:12 | 00,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gameenum.sys
[2009/01/20 15:21:03 | 00,000,042 | ---- | C] () -- C:\WINDOWS\System32\DriverChecker.lie
[2009/01/20 15:07:34 | 00,000,694 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\Driver Checker.lnk
[2009/01/20 15:07:33 | 00,081,408 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\devcon_x64.exe
[2009/01/20 15:07:33 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devcon.exe
[2009/01/20 15:07:32 | 00,000,000 | ---D | C] -- C:\Program Files\Driver Checker
[2009/01/19 19:10:38 | 00,089,088 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\MattUpdate2009CoverLetter.DOC
[2009/01/19 01:23:27 | 48,353,3108 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\ProcMonLogofJan1909.PML
[2009/01/18 16:31:29 | 00,000,889 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\Shortcut to Procmon.exe.lnk
[2009/01/18 02:09:39 | 00,001,523 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\Backup.lnk
[2009/01/15 15:38:03 | 00,089,088 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\MattUpdate2008CoverLetter.DOC
[2009/01/14 17:18:20 | 00,292,814 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\MatLab2009.xpr
[2009/01/14 16:56:42 | 00,003,258 | --S- | C] () -- C:\Documents and Settings\Peter\My Documents\MATT2009.rcl
[2009/01/13 15:30:59 | 00,000,831 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\Security Task Manager.lnk
[2009/01/13 13:25:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/01/13 00:02:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/01/13 00:01:59 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2009/01/12 16:45:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Application Data\TeamViewer
[2009/01/11 17:58:26 | 00,000,438 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/01/11 17:56:56 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2009/01/11 17:56:22 | 00,000,441 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2009/01/11 17:56:22 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2009/01/10 20:28:01 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\ExternRSVP2009.xls
[2009/01/10 20:19:20 | 00,016,896 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\boston 2009 studentsponsors.xls
[2009/01/10 00:10:50 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\Global Warming Piece.doc
[2009/01/09 17:08:36 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\Swarthmore50Harbeson.DOC
[2009/01/08 19:52:56 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/01/08 19:45:33 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\Chronology of a TwoHourComputerBootUp.doc
[2009/01/07 17:22:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Application Data\McAfee
[2009/01/07 13:33:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/01/05 21:43:23 | 00,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TweakUI.exe
[2009/01/05 21:43:23 | 00,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2008/12/31 17:47:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Local Settings\Application Data\Intuit
[2008/12/31 17:45:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0.old
[2008/12/30 12:39:31 | 00,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2008/12/29 19:56:54 | 00,001,196 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-764733703-839522115-1003.job
[2008/12/25 20:35:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\MATTData
[2008/12/22 20:20:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Peter\My Documents\Ancestry
[2008/12/22 16:21:17 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\Extern 2009 Boston December invite.doc
[2008/12/20 16:58:50 | 00,016,384 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\OffenhartzAncestryVilniusBirth728-2-384_1864B_Vilna.xls
[2008/12/20 14:25:13 | 00,000,001 | ---- | C] () -- C:\TermRun.Usf
[2008/12/20 00:49:00 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\MATTimekeeping System 2009 Changes.doc
[2008/12/18 20:04:44 | 00,000,082 | ---- | C] () -- C:\matterm9.vbw
[2008/12/18 20:02:51 | 00,001,079 | ---- | C] () -- C:\matterm9.mak
[2008/12/18 20:01:02 | 00,000,000 | ---D | C] -- C:\MATTterm9
[2008/12/16 00:13:51 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/12/16 00:01:04 | 00,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2008/12/16 00:00:16 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2008/12/15 16:17:16 | 00,000,000 | ---D | C] -- C:\Thanksgiving08
[2008/12/15 12:07:42 | 00,000,000 | ---D | C] -- C:\CrednerEagle08
[2008/12/14 21:28:11 | 00,000,000 | ---D | C] -- C:\EagleFamily08
[2008/12/11 14:12:43 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\OffenhartzResume.doc
[2008/12/08 20:07:10 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/12/08 20:05:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/12/08 19:52:21 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/12/08 19:45:33 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/02 20:09:03 | 00,088,576 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\MATTUpdateInfoLate2008.DOC
[2008/12/02 20:07:49 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Peter\My Documents\~$ttUpdatex2009.DOC

========== Files - Modified Within 90 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[35 C:\WINDOWS\*.tmp files]
[7 C:\Documents and Settings\Peter\My Documents\*.tmp files]
[2067/08/27 15:16:02 | 00,093,696 | ---- | M] (Networks Associates Technologies, Inc.) -- C:\WINDOWS\System32\CSLSP.DLL
[2009/03/01 23:54:37 | 00,001,196 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-764733703-839522115-1003.job
[2009/03/01 23:36:33 | 00,002,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Word.lnk
[2009/03/01 23:32:22 | 00,497,152 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peter\Desktop\OTListIt2.exe
[2009/03/01 23:07:35 | 33,651,768 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/03/01 21:34:13 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009/03/01 20:25:22 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/03/01 20:24:00 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/03/01 20:22:06 | 00,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/03/01 20:20:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/01 20:20:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/03/01 19:44:17 | 00,565,311 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009/03/01 19:44:17 | 00,068,961 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/03/01 19:44:17 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/03/01 17:33:27 | 00,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2008.lnk
[2009/03/01 13:00:40 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2009/03/01 09:58:01 | 00,024,151 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/03/01 01:00:00 | 00,000,352 | -H-- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/02/28 17:59:56 | 00,000,383 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\WS_FTP95 LE.lnk
[2009/02/28 17:20:01 | 00,000,986 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Shortcut to mattime.com Secure WebDisk.vbs.lnk
[2009/02/28 13:20:23 | 00,002,471 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Microsoft Excel.lnk
[2009/02/27 22:17:33 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\PortfolioPerformance2008.xls
[2009/02/23 22:18:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/02/23 21:55:46 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\MargaretJeffery2009.DOC
[2009/02/23 20:55:09 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\Deed to OffenhartzRevised2009.doc
[2009/02/23 04:04:45 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/21 17:08:52 | 00,368,961 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\dds.scr
[2009/02/21 16:58:54 | 00,048,128 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\BleepingComputer7.doc
[2009/02/21 15:10:45 | 00,125,440 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\FederalDebtBestDataAndCharts.xls
[2009/02/20 23:02:06 | 00,401,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/02/18 10:00:25 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/02/18 10:00:25 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/02/18 10:00:25 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/02/11 23:56:17 | 21,244,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.EXE
[2009/02/04 16:17:50 | 00,001,516 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2009/02/04 16:17:15 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/02/03 19:18:41 | 00,002,253 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Google Chrome.lnk
[2009/02/01 00:53:51 | 00,089,600 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\SoftwareTailorsLetterHead.doc
[2009/02/01 00:53:48 | 00,090,112 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\PhotoMedex.doc
[2009/01/31 17:09:22 | 00,360,210 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\Chase2008PeterSuimmary.pdf
[2009/01/31 17:07:32 | 00,363,692 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\Chase2008BarbaraSummary.pdf
[2009/01/31 12:24:06 | 00,368,971 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\dds.scr
[2009/01/31 11:55:55 | 00,141,312 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\BleepingComputer6a.doc
[2009/01/31 11:44:49 | 00,520,704 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\BleepingComputer6.doc
[2009/01/30 19:51:47 | 00,003,650 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/01/30 19:51:29 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2009/01/30 17:57:17 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\BleepingComputer5.doc
[2009/01/30 16:28:16 | 00,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2009/01/30 16:03:56 | 00,001,556 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2009/01/30 16:03:55 | 00,001,640 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2009/01/30 12:19:51 | 00,006,162 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\Kaspersky1.html
[2009/01/29 15:34:41 | 00,001,636 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/01/29 12:41:43 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\BleepingComputer4.doc
[2009/01/29 03:38:00 | 00,001,523 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Backup.lnk
[2009/01/28 19:28:19 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/01/28 16:28:43 | 00,000,877 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Shortcut to SDFix.exe.lnk
[2009/01/28 14:20:45 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\HelpFromBleepingComputers3.doc
[2009/01/27 12:24:27 | 00,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/01/26 21:57:23 | 00,000,911 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Shortcut to ATF-Cleaner.exe.lnk
[2009/01/26 14:25:54 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\MATTAX09.DOC
[2009/01/24 21:55:24 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\HelpfromBleepingCompter2.doc
[2009/01/24 14:48:12 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\ToyiasComplaint.DOC
[2009/01/23 18:22:45 | 00,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/22 22:05:46 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\helpfrombleepingcomputer.doc
[2009/01/22 14:48:57 | 00,000,742 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Cobian Backup 9 (2).lnk
[2009/01/21 20:37:36 | 00,001,401 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\HijackThis.lnk
[2009/01/20 15:21:50 | 00,334,720 | ---- | M] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2009/01/20 15:21:03 | 00,000,042 | ---- | M] () -- C:\WINDOWS\System32\DriverChecker.lie
[2009/01/20 15:07:34 | 00,000,694 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Driver Checker.lnk
[2009/01/19 20:49:53 | 00,089,088 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\MattUpdate2008CoverLetter.DOC
[2009/01/19 19:10:39 | 00,089,088 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\MattUpdate2009CoverLetter.DOC
[2009/01/19 01:39:36 | 48,353,3108 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\ProcMonLogofJan1909.PML
[2009/01/18 16:31:29 | 00,000,889 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Shortcut to Procmon.exe.lnk
[2009/01/16 21:35:14 | 03,594,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/01/16 21:35:14 | 03,594,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/01/15 15:51:49 | 00,089,600 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\MattUpdatex2008.DOC
[2009/01/15 15:32:16 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\Swarthmore50Harbeson.DOC
[2009/01/15 01:00:00 | 00,000,264 | -H-- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/01/14 17:18:20 | 00,292,814 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\MatLab2009.xpr
[2009/01/14 16:56:42 | 00,003,258 | --S- | M] () -- C:\Documents and Settings\Peter\My Documents\MATT2009.rcl
[2009/01/14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/13 15:30:59 | 00,000,831 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Security Task Manager.lnk
[2009/01/12 22:39:55 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\ExternRSVP2009.xls
[2009/01/12 17:13:43 | 00,000,201 | -HS- | M] () -- C:\BOOT.INI
[2009/01/11 17:56:22 | 00,000,441 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2009/01/10 20:19:20 | 00,016,896 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\boston 2009 studentsponsors.xls
[2009/01/10 15:10:59 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\Global Warming Piece.doc
[2009/01/08 21:29:26 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\greenhouse Gases.doc
[2009/01/08 20:45:59 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\Chronology of a TwoHourComputerBootUp.doc
[2009/01/07 17:34:16 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/01/07 17:34:16 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/01/07 17:34:16 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/01/07 17:34:16 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/01/07 17:34:16 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/01/07 17:34:16 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/01/07 17:20:24 | 01,486,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\LegitCheckControl.DLL
[2009/01/06 15:41:01 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\MATTimekeeping System 2009 Changes.doc
[2009/01/05 14:08:48 | 00,002,733 | ---- | M] () -- C:\WINDOWS\Matt.Ini
[2009/01/05 14:08:26 | 00,002,121 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2008/12/31 13:12:58 | 00,000,037 | ---- | M] () -- C:\WINDOWS\VBADDIN.INI
[2008/12/22 16:22:11 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\Extern 2009 Boston December invite.doc
[2008/12/20 18:15:41 | 00,826,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll
[2008/12/20 18:15:41 | 00,826,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2008/12/20 18:15:40 | 01,160,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll
[2008/12/20 18:15:40 | 01,160,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2008/12/20 18:15:40 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\webcheck.dll
[2008/12/20 18:15:40 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2008/12/20 18:15:39 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2008/12/20 18:15:39 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2008/12/20 18:15:38 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\occache.dll
[2008/12/20 18:15:38 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2008/12/20 18:15:38 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2008/12/20 18:15:38 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2008/12/20 18:15:32 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2008/12/20 18:15:32 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2008/12/20 18:15:31 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2008/12/20 18:15:31 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2008/12/20 18:15:30 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmled.dll
[2008/12/20 18:15:30 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2008/12/20 18:15:24 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2008/12/20 18:15:24 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2008/12/20 18:15:23 | 01,831,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2008/12/20 18:15:23 | 01,831,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2008/12/20 18:15:23 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2008/12/20 18:15:23 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2008/12/20 18:15:23 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2008/12/20 18:15:23 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2008/12/20 18:15:22 | 00,267,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil.dll
[2008/12/20 18:15:22 | 00,267,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2008/12/20 18:15:21 | 06,066,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/12/20 18:15:21 | 06,066,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/12/20 18:15:21 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2008/12/20 18:15:21 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2008/12/20 18:15:16 | 00,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2008/12/20 18:15:16 | 00,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2008/12/20 18:15:15 | 00,383,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2008/12/20 18:15:15 | 00,383,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2008/12/20 18:15:14 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2008/12/20 18:15:14 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2008/12/20 18:15:14 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2008/12/20 18:15:14 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2008/12/20 18:15:13 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2008/12/20 18:15:13 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2008/12/20 18:15:13 | 00,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\extmgr.dll
[2008/12/20 18:15:13 | 00,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2008/12/20 18:15:13 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\icardie.dll
[2008/12/20 18:15:13 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2008/12/20 18:15:12 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2008/12/20 18:15:12 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2008/12/20 18:15:11 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2008/12/20 18:15:11 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
[2008/12/20 16:58:51 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\OffenhartzAncestryVilniusBirth728-2-384_1864B_Vilna.xls
[2008/12/20 14:25:13 | 00,000,001 | ---- | M] () -- C:\TermRun.Usf
[2008/12/19 04:10:15 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2008/12/19 04:10:15 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2008/12/19 04:10:15 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2008/12/19 04:10:15 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2008/12/19 00:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2008/12/19 00:23:56 | 00,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll
[2008/12/19 00:23:56 | 00,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2008/12/18 20:04:44 | 00,001,079 | ---- | M] () -- C:\matterm9.mak
[2008/12/18 20:04:44 | 00,000,082 | ---- | M] () -- C:\matterm9.vbw
[2008/12/18 12:39:40 | 00,043,008 | ---- | M] () -- C:\WINDOWS\System32\MSMAPI32.oca
[2008/12/18 12:39:39 | 00,035,840 | ---- | M] () -- C:\WINDOWS\System32\Comdlg32.oca
[2008/12/18 12:39:39 | 00,025,600 | ---- | M] () -- C:\WINDOWS\System32\MSCOMM32.oca
[2008/12/18 12:39:38 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\GRID32.oca
[2008/12/18 12:39:03 | 00,002,102 | ---- | M] () -- C:\WINDOWS\VB.INI
[2008/12/16 00:01:04 | 00,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2008/12/14 19:31:15 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\letTERHD.DOC
[2008/12/14 12:21:46 | 00,402,726 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2008/12/14 12:21:46 | 00,062,640 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2008/12/14 12:21:43 | 00,473,322 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/12 16:03:59 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\EagleCertificate of Trust.doc
[2008/12/11 14:12:44 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\OffenhartzResume.doc
[2008/12/11 14:09:54 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\resuME.doc
[2008/12/11 05:57:09 | 00,333,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\srv.sys
[2008/12/11 05:57:09 | 00,333,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/12/08 01:26:04 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2008/12/03 17:40:32 | 00,081,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\devcon_x64.exe
[2008/12/03 12:21:05 | 00,088,576 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\MATTUpdateInfoLate2008.DOC
[2008/12/02 20:07:49 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Peter\My Documents\~$ttUpdatex2009.DOC
< End of report >

And, finally, Extra.txt:

OTListIt Extras logfile created on: 3/1/2009 11:44:21 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.2 Folder = C:\Documents and Settings\Peter\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

511.54 Mb Total Physical Memory | 91.34 Mb Available Physical Memory | 17.86% Memory free
1.82 Gb Paging File | 1.30 Gb Available in Paging File | 71.62% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;V:\pagefile.sys 999 999;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 115.04 Gb Total Space | 91.59 Gb Free Space | 79.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive V: | 74.50 Gb Total Space | 45.87 Gb Free Space | 61.58% Space Free | Partition Type: NTFS

Computer Name: 58U0L
Current User Name: Peter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 90 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-343818398-764733703-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/09/23 21:38:48 | 00,214,536 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player
[2008/04/13 19:12:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\FXSCLNT.exe:*:Enabled:Microsoft Fax Console
File not found -- C:\Documents and Settings\Peter\Local Settings\Temp\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard
[2008/04/13 19:12:25 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mmc.exe:*:Enabled:Microsoft Management Console
[2003/02/20 14:35:04 | 00,362,496 | ---- | M] (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA 02173) -- C:\Program Files\Ws_ftp\WS_FTP95.exe:*:Enabled:WS_FTP 95
[2007/06/04 16:39:38 | 09,882,002 | ---- | M] () -- V:\Program Files\Participatory Culture Foundation\Democracy Player\Democracy_Downloader.exe:*:Enabled:Democracy_Downloader
File not found -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/03/08 00:25:56 | 09,950,760 | ---- | M] (Intuit, Inc.) -- V:\New Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
[2007/01/03 19:21:40 | 03,679,784 | ---- | M] (Intuit, Inc.) -- V:\New Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
[2005/10/26 16:52:54 | 00,049,152 | ---- | M] (Topdownloads Networks) -- V:\Program Files\Easy TV Trial\Easy TV.exe:*:Enabled:Easy TV
[2008/01/10 16:26:16 | 04,138,882 | ---- | M] () -- C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe:*:Enabled:Miro_Downloader
[2008/03/20 10:34:12 | 00,018,432 | ---- | M] () -- C:\Program Files\Participatory Culture Foundation\Miro\xulrunner\python\Miro_Downloader.exe:*:Enabled:Miro_Downloader
[2008/03/05 22:29:49 | 10,343,712 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
[2007/10/22 18:56:52 | 03,597,600 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- V:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/02/18 02:10:15 | 01,032,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server
[2008/02/12 20:10:40 | 21,898,024 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{1EF55D0B-5D2A-4DB8-89F3-FAD894E1F36E}" = J-Perk
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 11
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = Plextor ConvertX AV100U A/V Capture Device Driver
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{31ED608D-8826-41AA-913F-DBC45CB4DE09}" = Topo USA 4.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{581CE7EA-A30D-0000-1211-088635789090}" = 802.11b+g USB Wireless LAN Adapter
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{607A3661-3905-4444-83EA-897C3FA481E1}" = PCShowBuzz
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = PhotoImpression 5
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DD9963C-271A-4A14-82B0-4DC148C52E58}" = LaCie Backup Software v1.5.2215
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.4
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF05090-21D9-41E8-9403-A464F9D0C825}" = MySQL Server 5.0
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0C65E65-5CF2-4C16-8023-950BA678FE15}" = XTNDConnect Blue Manager 3.3
"{A14774E8-246D-47D4-B85E-4B616AF99911}" = Web Weaver 2005
"{AC1E4C93-C1E7-11D6-9D10-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.0_03
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5760-0000-705000000001}" = Adobe Reader Japanese Fonts
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB4544EA-C189-41FE-9E3A-76591DDB852B}" = Roxio Easy Media Creator 7
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{E3B5D92A-94E3-4F48-AA38-83317662116B}" = TurboTax 2008 wmaiper
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EE7C3A14-1D20-49F6-B903-491561076F0F}" = ArcSoft Software Suite
"{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"3Com Modem Manager" = 3Com Modem Manager
"3Com/US Robotics user guide" = 3Com/US Robotics user guide
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Image Viewer Plugin" = Adobe Image Viewer Plugin 4.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AT&T Connection Services Software" = AT&T WorldNet Service
"AT&T Worldnet Service Toolbar" = AT&T Worldnet Service Toolbar
"AT&T WorldNet Software" = AT&T WorldNet Setup
"ATI Mach64 Display Driver" = ATI mach64 Display Driver
"AVG8Uninstall" = AVG Free 8.0
"Bookshelf 2k" = Bookshelf 2000
"CD LabelMaker" = CD LabelMaker
"CdaC13Ba" = SafeCast Shared Components
"CobBackup9" = Cobian Backup 9
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Dellnet Signup" = Dellnet Signup
"Driver Checker_is1" = Driver Checker v2.7.2
"DVDPlayer" = DVD Player
"Easy TV 2.6" = Easy TV 2.6
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HTML Help Workshop" = HTML Help Workshop
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IntelliPoint" = Microsoft IntelliPoint
"Iomega95" = Iomega Tools for Windows 95
"Java Web Start" = Java Web Start
"JavaScript For Dummies, 4th Edition" = JavaScript For Dummies, 4th Edition
"LanguageNow!" = LanguageNow!
"legacyqcam_10.51" = Logitech Legacy USB Camera Driver Package
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Micro Solutions" = Backpack Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Developer Network - Visual Studio 6.0a" = MSDN Library - Visual Studio 6.0a
"Miro" = Miro
"Modem Diagnostic Utility" = Modem Diagnostic Utility
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape (7.02)" = Netscape (7.02)
"Netscape Communicator 4.7" = Netscape Communicator 4.7
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PrintMaster 7.00" = PrintMaster 7.00
"QuickBooks 99" = QuickBooks 99
"Quicken 6" = Quicken 6
"RealPlayer 6.0" = RealPlayer
"RegCure" = RegCure 1.5.1.3
"Scrabble" = Scrabble
"Security Task Manager" = Security Task Manager 1.7g
"Serif DrawPlus 3.0" = Serif DrawPlus 3.0
"Shockwave" = Shockwave
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"ST6UNST #1" = EasiEST for Windows (32-bit)
"ST6UNST #10" = MATTimekeeping System (C:\cdtest\)
"ST6UNST #11" = MATTimekeeping System (C:\cdtest\) #3
"ST6UNST #12" = MATTimekeeping System (C:\cdtest\) #4
"ST6UNST #13" = MATTimekeeping System (C:\cdtest\) #5
"ST6UNST #14" = MATTimekeeping System (C:\cdtest\) #6
"ST6UNST #15" = MATTimekeeping System (C:\cdtest\) #7
"ST6UNST #16" = MATTimekeeping System (C:\cdtest\) #8
"ST6UNST #17" = MATTimekeeping System (C:\cdtest\) #9
"ST6UNST #18" = MATTimekeeping System (C:\cdtest\) #10
"ST6UNST #19" = MATTimekeeping System (C:\cdtest\) #11
"ST6UNST #2" = MATTimekeeping System
"ST6UNST #20" = MATTimekeeping System (C:\cdtest\) #12
"ST6UNST #21" = MATTimekeeping System (C:\cdtest\) #13
"ST6UNST #22" = MATTimekeeping System (C:\cdtest\) #14
"ST6UNST #23" = EasiEST for Windows (32-bit) (C:\EasiTEST\)
"ST6UNST #24" = EasiEST for Windows (32-bit) (C:\EasiTEST\) #3
"ST6UNST #25" = MATTimekeeping System (C:\MattWin\) #3
"ST6UNST #26" = EasiEST for Windows (32-bit) (C:\EasiTest\) #4
"ST6UNST #27" = EasiEST for Windows (32-bit) (C:\EasiTest\) #5
"ST6UNST #28" = EasiEST for Windows (32-bit) (C:\EasiEST\) #6
"ST6UNST #29" = EasiEST for Windows, Metric Edition
"ST6UNST #3" = EasiEST for Windows (32-bit) (C:\Program Files\EasiEST\)
"ST6UNST #30" = EasiEST for Windows, Metric Edition (C:\EasiEST\)
"ST6UNST #31" = EasiEST for Windows, Metric Edition (C:\EasiEST\) #3
"ST6UNST #32" = EasiEST for Windows, Metric Edition (C:\EasiEST\) #4
"ST6UNST #33" = MATTimekeeping System (Internet Distribution)
"ST6UNST #34" = MATTimekeeping System (C:\MattWin\) #4
"ST6UNST #35" = EasiEST for Windows (32-bit) Metric Edition (C:\MetricEasiEstTest\)
"ST6UNST #36" = EasiEST for Windows (32-bit) Metric Edition (c:\MetricEasiEstTest\) #3
"ST6UNST #37" = EasiEST for Windows (32-bit) Metric Edition (C:\MEasiEST\)
"ST6UNST #38" = EasiEST for Windows (32-bit) (C:\UStestEasiEST\)
"ST6UNST #39" = MATTimekeeping System (C:\TestMattWin\)
"ST6UNST #4" = EasiEST for Windows (32-bit) (C:\EasiEST\)
"ST6UNST #5" = EasiEST for Windows (32-bit) (C:\EasiEST\) #3
"ST6UNST #6" = EasiEST for Windows (32-bit) (C:\EasiEST\) #4
"ST6UNST #7" = MATTimekeeping System (C:\MattWin\)
"ST6UNST #8" = EasiEST for Windows (32-bit) (C:\EasiEST\) #5
"ST6UNST #9" = EasiEST for Windows (32-bit) Metric Edition
"TurboTax 2008" = TurboTax 2008
"TurboTax Deluxe 2005" = TurboTax Deluxe 2005
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"TurboTax Premier 2004" = TurboTax Premier 2004
"TurboTax Premier Home & Business 2002" = TurboTax Premier Home & Business 2002
"TurboTax Premier Home & Business 2003" = TurboTax Premier Home & Business 2003
"Tweak UI 2.10" = Tweak UI
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Visual Basic 6.0 Professional Edition" = Microsoft Visual Basic 6.0 Professional Edition
"Web Weaver 98" = Web Weaver 98
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip Self-Extractor" = WinZip Self-Extractor
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xReminder Pro_is1" = xReminder Pro
"YASA Audio/Data/Video CD Burner v4.3.90" = YASA Audio/Data/Video CD Burner v4.3.90
"YASA VOB to MPEG Converter v3.2 (build 036)" = YASA VOB to MPEG Converter v3.2 (build 036)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-343818398-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/27/2009 10:03:51 AM | Computer Name = 58U0L | Source = Google Update | ID = 20
Description =

Error - 2/27/2009 11:03:53 AM | Computer Name = 58U0L | Source = Google Update | ID = 20
Description =

Error - 2/28/2009 8:00:20 AM | Computer Name = 58U0L | Source = MPSampleSubmission | ID = 5000
Description =

Error - 2/28/2009 8:00:21 AM | Computer Name = 58U0L | Source = EventSystem | ID = 4610
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80040154 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
This may indicate that the COM+ Event System is not properly installed. Please
try reinstalling the COM+ Event Syste

Error - 2/28/2009 8:56:10 PM | Computer Name = 58U0L | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80080005 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 3/1/2009 12:09:52 AM | Computer Name = 58U0L | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80080005 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 3/1/2009 8:00:21 AM | Computer Name = 58U0L | Source = MPSampleSubmission | ID = 5000
Description =

Error - 3/1/2009 8:00:23 AM | Computer Name = 58U0L | Source = EventSystem | ID = 4610
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80040154 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
This may indicate that the COM+ Event System is not properly installed. Please
try reinstalling the COM+ Event Syste

Error - 3/1/2009 3:01:48 PM | Computer Name = 58U0L | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80080005 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 3/1/2009 9:55:44 PM | Computer Name = 58U0L | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80080005 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 3/1/2009 10:45:42 PM | Computer Name = 58U0L | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 3/1/2009 10:48:01 PM | Computer Name = 58U0L | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 3/1/2009 10:50:03 PM | Computer Name = 58U0L | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 3/1/2009 10:52:05 PM | Computer Name = 58U0L | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 3/1/2009 10:54:25 PM | Computer Name = 58U0L | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 3/1/2009 10:54:27 PM | Computer Name = 58U0L | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 3/1/2009 10:56:27 PM | Computer Name = 58U0L | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 3/1/2009 10:58:29 PM | Computer Name = 58U0L | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 3/1/2009 11:00:56 PM | Computer Name = 58U0L | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 3/1/2009 11:02:58 PM | Computer Name = 58U0L | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.


< End of report >

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 AM

Posted 02 March 2009 - 03:57 PM

Hello.

Those logs looks fine. From your previous thread it seem that it was only files in your OUTLOOK.

I would like you to EMPTY ALL your e-mails in your Inbox, Outbox and Sent itmes please. Read any that you may have not yet and delete the ones that are and you do not need them. I suggest you DO NOT open or download and attachments because it may have the Bagle infection. I cannot determine which files they are so I cannot delete the file as that may delete a huge amount of e-mail files including the ones you may need.

This applies to FireFox and your G:\ drive as well.

Let me know what problems you still have?

Remove these outdated versions of Java please.

J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 4
Java™ 6 Update 5
Java™ 6 Update 7
Java 2 Runtime Environment, SE v1.4.0_03


Registry Cleaner(s) Warning
The following is referring to RegCure

Please be aware that Bleeping Computer staff do not recommend the usage of registry cleaners/tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System. This could include making your computer inoperatable.
  • These programs generally only delete "orphaned" or "dead" entries. This merely removes entries that point to files that no longer exist on your computer. Registry entries do not take up a significant amount of hardrive space. The program itself (and its own registry entries) likely occupy relatively more space.
  • The amount of improvement in performance you gain is minimal.
This is done, assuming that the major audience here at this board may be inexperienced users and thus a suggested safeguard from our side.
If you feel that your have sufficient knowledge to use such tools safely, then you are welcome to keep them.

Reboot afterwards

Now run ESET Online scan please.

Run ESET Online Scan
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start. If you see a "Security Warning" that asks if you want to install and run a file called "OnlineScanner.cab", click Yes.
  • Click Start. The online scanner will now prepare itself for running on your pc.
  • To do a full-scan, tick: Remove found threats and Scan potentially unwanted applications.
  • Press Scan. The Onlinescan will now start and scan your computer. Please be patient as this a while.
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window.
  • Click Start, then Run.... The the box that appears type with the quotes:
    "C:\Program Files\EsetOnlineScanner\log.txt"
  • The scan results will now open in Notepad
  • Click into the text area, right-click and chose select all. Right-click again and chose Copy.
  • Post back with the log.txt in your next reply.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

Post back with:
-ESET scan log
-What problems do you still have?
-A new Hijackthis or DDS logs


With Regards,
Extremeboy

Edited by extremeboy, 02 March 2009 - 03:58 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 podo

podo
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 03 March 2009 - 02:35 PM

1. Deleting ALL emails is not feasible. Instead, I deleted about 2000 emails received over the past 4 months that were unwanted or unneeded. Afterwards I deleted the deleted files folder.

2. I deleted all the Java folders that you asked me to delete.

3. Because I have error 800A01AD when running VBScript, I ran the following two commands: regsvr32 wshom.ocx and regsvr32 scrrun.dll Both ran successfully. Then I rebooted my computer.

4. As in the past, the reboot process took a very long time, over 30 minutes. Icons were painted 3 or 4 at a time, followed by a two minute pause. Various start-up processes appeared on screen from time to time. I waited until all 67 icons were 'painted' before double-clicking on Google Chrome to view your message. I then launched AVG Free 8.0 and deactivated the Anti-Virus section. Then I followed your instructions and ran ESET. The log is shown below; evidently it found nothing wrong. I then ran DDS and the logs are provided below.

5. Problems I still have: a. Boot-up takes about an hour. b. Programs launched from screen icons take 2 minutes to start. c. Programs launched from the task bar take 2 minutes to re-start, although programs re-started from Task Manager start immediately. d. Explorer launches in short bursts, with about 2 minutes between bursts. For example, right click on the Start button, wait two minutes, click on Explore, wait two minutes, click on Drive C + sign, wait two minutes, etc. Explorer requires enormous patience!

Here is the ESET log:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3903 (20090303)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=9725712b792a004c9c458f7253d14d68
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-03-03 02:26:21
# local_time=2009-03-03 09:26:21 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=1360266
# found=0
# scan_time=28587

Now the DDS log:


DDS (Ver_09-01-19.01) - NTFSx86
Run by Peter at 13:56:15.80 on Tue 03/03/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.my.att.net
uInternet Settings,ProxyServer = http=localhost:8080
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: PopSmasherNoTlbrObj Class: {0025739a-5875-4e33-8056-c03babe37f9c} - c:\program files\at&t worldnet service\toolbar\programs\PS.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: IeCaptureBho Object: {7c1ce531-09e9-4fc5-9803-1c2956615786} - c:\program files\google\google desktop search\GoogleDesktopIE.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: AT&&T Worldnet Service Toolbar: {02871142-4517-4931-8809-f89a01d2650b} - c:\program files\at&t worldnet service\toolbar\programs\PS.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
EB: Qpass: {21abba70-ff18-11d2-ad68-00105ace6321} - c:\windows\system32\SHDOCVW.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Google Update] "c:\documents and settings\peter\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [LaCie Backup] v:\program files\lacie\backup software\\LaCieBackup.exe /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [xReminder Pro] "c:\program files\xreminder pro\xRemind.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "v:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [BTSETBOOTKEY] BTSetBootKey.exe
mRun: [BTUSRBDG] BtUsrBdg.exe
mRun: [iTunesHelper] "v:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [RoxioDragToDisc] "v:\program files\roxio\easy media creator 7\drag to disc\DrgToDsc.exe"
mRun: [SM1BG] c:\windows\SM1BG.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [Printing Migration] rundll32.exe c:\windows\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters
IE: {0264505A-6793-44E0-AC75-9DCE3B13185C} - c:\program files\at&t\wnclient\programs\AnyWho.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {21abba70-ff18-11d2-ad68-00105ace6321} - {21abba70-ff18-11d2-ad68-00105ace6321} - c:\windows\system32\SHDOCVW.DLL
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\system\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
DPF: {24D2B385-F921-11D2-AD67-00105ACE6321} - hxxps://member.qpass.com/wallet/QpassWallet.cab
DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
DPF: {32564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8ax.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37913.7418171296
DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} - hxxp://windowsupdate.microsoft.com/R423/V31Controls/x86/w98/en/actsetup.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\SmartDownload - {D3B7D8E1-92DB-11d2-8551-0060083CFB9C} - c:\windows\system32\SDPH20.DLL
Name-Space Handler: http\SmartDownload - {D3B7D8E1-92DB-11d2-8551-0060083CFB9C} - c:\windows\system32\SDPH20.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-03-03 01:23 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-03-01 19:44 345 a------- c:\windows\gmer.ini
2009-02-28 15:30 <DIR> --d----- c:\program files\xReminder Pro
2009-02-24 11:47 <DIR> --d----- C:\website
2009-02-18 10:00 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-05 05:10 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-04 16:17 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-04 16:17 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-04 16:17 <DIR> --d----- c:\docume~1\peter\applic~1\AVGTOOLBAR
2009-02-04 16:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8

==================== Find3M ====================

2009-01-30 19:51 3,650 a------- c:\windows\system32\tmp.reg
2009-01-30 16:28 25,992 a------- c:\windows\system32\pgdfgsvc.exe
2009-01-29 15:34 1,636 a------- c:\windows\system32\d3d9caps.dat
2009-01-28 19:28 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-01-20 15:23 303,360 -------- c:\windows\system32\drivers\ati2mpad.sys
2009-01-20 15:21 334,720 -------- c:\windows\system32\dllcache\ds1wdm.sys
2009-01-16 21:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2009-01-14 16:11 38,496 -------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 -------- c:\windows\system32\drivers\mbam.sys
2008-12-19 04:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 04:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 00:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 00:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-12-12 11:18 87,336 -------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 -------- c:\windows\system32\dnssd.dll
2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-12-03 17:40 81,408 -------- c:\windows\system32\devcon_x64.exe
2008-10-21 21:34 61,224 -------- c:\documents and settings\peter\GoToAssistDownloadHelper.exe
2004-06-18 10:05 45,056 -------- c:\windows\inf\Slntinst.exe
2003-08-27 14:19 36,963 -------- c:\program files\common files\SM1updtr.dll
2003-08-22 10:09 45,056 -------- c:\windows\inf\slntinst_staticW2k.exe
2003-06-21 03:09 1,434 -------- c:\program files\INSTALL.LOG
2003-06-17 17:04 704,544 ----hr-- c:\documents and settings\peter\USER.DAT
2000-01-07 11:53 696,320 -------- c:\program files\common files\XCMHook.dll
2000-01-06 15:57 24,576 -------- c:\program files\common files\XCPCMenu.exe
1999-09-13 16:25 266 ---sh--- c:\program files\desktop.ini
1999-09-13 16:25 11,079 ----h--- c:\program files\folder.htt
2008-09-18 11:42 32,768 ---sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091820080919\index.dat

============= FINISH: 14:00:09.61 ===============

And, finally, the Attach.txt:


==== Installed Programs ======================


3Com Modem Manager
3Com/US Robotics user guide
802.11b+g USB Wireless LAN Adapter
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Image Viewer Plugin 4.0
Adobe Reader 8.1.3
Adobe Reader Japanese Fonts
Adobe Shockwave Player
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apache HTTP Server 2.2.4
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
AT&T WorldNet Service
AT&T Worldnet Service Toolbar
AT&T WorldNet Setup
ATI mach64 Display Driver
AVG Free 8.0
Backpack Driver
Bonjour
Bookshelf 2000
CD LabelMaker
Cobian Backup 9
Cypress USB Mass Storage Driver Installation
Dellnet Signup
Driver Checker v2.7.2
DVD Player
EasiEST for Windows (32-bit)
EasiEST for Windows (32-bit) (C:\EasiEST\)
EasiEST for Windows (32-bit) (C:\EasiEST\) #3
EasiEST for Windows (32-bit) (C:\EasiEST\) #4
EasiEST for Windows (32-bit) (C:\EasiEST\) #5
EasiEST for Windows (32-bit) (C:\EasiEST\) #6
EasiEST for Windows (32-bit) (C:\EasiTEST\)
EasiEST for Windows (32-bit) (C:\EasiTEST\) #3
EasiEST for Windows (32-bit) (C:\EasiTest\) #4
EasiEST for Windows (32-bit) (C:\EasiTest\) #5
EasiEST for Windows (32-bit) (C:\Program Files\EasiEST\)
EasiEST for Windows (32-bit) (C:\UStestEasiEST\)
EasiEST for Windows (32-bit) Metric Edition
EasiEST for Windows (32-bit) Metric Edition (C:\MEasiEST\)
EasiEST for Windows (32-bit) Metric Edition (C:\MetricEasiEstTest\)
EasiEST for Windows (32-bit) Metric Edition (c:\MetricEasiEstTest\) #3
EasiEST for Windows, Metric Edition
EasiEST for Windows, Metric Edition (C:\EasiEST\)
EasiEST for Windows, Metric Edition (C:\EasiEST\) #3
EasiEST for Windows, Metric Edition (C:\EasiEST\) #4
Easy TV 2.6
EPSON Copy Utility 3
EPSON Printer Software
EPSON Scan
ESET Online Scanner
Garmin Communicator Plugin
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HTML Help Workshop
InterVideo WinDVD Creator 2
Iomega Tools for Windows 95
iTunes
J-Perk
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Japanese Fonts Support For Adobe Reader 8
Java 2 Runtime Environment, SE v1.4.0_03
Java Web Start
Java™ 6 Update 11
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 4
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
JavaScript For Dummies, 4th Edition
LaCie Backup Software v1.5.2215
LanguageNow!
Logitech Audio Echo Cancellation Component
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Video Enumerator
Malwarebytes' Anti-Malware
MATTimekeeping System
MATTimekeeping System (C:\cdtest\)
MATTimekeeping System (C:\cdtest\) #10
MATTimekeeping System (C:\cdtest\) #11
MATTimekeeping System (C:\cdtest\) #12
MATTimekeeping System (C:\cdtest\) #13
MATTimekeeping System (C:\cdtest\) #14
MATTimekeeping System (C:\cdtest\) #3
MATTimekeeping System (C:\cdtest\) #4
MATTimekeeping System (C:\cdtest\) #5
MATTimekeeping System (C:\cdtest\) #6
MATTimekeeping System (C:\cdtest\) #7
MATTimekeeping System (C:\cdtest\) #8
MATTimekeeping System (C:\cdtest\) #9
MATTimekeeping System (C:\MattWin\)
MATTimekeeping System (C:\MattWin\) #3
MATTimekeeping System (C:\MattWin\) #4
MATTimekeeping System (C:\TestMattWin\)
MATTimekeeping System (Internet Distribution)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft IntelliPoint
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Small Business
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 6.0 Professional Edition
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Miro
MobileMe Control Panel
Modem Diagnostic Utility
Mozilla Firefox (3.0.1)
MSDN Library - Visual Studio 6.0a
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MVision
MySQL Server 5.0
Napster
Netscape (7.02)
Netscape Communicator 4.7
Nikon Message Center
OpenOffice.org 2.4
PCShowBuzz
PhotoImpression 5
Plextor ConvertX AV100U A/V Capture Device Driver
PrintMaster 7.00
QuickBooks 99
Quicken 2007
Quicken 6
QuickTime
RealPlayer
RegCure 1.5.1.3
Roxio Easy Media Creator 7
Safari
SafeCast Shared Components
ScanToWeb
Scrabble
Security Task Manager 1.7g
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Serif DrawPlus 3.0
Shockwave
Skype™ 3.6
SUPERAntiSpyware Free Edition
Topo USA 4.0
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wmaiper
TurboTax 2008 wrapper
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
TurboTax Premier 2004
TurboTax Premier Home & Business 2002
TurboTax Premier Home & Business 2003
Tweak UI
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Storage Adapter FX (SM1)
Viewpoint Media Player (Remove Only)
Web Weaver 2005
Web Weaver 98
WebFldrs XP
WexTech AnswerWorks
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip 11.2
WinZip Self-Extractor
xReminder Pro
XTNDConnect Blue Manager 3.3
YASA Audio/Data/Video CD Burner v4.3.90
YASA VOB to MPEG Converter v3.2 (build 036)

==== End Of File ===========================

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 AM

Posted 03 March 2009 - 04:30 PM

Hello.

I understand that you can't delete all e-mails but refrain from downloading files that are from unknown users as they may contain infections.

Let's run Combofix. Bagle is not a pleasant infection to have if it's indeed active.

Download and Run ComboFix

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image

Posted Image

Refer to the page below for further instructions on running ComboFix. This includes installing the Recovery Console. Note that you do not need your Windows XP disk to install it.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Double click on Combo-Fix.exe & follow the prompts.

When finished, it will produce a open a report for you. Post back with it. It is at C:\ComboFix.txt.

Do not mouseclick the ComboFix window while it's running. That may cause it to stall.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 podo

podo
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 03 March 2009 - 06:21 PM

OK, Combo-Fix was run successfully. Here's the log:

ComboFix 09-03-02.03 - Peter 2009-03-03 17:35:08.1 - NTFSx86
Running from: c:\documents and settings\Peter\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\windows\start.exe
c:\windows\system32\tmp.reg
c:\windows\Web\default.htt
c:\windows\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2009-02-03 to 2009-03-03 )))))))))))))))))))))))))))))))
.

2067-08-26 14:43 . 2067-08-27 15:16 93,696 --------- c:\windows\SYSTEM32\CSLSP.DLL
2009-03-03 01:23 . 2009-03-03 09:26 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-02-28 15:30 . 2009-02-28 15:30 <DIR> d-------- c:\program files\xReminder Pro
2009-02-18 10:00 . 2009-02-18 10:00 10,520 --a------ c:\windows\SYSTEM32\avgrsstx.dll
2009-02-04 16:17 . 2009-03-03 17:54 <DIR> d-------- c:\windows\SYSTEM32\DRIVERS\Avg
2009-02-04 16:17 . 2009-02-04 16:48 <DIR> d-------- c:\documents and settings\Peter\Application Data\AVGTOOLBAR
2009-02-04 16:17 . 2009-02-18 10:00 325,128 --a------ c:\windows\SYSTEM32\DRIVERS\avgldx86.sys
2009-02-04 16:16 . 2009-02-18 02:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 22:25 --------- d-----w c:\documents and settings\Peter\Application Data\Skype
2009-03-03 20:32 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-03 04:40 --------- d-----w c:\program files\Java
2009-03-02 09:14 --------- d-----w c:\program files\Microsoft Silverlight
2009-01-31 00:51 --------- d-----w c:\program files\Google
2009-01-30 21:04 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-01-29 02:41 --------- d-----w c:\program files\Common Files\AnswerWorks 5.0
2009-01-27 18:09 --------- d-----w c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-01-27 17:24 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-27 17:24 --------- d-----w c:\documents and settings\Peter\Application Data\SUPERAntiSpyware.com
2009-01-27 17:24 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-27 00:55 --------- d-----w c:\program files\STOPzilla!
2009-01-27 00:55 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2009-01-26 01:00 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-23 23:23 --------- d-----w c:\documents and settings\Peter\Application Data\Malwarebytes
2009-01-23 23:22 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-23 23:22 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-22 18:58 --------- d-----w c:\program files\Cobian Backup 9
2009-01-20 20:23 303,360 ------w c:\windows\system32\drivers\ati2mpad.sys
2009-01-20 20:21 --------- d-----w c:\program files\Driver Checker
2009-01-14 21:11 38,496 ------w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 21:11 15,504 ------w c:\windows\system32\drivers\mbam.sys
2009-01-14 02:16 --------- d-----w c:\documents and settings\All Users\Application Data\SecTaskMan
2009-01-13 18:25 --------- d-----w c:\documents and settings\LocalService\Application Data\TeamViewer
2009-01-13 18:24 --------- d-----w c:\program files\Security Task Manager
2009-01-13 18:24 --------- d-----w c:\program files\RegCure
2009-01-12 21:45 --------- d-----w c:\documents and settings\Peter\Application Data\TeamViewer
2009-01-09 00:52 --------- d-----w c:\program files\AVG
2009-01-07 22:23 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-01-07 22:22 --------- d-----w c:\documents and settings\Peter\Application Data\McAfee
2009-01-07 02:18 --------- d-----w c:\program files\Common Files\AnswerWorks 5.0.old
2008-10-22 02:34 61,224 ------w c:\documents and settings\Peter\GoToAssistDownloadHelper.exe
2003-08-27 19:19 36,963 ------w c:\program files\Common Files\SM1updtr.dll
2003-06-17 22:04 704,544 ---h--r c:\documents and settings\Peter\USER.DAT
2000-01-07 16:53 696,320 ------w c:\program files\Common Files\XCMHook.dll
2000-01-06 20:57 24,576 ------w c:\program files\Common Files\XCPCMenu.exe
1999-09-13 21:25 266 --sh--w c:\program files\desktop.ini
1999-09-13 21:25 11,079 ---h--w c:\program files\folder.htt
2008-09-17 21:56 122,880 ------w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-09-18 16:42 32,768 --sh--w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008091820080919\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
"Google Update"="c:\documents and settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-27 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]
"LaCie Backup"="v:\program files\LaCie\Backup Software\\LaCieBackup.exe" [2006-01-24 2633728]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-12 21898024]
"xReminder Pro"="c:\program files\xReminder Pro\xRemind.exe" [2008-01-16 1040457]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-17 29744]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-23 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Adobe Reader Speed Launcher"="v:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="v:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"RoxioDragToDisc"="v:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-11-17 1691648]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-18 1601304]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\SYSTEM32\bthprops.cpl]
"BTSETBOOTKEY"="BTSetBootKey.exe" [2003-04-15 c:\windows\SYSTEM32\BTSetBootKey.exe]
"BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 c:\windows\SYSTEM32\BtUsrBdg.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Printing Migration"="c:\windows\system32\spool\migrate.dll" [2004-08-04 30208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE [2004-11-06 127488]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
WinZip Quick Pick.lnk - v:\program files\WinZip\WZQKPICK.EXE [2008-09-23 415072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-18 10:00 10520 c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0000 - C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0000 -
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0000 -
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0000 -
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0000 -
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0006 - C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0006 -
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0006 -
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0006 -
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0006 -
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0007 - C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0007 -
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0007 -
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0007 -
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0007 -

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0000 -]
--------- 1999-04-23 22:22 93890 c:\windows\COMMAND.COM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0006 -]
--------- 1999-04-23 22:22 93890 c:\windows\COMMAND.COM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0007 -]
--------- 1999-04-23 22:22 93890 c:\windows\COMMAND.COM

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Disknag"=c:\dell\DISKNAG.EXE
"TCASUTIEXE"=TCAUDIAG.exe -off
"AtiCwd32"=Aticwd32.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"VsEcomrEXE"=c:\program files\Network Associates\McAfee VirusScan\vsecomr.exe
"ICSMGR"=ICSMGR.EXE
"mdac_runonce"=c:\windows\SYSTEM32\RUNONCE.EXE
"MCAgentExe"=c:\program files\McAfee.com\Agent\mcagent.exe
"MCUpdateExe"=c:\progra~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
"VirusScanMSC"="c:\program files\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE" /EMBEDDING
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\System32\\FXSCLNT.exe"=
"c:\\WINDOWS\\System32\\mmc.exe"=
"c:\\Program Files\\Ws_ftp\\WS_FTP95.exe"=
"v:\\Program Files\\Participatory Culture Foundation\\Democracy Player\\Democracy_Downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"v:\\Program Files\\Easy TV Trial\\Easy TV.exe"=
"c:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"=
"c:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"=
"v:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 bppccard;BACKPACK PC Card;c:\windows\system32\DRIVERS\bppccard.sys [2003-09-29 5493]
R3 bppnpdrv;BACKPACK Driver;c:\windows\system32\DRIVERS\bppnpdrv.sys [2003-09-29 19670]
R3 bpusbdrv;BACKPACK USB 1 Cable;c:\windows\system32\DRIVERS\bpusbdrv.sys [2003-09-29 111180]
R3 CSRBC01;%CSRBC01.SvcDesc%;c:\windows\system32\Drivers\csrbc01.sys [2005-06-28 24859]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; [x]
R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-17 29744]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
R3 vs3com;3Com Serial Port Driver; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-02-18 325128]
S1 bpfinder;BACKPACK Finder;c:\windows\system32\DRIVERS\bpfinder.sys [2003-09-29 62359]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-01-15 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-18 298264]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
S2 MySQL50;MySQL50; [x]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 bpflt;BACKPACK Filter;c:\windows\system32\DRIVERS\bpflt.sys [2003-09-29 4538]
S3 bpusbflt;BACKPACK USB Filter;c:\windows\system32\DRIVERS\bpusbflt.sys [2004-06-23 10653]
S3 BTCOMM;BTCOMM;c:\windows\system32\drivers\Btcomm.sys [2004-09-28 57512]
S3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\system32\DRIVERS\btkrnbdg.sys [2003-03-18 15876]
S3 cinemclc;CineMaster C 3.0 WDM Main Driver;c:\windows\system32\drivers\cinemclc.sys [2001-08-17 272640]
S3 vad_multi;Windigo Virtual Audio Device (WDM);c:\windows\system32\drivers\vadmulti.sys [2005-06-30 17792]
S3 vdmindvd;Cinemaster C WDM DVD Driver;c:\windows\system32\drivers\vdmindvd.sys [2004-08-04 58112]
S3 WLAN(WLAN);802.11b+g USB Wireless LAN Adapter Driver(WLAN);c:\windows\system32\DRIVERS\zd1211u.sys [2004-08-06 237056]


--- Other Services/Drivers In Memory ---

*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - Apache2
*Deregistered* - Apple Mobile Device
*Deregistered* - AudioSrv
*Deregistered* - avg8wd
*Deregistered* - AvgLdx86
*Deregistered* - AvgMfx86
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - bpfinder
*Deregistered* - Browser
*Deregistered* - BTCOMM
*Deregistered* - BthServ
*Deregistered* - BTKRNBDG
*Deregistered* - C-DillaCdaC11BA
*Deregistered* - CdaC15BA
*Deregistered* - Cdfs
*Deregistered* - cdudf_xp
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - dvd_2K
*Deregistered* - DVDVRRdr_xp
*Deregistered* - EPSONStatusAgent2
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - gusvc
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - IntuitUpdateService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - LVCOMSer
*Deregistered* - LVPr2Mon
*Deregistered* - LVPrcSrv
*Deregistered* - LVSrvLauncher
*Deregistered* - LVUSBSta
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - MySQL50
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - Pcouffin
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RDPWD
*Deregistered* - RemoteRegistry
*Deregistered* - ROOTMODEM
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SASDIFSV
*Deregistered* - SASKUTIL
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TDTCP
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - UDFReadr
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - WinDefend
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>IEPerUser]
RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA851-CC51-11CF-AAFA-00AA00B6015C}]
rundll32.exeadvpack.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
c:\windows\SYSTEM32\updcrl.exe -e -u c:\windows\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder

2009-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-764733703-839522115-1003.job
- c:\documents and settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-27 14:15]

2003-06-11 c:\windows\Tasks\Maintenance-Disk cleanup.job
- c:\windows\CLEANMGR.EXE []

2009-01-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2008-04-13 19:12]

2009-03-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe []

2009-03-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-03-03 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 13:55]

2009-03-01 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 13:55]

2005-06-14 c:\windows\Tasks\XoftSpy.job
- c:\program files\XoftSpy\XoftSpy.exe []
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
ShellIconOverlayIdentifiers-{7D688A77-C613-11D0-999B-00C04FD655E1} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.my.att.net
uInternet Settings,ProxyServer = http=localhost:8080
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: {{0264505A-6793-44E0-AC75-9DCE3B13185C} - c:\program files\AT&T\WnClient\Programs\AnyWho.exe
IE: {{21abba70-ff18-11d2-ad68-00105ace6321} - {21abba70-ff18-11d2-ad68-00105ace6321} - c:\windows\SYSTEM32\SHDOCVW.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
Name-Space Handler: ftp\SmartDownload - {D3B7D8E1-92DB-11d2-8551-0060083CFB9C} - c:\windows\SYSTEM32\SDPH20.DLL
Name-Space Handler: http\SmartDownload - {D3B7D8E1-92DB-11d2-8551-0060083CFB9C} - c:\windows\SYSTEM32\SDPH20.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {24D2B385-F921-11D2-AD67-00105ACE6321} - hxxps://member.qpass.com/wallet/QpassWallet.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 17:55:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySQL50]
"ImagePath"="\"v:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"v:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL50"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\$$$\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(6988)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
v:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\DRIVERS\CDAC11BA.EXE
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
v:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\program files\AVG\AVG8\avgrsx.exe
v:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\windows\SYSTEM32\imapi.exe
c:\windows\SYSTEM32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-03-03 18:06:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-03 23:06:08

Pre-Run: 98,987,594,752 bytes free
Post-Run: 99,060,986,368 bytes free

430 --- E O F --- 2009-03-02 22:26:21

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 AM

Posted 03 March 2009 - 06:43 PM

Hello.

There are a few "dead" drivers we can remove. So, how is your computer running after Combofix?

Any better, or the computer is still the same as before..?

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users