Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde.sdn, Refpron, and Win32.Delf.rtk


  • This topic is locked This topic is locked
31 replies to this topic

#1 bradmclean

bradmclean

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 15 July 2009 - 09:46 PM

A little over a week ago, something started opening IE windows. Then my Spybot resident app popped up to show me it had stopped "Sopidkc.exe". I clicked OK and it popped up again. It kept coming up over and over until I used task manager to kill "Sopidkc.exe". I have used AdAware and Spybot S&D numerous times. Sometimes they find and clean something, and other times they find nothing. I have run them clean 3 or 4 times in a row along with Symantec anti-virus, which sometimes finds a virus. The last one it found was in a file named "9ac8d4d4.sys". Once I reboot, it all starts over. Actually, Symantec AV stopped working except under safe-mode in Windows. After I did a whole bunch of deleting sopidkc from the registry and killing the following processes in task manager: "wiawow32" and "wiwow64". In fact, after killing these 3 processes, my computer seems to be fine, but I'm afraid to do much of anything. Obviously, I need help.
By the way, when I first checked Task Manager processes, there were processes called a, b, c, d and comsa32.sys, and one that I wrote down, but can't find now, that seemed to be a bunch of random letters and numbers. Here is the DDS.txt log:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Brad at 19:23:38.08 on Wed 07/15/2009
Internet Explorer: 7.0.5730.11

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uWindow Title = Microsoft Internet Explorer provided by Comcast
mWindow Title = Microsoft Internet Explorer provided by Comcast
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [g7ccmon.exe] "c:\program files\versajette m400\g7ccmon.exe"
mRun: [FaxCenterServer] "c:\program files\versajette fax solutions\fm3032.exe" /s
mRun: [UltraSaver] "c:\program files\g7ps\4x ultrasaver\UltraSaver.exe" /hide
mRun: [CDE Software MBDII Server] "c:\program files\mbdii\MBDIIServer.EXE"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: multnomah.or.us\robin.co
Trusted Zone: whataboutadog.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/OneClickFix/tgctlsr.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst0309.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\docume~1\brad\locals~1\temp\ixp000.tmp\InstallerControl.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - hxxps://robin.co.multnomah.or.us/vdesk/terminal/urTermProxy.cab#version=6020,2007,1001,2136
DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} - hxxps://robin.co.multnomah.or.us/vdesk/terminal/msrdp.cab#version=5,2,3790,0
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37318.3552430556
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_3_1_02-win.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://robin.co.multnomah.or.us/vdesk/terminal/urxhost.cab#version=6020,2007,1001,2140
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://chat.msn.com/bin/msnchat45.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - c:\program files\common files\g7ps\shared files\g7psdll\G7PS.dll
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: ,c:\docume~1\brad\locals~1\temp\89339944420mxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-07-14 19:59 <DIR> --d----- c:\program files\Cobian Backup 9
2009-07-13 23:31 <DIR> --d----- c:\program files\Seagate
2009-07-13 23:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Seagate
2009-07-13 23:30 <DIR> --dsh--- c:\windows\ftpcache
2009-07-13 06:36 13,588 -------- c:\windows\system32\wpa.bak
2009-07-13 06:33 7 -------- c:\windows\system32\comsa32.sys
2009-07-13 06:33 13,646 a------- c:\windows\system32\wpa.dbl
2009-07-12 16:01 <DIR> --d----- c:\docume~1\brad\applic~1\Uniblue
2009-07-09 03:31 15,688 -------- c:\windows\system32\lsdelete.exe
2009-07-08 05:32 64,160 -------- c:\windows\system32\drivers\Lbd.sys
2009-07-08 05:13 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-08 05:13 <DIR> --d----- c:\program files\Lavasoft

==================== Find3M ====================

2009-05-31 08:53 1,632 -------- c:\windows\system32\d3d8caps.dat
2009-05-28 05:34 1,744 -------- c:\windows\system32\d3d9caps.dat
2009-05-07 08:32 345,600 -------- c:\windows\system32\localspl.dll
2009-04-28 21:56 827,392 -------- c:\windows\system32\wininet.dll
2009-04-28 21:55 78,336 -------- c:\windows\system32\ieencode.dll
2009-04-17 05:26 1,847,168 -------- c:\windows\system32\win32k.sys
2001-07-26 16:58 47 -c------ c:\program files\ACMonitor_X73.ini
2001-07-05 12:46 8,116 -c------ c:\program files\OSLO3071b2.USB
2001-05-11 11:39 53,248 -------- c:\program files\ACMonitor_X73.exe
2001-05-08 16:36 114,688 -------- c:\program files\lxarscan.dll
2001-04-23 14:22 1,437 -c------ c:\program files\gtx73.ini
2001-02-22 09:54 768 -c------ c:\program files\x73_lut.dat
2008-04-13 17:11 617,472 ---sh--- c:\windows\system32\comctl32.dll
2008-08-05 05:02 88 ---shr-- c:\windows\system32\DDD65CC802.sys
2008-08-05 05:02 1,890 ---sh--- c:\windows\system32\KGyGaAvL.sys
2008-04-13 17:11 1,028,096 ---sh--- c:\windows\system32\mfc42.dll
1998-06-17 19:08 53,248 ---sh--- c:\windows\system32\MFC42ENU.DLL
2001-08-23 05:00 253,952 ---sh--- c:\windows\system32\msvcrt20.dll
1998-05-18 03:06 368,912 ---sh--- c:\windows\system32\VBAR332.DLL
2009-02-22 10:31 32,768 -c-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009022220090223\index.dat

============= FINISH: 19:25:41.51 ===============


The attach.txt file is attached. Thank you in advance for your help.

Attached Files



BC AdBot (Login to Remove)

 


#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 26 July 2009 - 04:30 AM

Hello and :thumbup2: to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.

-----------------------------------------------------------

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:)

#3 bradmclean

bradmclean
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 26 July 2009 - 05:13 PM

Thank you for getting back to me. Yes, I am still having the same problems. I turned on my computer, used Task Manager to kill sopidkc.exe. Spybot S&D found and killed it 3 times as well. I then re-ran dds.scr as requested. Here is the dds.txt file. The attach.txt file is attached. Thank you.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Brad at 14:55:39.03 on Sun 07/26/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.175 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\VersaJette M400\g7ccmon.exe
C:\Program Files\G7PS\4X UltraSaver\UltraSaver.exe
C:\Program Files\MBDII\MBDIIServer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\g7cccoms.exe
C:\WINDOWS\system32\wiwow64.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\wiawow32.sys
C:\Documents and Settings\Brad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uWindow Title = Microsoft Internet Explorer provided by Comcast
mWindow Title = Microsoft Internet Explorer provided by Comcast
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [g7ccmon.exe] "c:\program files\versajette m400\g7ccmon.exe"
mRun: [FaxCenterServer] "c:\program files\versajette fax solutions\fm3032.exe" /s
mRun: [UltraSaver] "c:\program files\g7ps\4x ultrasaver\UltraSaver.exe" /hide
mRun: [CDE Software MBDII Server] "c:\program files\mbdii\MBDIIServer.EXE"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRunOnce: [Spybot - Search & Destroy] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\documents and settings\brad\start menu\programs\startup\IM2 Messenger.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\program files\apache software foundation\apache2.2\bin\ApacheMonitor.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\QuickBooks Update Agent.lnk.disabled
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: multnomah.or.us\robin.co
Trusted Zone: whataboutadog.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/OneClickFix/tgctlsr.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst0309.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\docume~1\brad\locals~1\temp\ixp000.tmp\InstallerControl.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - hxxps://robin.co.multnomah.or.us/vdesk/terminal/urTermProxy.cab#version=6020,2007,1001,2136
DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} - hxxps://robin.co.multnomah.or.us/vdesk/terminal/msrdp.cab#version=5,2,3790,0
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37318.3552430556
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_3_1_02-win.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://robin.co.multnomah.or.us/vdesk/terminal/urxhost.cab#version=6020,2007,1001,2140
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://chat.msn.com/bin/msnchat45.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - c:\program files\common files\g7ps\shared files\g7psdll\G7PS.dll
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: ,c:\docume~1\brad\locals~1\temp\89339944420mxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-8 64160]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2002-3-3 36404]
R2 msncache;msncache;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2006-6-28 28952920]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 g7cc_device;g7cc_device;c:\windows\system32\g7cccoms.exe -service --> c:\windows\system32\g7cccoms.exe -service [?]
S1 9ac8d4d4;9ac8d4d4;c:\windows\system32\drivers\9ac8d4d4.sys --> c:\windows\system32\drivers\9ac8d4d4.sys [?]
S2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe --> c:\windows\system32\sopidkc.exe [?]
S3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090710.003\NAVENG.sys [2009-7-10 89104]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090710.003\NAVEX15.sys [2009-7-10 876144]

=============== Created Last 30 ================

2009-07-14 19:59 <DIR> --d----- c:\program files\Cobian Backup 9
2009-07-13 23:31 <DIR> --d----- c:\program files\Seagate
2009-07-13 23:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Seagate
2009-07-13 23:30 <DIR> --dsh--- c:\windows\ftpcache
2009-07-13 06:36 13,588 -------- c:\windows\system32\wpa.bak
2009-07-13 06:33 7 -------- c:\windows\system32\comsa32.sys
2009-07-13 06:33 13,646 a------- c:\windows\system32\wpa.dbl
2009-07-12 16:01 <DIR> --d----- c:\docume~1\brad\applic~1\Uniblue
2009-07-09 03:31 15,688 -------- c:\windows\system32\lsdelete.exe
2009-07-08 05:32 64,160 -------- c:\windows\system32\drivers\Lbd.sys
2009-07-08 05:13 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-08 05:13 <DIR> --d----- c:\program files\Lavasoft

==================== Find3M ====================

2009-05-31 08:53 1,632 -------- c:\windows\system32\d3d8caps.dat
2009-05-28 05:34 1,744 -------- c:\windows\system32\d3d9caps.dat
2009-05-07 08:32 345,600 -------- c:\windows\system32\localspl.dll
2009-04-28 21:56 827,392 -------- c:\windows\system32\wininet.dll
2009-04-28 21:55 78,336 -------- c:\windows\system32\ieencode.dll
2001-07-26 16:58 47 -c------ c:\program files\ACMonitor_X73.ini
2001-07-05 12:46 8,116 -c------ c:\program files\OSLO3071b2.USB
2001-05-11 11:39 53,248 -------- c:\program files\ACMonitor_X73.exe
2001-05-08 16:36 114,688 -------- c:\program files\lxarscan.dll
2001-04-23 14:22 1,437 -c------ c:\program files\gtx73.ini
2001-02-22 09:54 768 -c------ c:\program files\x73_lut.dat
2008-04-13 17:11 617,472 ---sh--- c:\windows\system32\comctl32.dll
2008-08-05 05:02 88 ---shr-- c:\windows\system32\DDD65CC802.sys
2008-08-05 05:02 1,890 ---sh--- c:\windows\system32\KGyGaAvL.sys
2008-04-13 17:11 1,028,096 ---sh--- c:\windows\system32\mfc42.dll
1998-06-17 19:08 53,248 ---sh--- c:\windows\system32\MFC42ENU.DLL
2001-08-23 05:00 253,952 ---sh--- c:\windows\system32\msvcrt20.dll
1998-05-18 03:06 368,912 ---sh--- c:\windows\system32\VBAR332.DLL
2009-02-22 10:31 32,768 -c-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009022220090223\index.dat

============= FINISH: 14:57:24.29 ===============


Thank you for getting back to me. Yes, I am still having the same problems. I turned on my computer, used Task Manager to kill sopidkc.exe. Spybot S&D found and killed it 3 times as well. I then re-ran dds.scr as requested. Here is the dds.txt file. The attach.txt file is attached. Thank you.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Brad at 14:55:39.03 on Sun 07/26/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.175 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\VersaJette M400\g7ccmon.exe
C:\Program Files\G7PS\4X UltraSaver\UltraSaver.exe
C:\Program Files\MBDII\MBDIIServer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\g7cccoms.exe
C:\WINDOWS\system32\wiwow64.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\wiawow32.sys
C:\Documents and Settings\Brad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uWindow Title = Microsoft Internet Explorer provided by Comcast
mWindow Title = Microsoft Internet Explorer provided by Comcast
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [g7ccmon.exe] "c:\program files\versajette m400\g7ccmon.exe"
mRun: [FaxCenterServer] "c:\program files\versajette fax solutions\fm3032.exe" /s
mRun: [UltraSaver] "c:\program files\g7ps\4x ultrasaver\UltraSaver.exe" /hide
mRun: [CDE Software MBDII Server] "c:\program files\mbdii\MBDIIServer.EXE"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRunOnce: [Spybot - Search & Destroy] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\documents and settings\brad\start menu\programs\startup\IM2 Messenger.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\program files\apache software foundation\apache2.2\bin\ApacheMonitor.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\QuickBooks Update Agent.lnk.disabled
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: multnomah.or.us\robin.co
Trusted Zone: whataboutadog.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/OneClickFix/tgctlsr.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst0309.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\docume~1\brad\locals~1\temp\ixp000.tmp\InstallerControl.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - hxxps://robin.co.multnomah.or.us/vdesk/terminal/urTermProxy.cab#version=6020,2007,1001,2136
DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} - hxxps://robin.co.multnomah.or.us/vdesk/terminal/msrdp.cab#version=5,2,3790,0
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37318.3552430556
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_3_1_02-win.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://robin.co.multnomah.or.us/vdesk/terminal/urxhost.cab#version=6020,2007,1001,2140
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://chat.msn.com/bin/msnchat45.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - c:\program files\common files\g7ps\shared files\g7psdll\G7PS.dll
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: ,c:\docume~1\brad\locals~1\temp\89339944420mxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-8 64160]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2002-3-3 36404]
R2 msncache;msncache;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2006-6-28 28952920]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 g7cc_device;g7cc_device;c:\windows\system32\g7cccoms.exe -service --> c:\windows\system32\g7cccoms.exe -service [?]
S1 9ac8d4d4;9ac8d4d4;c:\windows\system32\drivers\9ac8d4d4.sys --> c:\windows\system32\drivers\9ac8d4d4.sys [?]
S2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe --> c:\windows\system32\sopidkc.exe [?]
S3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090710.003\NAVENG.sys [2009-7-10 89104]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090710.003\NAVEX15.sys [2009-7-10 876144]

=============== Created Last 30 ================

2009-07-14 19:59 <DIR> --d----- c:\program files\Cobian Backup 9
2009-07-13 23:31 <DIR> --d----- c:\program files\Seagate
2009-07-13 23:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Seagate
2009-07-13 23:30 <DIR> --dsh--- c:\windows\ftpcache
2009-07-13 06:36 13,588 -------- c:\windows\system32\wpa.bak
2009-07-13 06:33 7 -------- c:\windows\system32\comsa32.sys
2009-07-13 06:33 13,646 a------- c:\windows\system32\wpa.dbl
2009-07-12 16:01 <DIR> --d----- c:\docume~1\brad\applic~1\Uniblue
2009-07-09 03:31 15,688 -------- c:\windows\system32\lsdelete.exe
2009-07-08 05:32 64,160 -------- c:\windows\system32\drivers\Lbd.sys
2009-07-08 05:13 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-08 05:13 <DIR> --d----- c:\program files\Lavasoft

==================== Find3M ====================

2009-05-31 08:53 1,632 -------- c:\windows\system32\d3d8caps.dat
2009-05-28 05:34 1,744 -------- c:\windows\system32\d3d9caps.dat
2009-05-07 08:32 345,600 -------- c:\windows\system32\localspl.dll
2009-04-28 21:56 827,392 -------- c:\windows\system32\wininet.dll
2009-04-28 21:55 78,336 -------- c:\windows\system32\ieencode.dll
2001-07-26 16:58 47 -c------ c:\program files\ACMonitor_X73.ini
2001-07-05 12:46 8,116 -c------ c:\program files\OSLO3071b2.USB
2001-05-11 11:39 53,248 -------- c:\program files\ACMonitor_X73.exe
2001-05-08 16:36 114,688 -------- c:\program files\lxarscan.dll
2001-04-23 14:22 1,437 -c------ c:\program files\gtx73.ini
2001-02-22 09:54 768 -c------ c:\program files\x73_lut.dat
2008-04-13 17:11 617,472 ---sh--- c:\windows\system32\comctl32.dll
2008-08-05 05:02 88 ---shr-- c:\windows\system32\DDD65CC802.sys
2008-08-05 05:02 1,890 ---sh--- c:\windows\system32\KGyGaAvL.sys
2008-04-13 17:11 1,028,096 ---sh--- c:\windows\system32\mfc42.dll
1998-06-17 19:08 53,248 ---sh--- c:\windows\system32\MFC42ENU.DLL
2001-08-23 05:00 253,952 ---sh--- c:\windows\system32\msvcrt20.dll
1998-05-18 03:06 368,912 ---sh--- c:\windows\system32\VBAR332.DLL
2009-02-22 10:31 32,768 -c-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009022220090223\index.dat

============= FINISH: 14:57:24.29 ===============

Attached Files



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:53 AM

Posted 27 July 2009 - 03:08 PM

Hello and welcome to the BleepingComputer.com! :thumbup2:

I will be helping you today. :) If you are still there please reply back and let me know. :)

Pleaseinclude a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.


regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 bradmclean

bradmclean
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 28 July 2009 - 07:15 AM

Thanks for getting back to me. Since my last post, Spybot S&D ran and found 3 infections. Also, Symantec AV ran and found nothing. Per your instructions, I will stop these from running automatically until we get this fixed.

I first noticed the problem when something started opening IE sessions. I was quickly closing them, so I don't remember exactly what pages were opened. I know that some did not find the page and showed errors. The resident Spybot S&D started finding "sopidkc.exe" and said it was stopping the process. The problem is that it kept finding it again every time it stopped the process. I only got it to stop by using Windows Task Manager. Even then it kept restarting until I also killed wiawow32.exe and wiwow64.exe.

I've deleted the actual sopidkc.exe file and removed all references to it from the registry, but it keeps getting re-created along with the registry entries.

Now that I know what I need to do, I immediately use task manager to kill the 3 processes I mentioned every time I start up the computer. Usually the Resident Spybot S&D finds sopidkc.exe a few times before I can get all of the processed stopped. Once that is done, my computer seems OK, but I'm certain it's not.

Thank you in advance for your help.

Brad

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:53 AM

Posted 28 July 2009 - 07:43 AM

Hi, :thumbup2:

Let's see what we can do for you. :)

I notice the presence of UniBlue Registry booster Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.


http://miekiemoes.blogspot.com/2008/02/reg...weaking_13.html
http://forums.whatthetech.com/Regcleaner_t42862.html

You logs also show the presence of Viewpoint.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Now to the actual cleaning. :)

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Afterwards please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

We also need to create an OTL Report
  • Please download OTL from the following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Please post back the logs from Malwarebytes, gmer and OTL in your next reply.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 bradmclean

bradmclean
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 28 July 2009 - 09:00 PM

Thank you for the very quick reply. I got started this morning, but had to go to work. I've now completed the steps:

- I had previously uninstalled Uniblue, which was just a trial version, so I don't know what is left over from that.
- I uninstalled Viewpoint Media Player, as suggested.
- Ran MalwareBytes and restarted the computer. On restart, Spybot S&D automatically started. I clicked on the cancel button and it ended up not responding. After waiting 30 minutes, I used Task Manager to stop Spybot. Windows then loaded as normal. The log from MalwareBytes is included later in this reply.
- I downloaded and ran gmer after disabling realtime protection by AdAware and Spybot and disconnnecting from the internet. The program "Encountered a problem and needed to close". I chose not to report the problem to MS and re-ran the scan. This one completed. The gmer.log is copied below.
- I downloaded and ran OTL. I received a message that "System settings protector encountered a problem and needs to close". Again, I did not report the problem to MS. The OTL scan ran after this. The logs are pasted below.

Here are the logs:

MALWAREBYTES Log
Malwarebytes' Anti-Malware 1.39
Database version: 2518
Windows 5.1.2600 Service Pack 3

7/28/2009 6:35:22 AM
mbam-log-2009-07-28 (06-35-22).txt

Scan type: Quick Scan
Objects scanned: 152347
Time elapsed: 26 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 10
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7c559105-9ecf-42b8-b3f7-832e75edd959} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\WinBudget (Adware.AdMedia) -> Quarantined and deleted successfully.
c:\program files\winbudget\bin (Adware.AdMedia) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\wiwow64.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msncache.dllx (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_260067609944.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tmp0_667980467496.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tmp0_772563604247.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_21588866967.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_404883324718.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_60891398362.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_737088698674.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\OX1F5DB7\w[1].bin (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\TZS13S4W\w[1].bin (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\XMIU9TIK\w[1].bin (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\winbudget\bin\matrix.dll (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wiawow32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.


gmer.log
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-28 18:29:11
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF77C987E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF77C9BFE]

---- Kernel code sections - GMER 1.0.15 ----

? Ikin.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- EOF - GMER 1.0.15 ----



OTListIT.txt

OTL logfile created on: 7/28/2009 6:33:47 PM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Documents and Settings\Brad\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.46 Mb Total Physical Memory | 68.09 Mb Available Physical Memory | 17.76% Memory free
920.67 Mb Paging File | 378.14 Mb Available in Paging File | 41.07% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 4.19 Gb Free Space | 11.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 343.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 4.01 Gb Total Space | 1.33 Gb Free Space | 33.09% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: B
Current User Name: Brad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2004/03/24 19:40:44 | 00,876,656 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2007/01/09 23:17:24 | 00,020,539 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
PRC - [2003/05/21 01:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2008/10/28 16:42:30 | 00,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2007/01/09 23:17:24 | 00,020,539 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
PRC - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2006/06/28 20:48:14 | 28,952,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/07/06 13:14:02 | 05,730,304 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
PRC - [2003/05/21 01:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/04/14 10:05:58 | 00,240,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/01/17 23:42:02 | 00,196,608 | ---- | M] (G7 Productivity Systems, Inc.) -- C:\Program Files\VersaJette M400\g7ccmon.exe
PRC - [2007/04/30 12:54:52 | 01,737,056 | ---- | M] (G7 Productivity Systems) -- C:\Program Files\G7PS\4X UltraSaver\UltraSaver.exe
PRC - [2005/12/05 12:21:38 | 00,491,520 | ---- | M] ( ) -- C:\WINDOWS\System32\g7cccoms.exe
PRC - [2009/04/07 17:56:50 | 00,776,392 | ---- | M] (CDE Software) -- C:\Program Files\MBDII\MBDIIServer.EXE
PRC - [2008/10/28 16:42:12 | 00,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
PRC - [2005/05/25 03:40:00 | 00,450,560 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007/01/09 23:20:44 | 00,041,041 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
PRC - [2005/05/25 03:40:00 | 00,028,160 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
PRC - [2009/04/24 22:27:50 | 00,636,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/28 18:33:19 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (ALG [On_Demand | Stopped])
SRV - [2007/01/09 23:17:24 | 00,020,539 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe -- (Apache2 [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2003/05/21 01:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2008/10/28 16:42:30 | 00,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service [Auto | Running])
SRV - [2005/12/05 12:21:38 | 00,491,520 | ---- | M] ( ) -- C:\WINDOWS\System32\g7cccoms.exe -- (g7cc_device [On_Demand | Running])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/03/24 19:40:44 | 00,876,656 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
SRV - [2007/09/26 14:41:56 | 00,503,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/07/08 05:21:17 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (lavasoft ad-aware service [Auto | Stopped])
SRV - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2006/06/28 20:48:14 | 28,952,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$ACT7 [Auto | Running])
SRV - [2005/10/14 03:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2007/07/06 13:14:02 | 05,730,304 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL [Auto | Running])
SRV - [2003/05/21 01:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server [Auto | Running])
SRV - File not found -- -- (NVSvc [Auto | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/04/14 10:05:58 | 00,240,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
SRV - [2006/04/14 10:04:54 | 00,087,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/04/13 10:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [1997/12/22 18:02:46 | 00,023,936 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])
DRV - [2008/04/13 10:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2001/08/17 05:12:02 | 00,063,208 | ---- | M] (Intel Corporation.) -- C:\WINDOWS\System32\DRIVERS\dc21x4.sys -- (DC21x4 [On_Demand | Running])
DRV - [2001/08/17 05:19:34 | 00,040,704 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\es1371mp.sys -- (es1371 [On_Demand | Running])
DRV - [2008/04/13 11:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/03/24 19:44:50 | 00,099,568 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs [Disabled | Running])
DRV - [2004/03/24 19:45:22 | 00,027,664 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys -- (InCDPass [System | Running])
DRV - [2003/12/29 23:38:52 | 00,028,080 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm [System | Running])
DRV - [2005/05/20 16:00:48 | 00,054,528 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Stopped])
DRV - [2009/07/08 05:25:18 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (lbd [Boot | Running])
DRV - [2005/05/20 16:01:32 | 00,025,600 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidKE.Sys -- (LHidKe [On_Demand | Running])
DRV - [2005/05/20 16:01:00 | 00,036,480 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys -- (LHidUsbK [On_Demand | Running])
DRV - [2005/05/20 16:01:26 | 00,068,352 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Running])
DRV - [1999/11/05 19:43:24 | 00,036,404 | ---- | M] (Marimba, Inc.) -- C:\WINDOWS\System32\drivers\MrtRate.sys -- (mrtRate [Auto | Running])
DRV - [2008/04/13 10:46:10 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2003/05/02 21:08:18 | 00,224,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP [On_Demand | Running])
DRV - [2003/05/02 21:08:22 | 00,030,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS -- (NAVAPEL [Auto | Running])
DRV - [2009/07/10 01:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090710.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/07/10 01:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090710.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2003/05/02 15:19:00 | 01,312,555 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2001/08/17 05:50:26 | 00,731,648 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4.sys -- (nv4 [On_Demand | Stopped])
DRV - [2002/06/10 17:10:00 | 00,012,338 | ---- | M] (Palm, Inc.) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2001/08/23 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/04/18 15:34:55 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2002/02/11 14:13:36 | 00,119,536 | ---- | M] (STMicroelectronics ) -- C:\WINDOWS\System32\drivers\STV680.sys -- (STV680 [On_Demand | Stopped])
DRV - [2002/02/11 14:13:36 | 00,009,024 | ---- | M] (STMicroelectronics ) -- C:\WINDOWS\System32\drivers\STV680m.sys -- (STV680m [On_Demand | Stopped])
DRV - [2002/11/26 15:51:46 | 00,073,480 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2000/06/15 19:54:02 | 00,206,368 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\udfreadr.sys -- (UdfReadr [System | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\PE_C_TEMP\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\PE_C_TEMP\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\PE_C_TEMP\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\PE_C_TEMP\PE_C_TEMP\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1390067357-789336058-1060284298-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1390067357-789336058-1060284298-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1390067357-789336058-1060284298-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-1390067357-789336058-1060284298-1004\S-1-5-21-1390067357-789336058-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1390067357-789336058-1060284298-1004\S-1-5-21-1390067357-789336058-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-21-1390067357-789336058-1060284298-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1390067357-789336058-1060284298-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1390067357-789336058-1060284298-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-1390067357-789336058-1060284298-1005\S-1-5-21-1390067357-789336058-1060284298-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1390067357-789336058-1060284298-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1390067357-789336058-1060284298-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1390067357-789336058-1060284298-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-1390067357-789336058-1060284298-1012\S-1-5-21-1390067357-789336058-1060284298-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1390067357-789336058-1060284298-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
IE - HKU\S-1-5-21-1390067357-789336058-1060284298-500\S-1-5-21-1390067357-789336058-1060284298-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1390067357-789336058-1060284298-501\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1390067357-789336058-1060284298-501\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1390067357-789336058-1060284298-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-1390067357-789336058-1060284298-501\S-1-5-21-1390067357-789336058-1060284298-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/11/08 18:35:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/03 05:00:21 | 00,000,000 | ---D | M]

[2007/07/11 05:56:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\mozilla\Firefox\Profiles\83hn7mcx.default\extensions
[2005/03/19 13:40:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/11/08 18:35:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/08 18:34:56 | 00,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/11/08 18:34:56 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/11/08 18:34:56 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008/11/08 18:34:56 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/11/08 18:34:57 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2006/04/18 15:30:22 | 00,086,016 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2008/11/08 18:35:00 | 00,022,664 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2003/07/14 22:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2005/04/23 22:05:52 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2007/08/27 06:59:13 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2007/08/27 06:59:13 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2007/08/27 06:59:13 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2005/04/23 22:06:14 | 00,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2005/04/23 22:05:35 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2006/12/09 10:57:33 | 00,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2008/08/21 05:27:41 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/08/21 05:27:41 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/08/21 05:27:41 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/08/21 05:27:41 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/08/21 05:27:41 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/08/21 05:27:41 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (317115 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 10880 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [CDE Software MBDII Server] C:\Program Files\MBDII\MBDIIServer.EXE (CDE Software)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\VersaJette Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [g7ccmon.exe] C:\Program Files\VersaJette M400\g7ccmon.exe (G7 Productivity Systems, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe ()
O4 - HKLM..\Run: [UltraSaver] C:\Program Files\G7PS\4X UltraSaver\UltraSaver.exe (G7 Productivity Systems)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe ()
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (Symantec Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (Symantec Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1390067357-789336058-1060284298-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1390067357-789336058-1060284298-1004..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (Apache Software Foundation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Brad\Start Menu\Programs\Startup\IM2 Messenger.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_TEMP\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-789336058-1060284298-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-789336058-1060284298-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKU\S-1-5-21-1390067357-789336058-1060284298-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-789336058-1060284298-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-789336058-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-789336058-1060284298-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found
O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YPager.exe ()
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YPager.exe ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\PE_C_TEMP\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1390067357-789336058-1060284298-1004\..Trusted Domains: multnomah.or.us ([robin.co] https in Trusted sites)
O15 - HKU\S-1-5-21-1390067357-789336058-1060284298-1004\..Trusted Domains: whataboutadog.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1390067357-789336058-1060284298-1004\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1390067357-789336058-1060284298-1005\..Trusted Domains: whataboutadog.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1390067357-789336058-1060284298-1005\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1390067357-789336058-1060284298-1012\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1390067357-789336058-1060284298-500\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1390067357-789336058-1060284298-501\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/OneClickFix/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai.net/f/516/25175/7d/ru...trix/wficat.cab (Citrix ICA Client)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://download.yahoo.com/dl/installs/yinst0309.cab (YInstStarter Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\DOCUME~1\Brad\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab (EPUImageControl Class)
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} https://robin.co.multnomah.or.us/vdesk/term...,2007,1001,2136 (F5 Networks SSLTunnel)
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} https://robin.co.multnomah.or.us/vdesk/term...sion=5,2,3790,0 (Microsoft RDP Client Control (redist))
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} http://chat.yahoo.com/cab/yuplapp.cab (Yahoo! Webcam Upload Wrapper)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7318.3552430556 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl..._3_1_02-win.cab (Java Plug-in 1.3.1_02)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://robin.co.multnomah.or.us/vdesk/term...,2007,1001,2140 (F5 Networks Host Control)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://chat.msn.com/bin/msnchat45.cab (MSN Chat Control 4.5)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\DOCUME~1\Brad\LOCALS~1\Temp\89339944420mxx.dll) - C:\DOCUME~1\Brad\LOCALS~1\Temp\89339944420mxx.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/03/02 16:48:28 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/24 13:12:26 | 00,000,027 | R--- | M] () - E:\AUTORUN.INF -- [ UDF ]
O32 - AutoRun File - [2002/03/02 08:41:00 | 00,000,467 | ---- | M] () - F:\AutoExec.Bat -- [ FAT32 ]
O32 - AutoRun File - [2001/07/01 22:25:20 | 00,000,391 | ---- | M] () - F:\AUTOEXEC.BAK -- [ FAT32 ]
O33 - MountPoints2\{97c4dde0-703f-11de-8612-0000c55f5efb}\Shell\AutoRun\command - "" = G:\InstallSeagateManager.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\*.tmp files]
[2100/02/23 14:35:34 | 00,000,768 | ---- | C] () -- C:\Program Files\x73_lut.dat
[2100/02/08 16:03:54 | 00,053,248 | ---- | C] (Silitek Corp.) -- C:\Program Files\ACMonitor_X73.exe
[2100/02/08 15:53:34 | 00,001,437 | ---- | C] () -- C:\Program Files\gtx73.ini
[2009/07/28 18:33:17 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe
[2009/07/28 07:33:53 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\b4qyy509.exe
[2009/07/28 06:00:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Application Data\Malwarebytes
[2009/07/28 06:00:32 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/28 06:00:26 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/28 06:00:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/28 06:00:21 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/28 06:00:20 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/28 05:59:05 | 03,775,176 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brad\Desktop\mbam-setup.exe
[2009/07/14 20:11:18 | 00,359,929 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\dds.scr
[2009/07/14 19:59:08 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9
[2009/07/14 19:55:10 | 10,314,752 | ---- | C] (Luis Cobian) -- C:\Documents and Settings\Brad\Desktop\cbSetup.exe
[2009/07/13 23:32:00 | 00,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
[2009/07/13 23:31:36 | 00,000,000 | ---D | C] -- C:\Program Files\Seagate
[2009/07/13 23:31:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/07/13 23:30:02 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2009/07/13 06:36:15 | 00,013,588 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2009/07/13 06:33:29 | 00,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/13 06:33:25 | 40,216,1664 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/12 16:01:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Application Data\Uniblue
[2009/07/12 07:22:34 | 19,690,7012 | ---- | C] () -- C:\Documents and Settings\Brad\My Documents\Reg Backup 7-12-09.reg
[2009/07/09 03:31:44 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/07/08 05:37:42 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/07/08 05:32:41 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/07/08 05:13:36 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/07/08 05:13:32 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/07/08 05:13:06 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/07/08 05:13:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/24 22:51:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/04/24 22:51:34 | 01,003,520 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2008/12/03 06:38:06 | 00,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/08/04 19:56:33 | 00,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/08/04 19:56:33 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\DDD65CC802.sys
[2008/04/08 06:19:43 | 00,000,039 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/03/31 06:35:29 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\g7PMON.DLL
[2008/03/31 06:35:29 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\g7PMUI.DLL
[2008/03/31 06:31:53 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\g7ccserv.dll
[2008/03/31 06:31:53 | 01,122,304 | ---- | C] ( ) -- C:\WINDOWS\System32\g7ccusb1.dll
[2008/03/31 06:31:53 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\g7ccvs.dll
[2008/03/31 06:31:52 | 00,630,784 | ---- | C] ( ) -- C:\WINDOWS\System32\g7ccpmui.dll
[2008/03/31 06:31:52 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\g7ccprox.dll
[2008/03/31 06:31:52 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\g7ccpplc.dll
[2008/03/31 06:31:51 | 00,770,048 | ---- | C] ( ) -- C:\WINDOWS\System32\g7cchbn3.dll
[2008/03/31 06:31:50 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\g7cccomc.dll
[2008/03/31 06:31:50 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\g7cccomm.dll
[2008/03/31 06:31:49 | 00,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\g7cclmpm.dll
[2007/10/10 05:34:03 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/09/01 18:08:32 | 00,049,656 | ---- | C] () -- C:\WINDOWS\php.ini
[2007/01/25 06:39:23 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/04/18 15:30:56 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/01/14 15:43:17 | 00,094,720 | ---- | C] () -- C:\WINDOWS\System32\SH30W32.DLL
[2005/09/06 05:36:08 | 02,080,768 | ---- | C] () -- C:\WINDOWS\System32\TmpSynCR302K.sys
[2005/09/06 05:33:32 | 00,000,194 | -H-- | C] () -- C:\WINDOWS\sysvszywt.dll
[2005/09/06 05:33:32 | 00,000,194 | -H-- | C] () -- C:\WINDOWS\System32\sysvszywt.dll
[2005/07/14 05:57:02 | 00,246,784 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2005/07/13 21:11:53 | 00,290,816 | ---- | C] () -- C:\WINDOWS\System32\PBHTML.dll
[2005/06/11 10:28:32 | 00,000,068 | ---- | C] () -- C:\WINDOWS\eyeQ Screen Saver.ini
[2005/04/04 05:53:21 | 00,000,078 | ---- | C] () -- C:\WINDOWS\psuite.ini
[2005/02/27 21:06:01 | 00,000,062 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2005/02/27 21:06:01 | 00,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2005/02/27 21:06:01 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2005/02/14 21:38:01 | 00,000,180 | ---- | C] () -- C:\WINDOWS\System32\CM_SUPPORT.INI
[2004/05/30 20:19:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2004/02/02 19:37:49 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2003/11/11 07:45:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2003/09/10 21:56:43 | 00,196,661 | ---- | C] () -- C:\WINDOWS\System32\dbcapi.dll
[2003/09/10 21:56:43 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\proxydll.dll
[2003/09/10 21:56:43 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2003/09/10 21:56:43 | 00,002,846 | ---- | C] () -- C:\WINDOWS\winros.ini
[2003/09/10 21:56:43 | 00,000,123 | ---- | C] () -- C:\WINDOWS\WinSig.Ini
[2003/09/10 21:56:43 | 00,000,108 | ---- | C] () -- C:\WINDOWS\Reader.Ini
[2003/05/21 01:19:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2003/03/02 21:43:27 | 00,001,112 | ---- | C] () -- C:\WINDOWS\ULEAD.INI
[2002/12/26 08:30:05 | 00,000,181 | ---- | C] () -- C:\WINDOWS\civ.ini
[2002/12/10 01:00:00 | 01,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[2002/12/10 01:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2002/12/10 01:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[2002/12/10 01:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2002/10/21 06:22:37 | 00,000,087 | ---- | C] () -- C:\WINDOWS\kodakPN.ini
[2002/09/10 19:11:17 | 00,000,096 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2002/08/07 19:20:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2002/05/12 09:15:40 | 00,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2002/05/11 13:22:29 | 00,012,217 | ---- | C] () -- C:\WINDOWS\affiliate.INI
[2002/05/10 19:14:36 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/04/09 18:43:11 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\CRESNT.DLL
[2002/04/09 18:43:11 | 00,319,488 | ---- | C] () -- C:\WINDOWS\System32\CRES95.DLL
[2002/04/09 18:43:11 | 00,001,559 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2002/03/21 07:23:10 | 00,001,041 | ---- | C] () -- C:\WINDOWS\wsftppro.INI
[2002/03/21 07:04:26 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2002/03/19 22:10:22 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/03/16 13:18:31 | 00,051,712 | ---- | C] () -- C:\WINDOWS\wc98pp.dll
[2002/03/08 21:15:33 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2002/03/08 21:15:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2002/03/08 21:15:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2002/03/08 06:47:27 | 00,000,520 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2002/03/04 08:16:25 | 00,000,170 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2002/03/03 21:28:05 | 00,000,028 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2002/03/03 21:20:36 | 00,001,098 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/03/03 21:20:36 | 00,000,690 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2001/10/12 00:42:49 | 00,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2001/08/23 05:00:00 | 00,000,912 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 05:00:00 | 00,000,340 | ---- | C] () -- C:\WINDOWS\system.ini
[1999/04/20 03:15:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\unvise32.dll
[1999/01/04 14:25:00 | 00,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[1998/11/04 03:20:00 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/07/28 18:33:19 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe
[2009/07/28 18:31:34 | 00,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/07/28 07:34:00 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\b4qyy509.exe
[2009/07/28 06:44:48 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/28 06:44:19 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/07/28 06:41:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/28 06:40:50 | 40,216,1664 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/28 06:00:32 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/28 05:59:05 | 03,775,176 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brad\Desktop\mbam-setup.exe
[2009/07/28 05:30:05 | 00,000,286 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2009/07/27 05:32:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/07/26 14:52:21 | 00,359,929 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\dds.scr
[2009/07/14 19:55:10 | 10,314,752 | ---- | M] (Luis Cobian) -- C:\Documents and Settings\Brad\Desktop\cbSetup.exe
[2009/07/14 19:45:53 | 00,200,704 | ---- | M] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/14 05:30:02 | 00,000,028 | ---- | M] () -- C:\WINDOWS\qfnonl.ini
[2009/07/14 05:04:26 | 00,001,098 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2009/07/13 23:32:00 | 00,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 11:23:03 | 04,797,630 | -H-- | M] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\IconCache.db
[2009/07/13 06:36:14 | 00,013,588 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2009/07/12 07:23:10 | 19,690,7012 | ---- | M] () -- C:\Documents and Settings\Brad\My Documents\Reg Backup 7-12-09.reg
[2009/07/11 09:53:42 | 00,317,115 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/07/08 05:32:20 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/07/08 05:25:18 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/07/08 05:13:32 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/07/05 14:57:04 | 00,316,785 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090711-095341.backup
< End of report >


Extra.txt

OTL Extras logfile created on: 7/28/2009 6:33:50 PM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Documents and Settings\Brad\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.46 Mb Total Physical Memory | 68.09 Mb Available Physical Memory | 17.76% Memory free
920.67 Mb Paging File | 378.14 Mb Available in Paging File | 41.07% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 4.19 Gb Free Space | 11.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 343.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 4.01 Gb Total Space | 1.33 Gb Free Space | 33.09% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: B
Current User Name: Brad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3306:TCP" = 3306:TCP:LocalSubNet:Enabled:MySQL
"16210:TCP" = 16210:TCP:*:Enabled:MBDII
"16210:UDP" = 16210:UDP:*:Enabled:MBDII
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 6.2 -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- ()
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:YServer Module -- (Yahoo! Inc.)
"C:\Program Files\Support.com\bin\tgcmd.exe" = C:\Program Files\Support.com\bin\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher -- (Support.com, Inc.)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 6.2 -- ()
"C:\Program Files\Sony\Station\Launchpad\LaunchPad.exe" = C:\Program Files\Sony\Station\Launchpad\LaunchPad.exe:*:Enabled:LaunchPad -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Infogrames\Civilization III\Civilization3.exe" = C:\Program Files\Infogrames\Civilization III\Civilization3.exe:*:Enabled:Civilization3 -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- File not found
"C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" = C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Morpheus\Morpheus.exe" = C:\Program Files\Morpheus\Morpheus.exe:*:Disabled:Morpheus -- File not found
"C:\Program Files\TruePoker\Client.exe" = C:\Program Files\TruePoker\Client.exe:*:Disabled:TruePoker Client Application -- File not found
"C:\Program Files\ACT\Act for Windows\ActSage.exe" = C:\Program Files\ACT\Act for Windows\ActSage.exe:*:Disabled:ACT! 9.x/2007 -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger -- (America Online, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{03EA3D6E-D92B-11D0-892B-00A0C91827B3}" = eSignal
"{0BB53CBD-B1FC-469F-9564-2C447AC3D2A8}" = BLS-2009
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{14374623-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Premier: Accountant Edition 2005
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{237a4b22-78c2-11d6-a394-00104bd190b1}" = QuickBooks Pro Edition 2003
"{2AFA5FC0-2166-11D6-B294-00B0D0B36B37}" = Otter32
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2FEB25F8-C3CB-49A2-AE79-DE17FFAFB5D9}" = MySQL Server 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33541F3D-28BD-47EF-BB61-2E813EE5A776}" = 4X UltraSaver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{619B8475-0F48-41B7-A370-5147F7092989}" = Virtual Earth 3D (Beta)
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE DVD
"{7727418E-0EB9-44CD-BE5F-4A576FDD6569}" = VersaCheck Silver Express 2007
"{81CE81DD-BEF7-46B3-9FE7-F0FCF48EF4E0}" = Master Bowler Database 2009
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90170409-6000-11D3-8CFE-0050048383C9}" = Microsoft FrontPage 2002
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{96DF9180-98E0-437E-95B0-87C0932860F4}" = FranklinCovey Planning Software
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A8FCCEF6-AA38-11D6-9068-000103242CFE}" = 4x Made Easy
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600205}" = MSN Messenger 6.2
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint Plus
"{B045B608-4A47-4C77-9EAD-06C394503306}" = iTunes
"{B33CD700-6738-11D4-87FE-0080C6F974A2}" = eyeQ
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C50B3B85-10B5-4C91-9C23-6655A8D87FEF}" = BLS-2009 Clipart
"{C5EC81D0-3DED-435D-A46E-E3F60F7DC8AD}" = Palm Desktop
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DC15E07B-F9FC-4A08-945D-EF3B1B07B0E6}" = MySQL Workbench
"{ded53b0b-b67c-4244-ae6a-d6fd3c28d1ef}" = Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5A4688C-56C0-4910-BB0D-0BF3A5140252}" = FranklinCovey Planning Software for PalmOS®
"{EC561602-C0B9-4FAA-A175-1B3273639AC3}" = MySQL Tools for 5.0
"{ED090E86-5C7D-464A-A79F-D29BBDB7C759}" = BLS-2008
"{f333a33d-125c-32a2-8dce-5c5d14231e27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{f333a33d-125c-32a2-8dce-5c5d14231e27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adaptec UDF Reader" = Adaptec UDF Reader
"ad-aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AOL Instant Messenger" = AOL Instant Messenger
"BowlersMAP Lessons" = BowlersMAP Lessons
"Camera" = AIPTEK PenCam VR Manager
"Canon Digital Camera USB WIA Driver" = Canon Digital Camera USB WIA Driver
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"Canon Utilities RAW Image Converter" = Canon Utilities RAW Image Converter
"CCleaner" = CCleaner (remove only)
"Citrix ICA Web Client" = MetaFrame Presentation Server Web Client for Win32
"CrescendoActiveX" = Crescendo for Internet Explorer
"DAO 3.5" = DAO 3.5
"DivX 5.0.2 Bundle" = DivX 5.0.2 Bundle
"FX Trading Station" = FX Trading Station
"GammonEmpire" = GammonEmpire
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InCD!UninstallKey" = InCD
"InstallShield_{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"InstallShield_{A8FCCEF6-AA38-11D6-9068-000103242CFE}" = 4x Made Easy
"InterActual Player" = InterActual Player
"Internet Auction Secrets Soft 1.0_is1" = Internet Auction Secrets Soft 1.0
"InterVideo WinDVD" = InterVideo WinDVD
"JRE 1.3.1_02" = Java 2 Runtime Environment Standard Edition v1.3.1_02
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MGI_PHOTOSUITE_V806" = MGI PhotoSuite 8.1 (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (2.0.0.17)" = Mozilla Firefox (2.0.0.17)
"MRW!UninstallKey" = InCD EasyWrite Reader
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express
"News PlugIn" = News PlugIn
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"One Million Wholesalers_is1" = One Million Wholesalers
"PhotoRecord" = Canon PhotoRecord
"PPTView97" = Microsoft PowerPoint Viewer 97
"Quicken Deluxe 2000" = Quicken Deluxe 2000
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer
"RemoteCapture" = Canon Utilities RemoteCapture 2.1
"Shockwave" = Shockwave
"Support.com" = ComcastSUPPORT
"The Trade Center" = The Trade Center
"ThePlaya" = The Playa
"VersaJette Fax Solutions" = VersaJette Fax Solutions
"VersaJette M400" = VersaJette M400
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1390067357-789336058-1060284298-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player_is1" = Move Networks Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/28/2009 5:11:09 AM | Computer Name = B | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070002, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/28/2009 10:26:39 AM | Computer Name = B | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/28/2009 10:39:51 AM | Computer Name = B | Source = Application Error | ID = 1000
Description = Faulting application b4qyy509.exe, version 1.0.15.14972, faulting
module b4qyy509.exe, version 1.0.15.14972, fault address 0x0000c4b1.

Error - 7/28/2009 9:32:10 PM | Computer Name = B | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

[ System Events ]
Error - 7/28/2009 5:11:05 AM | Computer Name = B | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 7/28/2009 5:11:10 AM | Computer Name = B | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 7/28/2009 5:11:10 AM | Computer Name = B | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 7/28/2009 8:54:30 AM | Computer Name = B | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 7/28/2009 8:54:41 AM | Computer Name = B | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 7/28/2009 9:41:02 AM | Computer Name = B | Source = Application Popup | ID = 876
Description = Driver UdfReadr.SYS has been blocked from loading.

Error - 7/28/2009 9:41:31 AM | Computer Name = B | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%2

Error - 7/28/2009 9:41:31 AM | Computer Name = B | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Driver Helper Service service failed to start due to the
following error: %%2

Error - 7/28/2009 9:41:31 AM | Computer Name = B | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 7/28/2009 9:41:43 AM | Computer Name = B | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%2


< End of report >

Let me know what's next. Thank you!!!

Brad

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:53 AM

Posted 29 July 2009 - 03:24 AM

Hi,

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

Please do not use P2P, at least until we have finished cleaning up your PC.

Speaking of which,

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

C:\WINDOWS\System32\TmpSynCR302K.sys

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Do the same for the following file:

C:\WINDOWS\sysvszywt.dll

Are you familiar with the following sites: multnomah.or.us and whataboutadog.com , did you add them to your trusted zone?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    O4 - HKU\S-1-5-21-1390067357-789336058-1060284298-1004..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Key error. File not found
    O20 - AppInit_DLLs: (C:\DOCUME~1\Brad\LOCALS~1\Temp\89339944420mxx.dll) - C:\DOCUME~1\Brad\LOCALS~1\Temp\89339944420mxx.dll File not found
    :file
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
Please post back in your next reply the logs from virustotal and from OTL, as well as any problems you might be experiencing with your PC.
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 bradmclean

bradmclean
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 29 July 2009 - 07:57 AM

Good morning,

I did not think I had any more P2P programs. I have uninstalled Morpheus and a couple of others I tried for a short time. As far as I knew, the only file sharing I was doing was MS file and printer sharing.

I ran all of the scans and the fix. The logs are posted below:

Virtusol results:

File TmpSynCR302K.sys received on 2009.07.29 12:23:56 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/41 (0%)

Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.07.29 -
AhnLab-V3 5.0.0.2 2009.07.28 -
AntiVir 7.9.0.234 2009.07.29 -
Antiy-AVL 2.0.3.7 2009.07.29 -
Authentium 5.1.2.4 2009.07.28 -
Avast 4.8.1335.0 2009.07.28 -
AVG 8.5.0.387 2009.07.29 -
BitDefender 7.2 2009.07.29 -
CAT-QuickHeal 10.00 2009.07.28 -
ClamAV 0.94.1 2009.07.29 -
Comodo 1803 2009.07.29 -
DrWeb 5.0.0.12182 2009.07.29 -
eSafe 7.0.17.0 2009.07.28 -
eTrust-Vet 31.6.6645 2009.07.29 -
F-Prot 4.4.4.56 2009.07.28 -
F-Secure 8.0.14470.0 2009.07.29 -
Fortinet 3.120.0.0 2009.07.29 -
GData 19 2009.07.29 -
Ikarus T3.1.1.64.0 2009.07.29 -
Jiangmin 11.0.800 2009.07.29 -
K7AntiVirus 7.10.804 2009.07.28 -
Kaspersky 7.0.0.125 2009.07.29 -
McAfee 5691 2009.07.28 -
McAfee+Artemis 5691 2009.07.28 -
McAfee-GW-Edition 6.8.5 2009.07.29 -
Microsoft 1.4903 2009.07.29 -
NOD32 4287 2009.07.29 -
Norman 6.01.09 2009.07.28 -
nProtect 2009.1.8.0 2009.07.29 -
Panda 10.0.0.14 2009.07.28 -
PCTools 4.4.2.0 2009.07.29 -
Prevx 3.0 2009.07.29 -
Rising 21.40.22.00 2009.07.29 -
Sophos 4.44.0 2009.07.29 -
Sunbelt 3.2.1858.2 2009.07.29 -
Symantec 1.4.4.12 2009.07.29 -
TheHacker 6.3.4.3.377 2009.07.29 -
TrendMicro 8.950.0.1094 2009.07.29 -
VBA32 3.12.10.9 2009.07.29 -
ViRobot 2009.7.29.1859 2009.07.29 -
VirusBuster 4.6.5.0 2009.07.28 -
Additional information
File size: 2080768 bytes
MD5...: a1c952736e11508af3994c21a81af11b
SHA1..: 1ac52804688a6d8404a33378f13d8873216871e4
SHA256: 5a16cacd8b702550720c6b11ae5f5b9e0da82759c960b5b8274c8b48f9ffd8af
ssdeep: 3072:SjNkeaj5qHubaSkcbB5x1P/N9Y3t2W1qwATYptKAptgXIdUSL4Sy/upPipa
kN6H4:S2d1rdh0FpEdy8DW

PEiD..: -
TrID..: File type identification
Microsoft Jet DB (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-


File sysvszywt.dll received on 2009.07.29 12:30:06 (UTC)
Current status: finished

Result: 0/41 (0.00%)
Compact Print results
Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.07.29 -
AhnLab-V3 5.0.0.2 2009.07.28 -
AntiVir 7.9.0.234 2009.07.29 -
Antiy-AVL 2.0.3.7 2009.07.29 -
Authentium 5.1.2.4 2009.07.28 -
Avast 4.8.1335.0 2009.07.28 -
AVG 8.5.0.387 2009.07.29 -
BitDefender 7.2 2009.07.29 -
CAT-QuickHeal 10.00 2009.07.28 -
ClamAV 0.94.1 2009.07.29 -
Comodo 1803 2009.07.29 -
DrWeb 5.0.0.12182 2009.07.29 -
eSafe 7.0.17.0 2009.07.28 -
eTrust-Vet 31.6.6645 2009.07.29 -
F-Prot 4.4.4.56 2009.07.28 -
F-Secure 8.0.14470.0 2009.07.29 -
Fortinet 3.120.0.0 2009.07.29 -
GData 19 2009.07.29 -
Ikarus T3.1.1.64.0 2009.07.29 -
Jiangmin 11.0.800 2009.07.29 -
K7AntiVirus 7.10.804 2009.07.28 -
Kaspersky 7.0.0.125 2009.07.29 -
McAfee 5691 2009.07.28 -
McAfee+Artemis 5691 2009.07.28 -
McAfee-GW-Edition 6.8.5 2009.07.29 -
Microsoft 1.4903 2009.07.29 -
NOD32 4287 2009.07.29 -
Norman 6.01.09 2009.07.28 -
nProtect 2009.1.8.0 2009.07.29 -
Panda 10.0.0.14 2009.07.28 -
PCTools 4.4.2.0 2009.07.29 -
Prevx 3.0 2009.07.29 -
Rising 21.40.24.00 2009.07.29 -
Sophos 4.44.0 2009.07.29 -
Sunbelt 3.2.1858.2 2009.07.29 -
Symantec 1.4.4.12 2009.07.29 -
TheHacker 6.3.4.3.377 2009.07.29 -
TrendMicro 8.950.0.1094 2009.07.29 -
VBA32 3.12.10.9 2009.07.29 -
ViRobot 2009.7.29.1859 2009.07.29 -
VirusBuster 4.6.5.0 2009.07.28 -
Additional information
File size: 194 bytes
MD5 : 00339f41b659e0ed411ac465fa4696cb
SHA1 : ed475196413ee13813c2758d503d2d22a36830f3
SHA256: df9ae044e9971db6a32a2a0016d03f368524e99e23e5bfe280c80a8f119d7cf3
TrID : File type identification
Unknown!
ssdeep: 3:hTdaCTN5SQETaWm/sqAjaVfRcIWKRRxVuVg3UnbK8TWxinnWzg+lSmTe+E5Iov:hR3h5SQETaWmFASRL9uK3CSIWzBYm6+k
PEiD : -
RDS : NSRL Reference Data Set
-


========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1390067357-789336058-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Uniblue RegistryBooster 2009 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\DOCUME~1\Brad\LOCALS~1\Temp\89339944420mxx.dll deleted successfully.
Error: Unable to interpret <:file> in the current context!

OTL by OldTimer - Version 3.0.10.3 log created on 07292009_053144


OTL logfile created on: 7/29/2009 5:41:02 AM - Run 2
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Documents and Settings\Brad\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.46 Mb Total Physical Memory | 59.11 Mb Available Physical Memory | 15.42% Memory free
939.67 Mb Paging File | 334.46 Mb Available in Paging File | 35.59% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 4.18 Gb Free Space | 11.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 343.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 4.01 Gb Total Space | 1.31 Gb Free Space | 32.62% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: B
Current User Name: Brad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Ahead Software AG)
PRC - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()
PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\VersaJette M400\g7ccmon.exe (G7 Productivity Systems, Inc.)
PRC - C:\Program Files\G7PS\4X UltraSaver\UltraSaver.exe (G7 Productivity Systems)
PRC - C:\WINDOWS\System32\g7cccoms.exe ( )
PRC - C:\Program Files\MBDII\MBDIIServer.EXE (CDE Software)
PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (Apache Software Foundation)
PRC - C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE (Logitech Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Documents and Settings\Brad\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (ALG [On_Demand | Stopped]) -- File not found
SRV - (Apache2 [Auto | Running]) -- C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe (Apache Software Foundation)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (FreeAgentGoNext Service [Auto | Running]) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (g7cc_device [On_Demand | Running]) -- C:\WINDOWS\System32\g7cccoms.exe ( )
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (InCDsrv [Auto | Running]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Ahead Software AG)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (lavasoft ad-aware service [Auto | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (MSSQL$ACT7 [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (MySQL [Auto | Running]) -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()
SRV - (Norton AntiVirus Server [Auto | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (NVSvc [Auto | Stopped]) -- File not found
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SQLBrowser [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (61883 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (Aspi32 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (Avc [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (DC21x4 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\dc21x4.sys (Intel Corporation.)
DRV - (es1371 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\es1371mp.sys (Creative Technology Ltd.)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (InCDfs [Disabled | Running]) -- C:\WINDOWS\System32\drivers\incdfs.sys (Ahead Software AG)
DRV - (InCDPass [System | Running]) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys (Ahead Software AG)
DRV - (incdrm [System | Running]) -- C:\WINDOWS\System32\drivers\incdrm.sys (Ahead Software AG)
DRV - (L8042mou [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\L8042mou.Sys (Logitech, Inc.)
DRV - (lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LHidKe [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LHidKE.Sys (Logitech, Inc.)
DRV - (LHidUsbK [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys (Logitech, Inc.)
DRV - (LMouKE [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys (Logitech, Inc.)
DRV - (mrtRate [Auto | Running]) -- C:\WINDOWS\System32\drivers\MrtRate.sys (Marimba, Inc.)
DRV - (MSDV [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (NAVAP [On_Demand | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys (Symantec Corporation)
DRV - (NAVAPEL [Auto | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS (Symantec Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090710.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090710.003\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nv4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4.sys (NVIDIA Corporation)
DRV - (PalmUSBD [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys (Palm, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (STV680 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\STV680.sys (STMicroelectronics )
DRV - (STV680m [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\STV680m.sys (STMicroelectronics )
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (UdfReadr [System | Stopped]) -- C:\WINDOWS\System32\drivers\udfreadr.sys (Adaptec)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1390067357-789336058-1060284298-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1390067357-789336058-1060284298-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1390067357-789336058-1060284298-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1390067357-789336058-1060284298-1004\S-1-5-21-1390067357-789336058-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1390067357-789336058-1060284298-1004\S-1-5-21-1390067357-789336058-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/11/08 18:35:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/03 05:00:21 | 00,000,000 | ---D | M]

[2007/07/11 05:56:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\mozilla\Firefox\Profiles\83hn7mcx.default\extensions
[2005/03/19 13:40:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/11/08 18:35:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/08 18:34:56 | 00,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/11/08 18:34:56 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/11/08 18:34:56 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008/11/08 18:34:56 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/11/08 18:34:57 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2006/04/18 15:30:22 | 00,086,016 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2008/11/08 18:35:00 | 00,022,664 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2003/07/14 22:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2005/04/23 22:05:52 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2007/08/27 06:59:13 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2007/08/27 06:59:13 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2007/08/27 06:59:13 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2005/04/23 22:06:14 | 00,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2005/04/23 22:05:35 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2006/12/09 10:57:33 | 00,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2008/08/21 05:27:41 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/08/21 05:27:41 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/08/21 05:27:41 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/08/21 05:27:41 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/08/21 05:27:41 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/08/21 05:27:41 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (317115 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 10880 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1390067357-789336058-1060284298-1004\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1390067357-789336058-1060284298-1004\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [CDE Software MBDII Server] C:\Program Files\MBDII\MBDIIServer.EXE (CDE Software)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\VersaJette Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [g7ccmon.exe] C:\Program Files\VersaJette M400\g7ccmon.exe (G7 Productivity Systems, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe ()
O4 - HKLM..\Run: [UltraSaver] C:\Program Files\G7PS\4X UltraSaver\UltraSaver.exe (G7 Productivity Systems)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe ()
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (Symantec Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (Symantec Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1390067357-789336058-1060284298-1004..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1390067357-789336058-1060284298-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (Apache Software Foundation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Brad\Start Menu\Programs\Startup\IM2 Messenger.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-789336058-1060284298-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-789336058-1060284298-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found
O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YPager.exe ()
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YPager.exe ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1390067357-789336058-1060284298-1004\..Trusted Domains: multnomah.or.us ([robin.co] https in Trusted sites)
O15 - HKU\S-1-5-21-1390067357-789336058-1060284298-1004\..Trusted Domains: whataboutadog.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1390067357-789336058-1060284298-1004\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/OneClickFix/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai.net/f/516/25175/7d/ru...trix/wficat.cab (Citrix ICA Client)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://download.yahoo.com/dl/installs/yinst0309.cab (YInstStarter Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\DOCUME~1\Brad\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab (EPUImageControl Class)
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} https://robin.co.multnomah.or.us/vdesk/term...,2007,1001,2136 (F5 Networks SSLTunnel)
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} https://robin.co.multnomah.or.us/vdesk/term...sion=5,2,3790,0 (Microsoft RDP Client Control (redist))
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} http://chat.yahoo.com/cab/yuplapp.cab (Yahoo! Webcam Upload Wrapper)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7318.3552430556 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl..._3_1_02-win.cab (Java Plug-in 1.3.1_02)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://robin.co.multnomah.or.us/vdesk/term...,2007,1001,2140 (F5 Networks Host Control)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://chat.msn.com/bin/msnchat45.cab (MSN Chat Control 4.5)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll ()
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/03/02 16:48:28 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/24 13:12:26 | 00,000,027 | R--- | M] () - E:\AUTORUN.INF -- [ UDF ]
O32 - AutoRun File - [2002/03/02 08:41:00 | 00,000,467 | ---- | M] () - F:\AutoExec.Bat -- [ FAT32 ]
O32 - AutoRun File - [2001/07/01 22:25:20 | 00,000,391 | ---- | M] () - F:\AUTOEXEC.BAK -- [ FAT32 ]
O33 - MountPoints2\{1ccacad1-7b57-11da-8492-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{1ccacad1-7b57-11da-8492-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1ccacad1-7b57-11da-8492-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- [2009/04/24 13:12:26 | 00,045,312 | R--- | M] (InstallShield Corporation, Inc.)
O33 - MountPoints2\{97c4dde0-703f-11de-8612-0000c55f5efb}\Shell\AutoRun\command - "" = G:\InstallSeagateManager.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\*.tmp files]
[2100/02/23 14:35:34 | 00,000,768 | ---- | C] () -- C:\Program Files\x73_lut.dat
[2100/02/08 16:03:54 | 00,053,248 | ---- | C] (Silitek Corp.) -- C:\Program Files\ACMonitor_X73.exe
[2100/02/08 15:53:34 | 00,001,437 | ---- | C] () -- C:\Program Files\gtx73.ini
[2009/07/29 05:31:44 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/07/28 18:33:17 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe
[2009/07/28 07:33:53 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\b4qyy509.exe
[2009/07/28 06:00:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Application Data\Malwarebytes
[2009/07/28 06:00:32 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/28 06:00:26 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/28 06:00:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/28 06:00:21 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/28 06:00:20 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/28 05:59:05 | 03,775,176 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brad\Desktop\mbam-setup.exe
[2009/07/14 20:11:18 | 00,359,929 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\dds.scr
[2009/07/14 19:59:08 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9
[2009/07/14 19:55:10 | 10,314,752 | ---- | C] (Luis Cobian) -- C:\Documents and Settings\Brad\Desktop\cbSetup.exe
[2009/07/13 23:32:00 | 00,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
[2009/07/13 23:31:36 | 00,000,000 | ---D | C] -- C:\Program Files\Seagate
[2009/07/13 23:31:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/07/13 23:30:02 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2009/07/13 06:36:15 | 00,013,588 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2009/07/13 06:33:29 | 00,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/13 06:33:25 | 40,216,1664 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/12 16:01:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Application Data\Uniblue
[2009/07/12 07:22:34 | 19,690,7012 | ---- | C] () -- C:\Documents and Settings\Brad\My Documents\Reg Backup 7-12-09.reg
[2009/07/09 03:31:44 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/07/08 05:37:42 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/07/08 05:32:41 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/07/08 05:13:36 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/07/08 05:13:32 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/07/08 05:13:06 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/07/08 05:13:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/24 22:51:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/04/24 22:51:34 | 01,003,520 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2008/12/03 06:38:06 | 00,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/08/04 19:56:33 | 00,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/08/04 19:56:33 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\DDD65CC802.sys
[2008/04/08 06:19:43 | 00,000,039 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/03/31 06:35:29 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\g7PMON.DLL
[2008/03/31 06:35:29 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\g7PMUI.DLL
[2008/03/31 06:31:53 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\g7ccserv.dll
[2008/03/31 06:31:53 | 01,122,304 | ---- | C] ( ) -- C:\WINDOWS\System32\g7ccusb1.dll
[2008/03/31 06:31:53 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\g7ccvs.dll
[2008/03/31 06:31:52 | 00,630,784 | ---- | C] ( ) -- C:\WINDOWS\System32\g7ccpmui.dll
[2008/03/31 06:31:52 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\g7ccprox.dll
[2008/03/31 06:31:52 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\g7ccpplc.dll
[2008/03/31 06:31:51 | 00,770,048 | ---- | C] ( ) -- C:\WINDOWS\System32\g7cchbn3.dll
[2008/03/31 06:31:50 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\g7cccomc.dll
[2008/03/31 06:31:50 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\g7cccomm.dll
[2008/03/31 06:31:49 | 00,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\g7cclmpm.dll
[2007/10/10 05:34:03 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/09/01 18:08:32 | 00,049,656 | ---- | C] () -- C:\WINDOWS\php.ini
[2007/01/25 06:39:23 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/04/18 15:30:56 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/01/14 15:43:17 | 00,094,720 | ---- | C] () -- C:\WINDOWS\System32\SH30W32.DLL
[2005/09/06 05:36:08 | 02,080,768 | ---- | C] () -- C:\WINDOWS\System32\TmpSynCR302K.sys
[2005/09/06 05:33:32 | 00,000,194 | -H-- | C] () -- C:\WINDOWS\sysvszywt.dll
[2005/09/06 05:33:32 | 00,000,194 | -H-- | C] () -- C:\WINDOWS\System32\sysvszywt.dll
[2005/07/14 05:57:02 | 00,246,784 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2005/07/13 21:11:53 | 00,290,816 | ---- | C] () -- C:\WINDOWS\System32\PBHTML.dll
[2005/06/11 10:28:32 | 00,000,068 | ---- | C] () -- C:\WINDOWS\eyeQ Screen Saver.ini
[2005/04/04 05:53:21 | 00,000,078 | ---- | C] () -- C:\WINDOWS\psuite.ini
[2005/02/27 21:06:01 | 00,000,062 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2005/02/27 21:06:01 | 00,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2005/02/27 21:06:01 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2005/02/14 21:38:01 | 00,000,180 | ---- | C] () -- C:\WINDOWS\System32\CM_SUPPORT.INI
[2004/05/30 20:19:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2004/02/02 19:37:49 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2003/11/11 07:45:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2003/09/10 21:56:43 | 00,196,661 | ---- | C] () -- C:\WINDOWS\System32\dbcapi.dll
[2003/09/10 21:56:43 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\proxydll.dll
[2003/09/10 21:56:43 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2003/09/10 21:56:43 | 00,002,846 | ---- | C] () -- C:\WINDOWS\winros.ini
[2003/09/10 21:56:43 | 00,000,123 | ---- | C] () -- C:\WINDOWS\WinSig.Ini
[2003/09/10 21:56:43 | 00,000,108 | ---- | C] () -- C:\WINDOWS\Reader.Ini
[2003/05/21 01:19:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2003/03/02 21:43:27 | 00,001,112 | ---- | C] () -- C:\WINDOWS\ULEAD.INI
[2002/12/26 08:30:05 | 00,000,181 | ---- | C] () -- C:\WINDOWS\civ.ini
[2002/12/10 01:00:00 | 01,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[2002/12/10 01:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2002/12/10 01:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[2002/12/10 01:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2002/10/21 06:22:37 | 00,000,087 | ---- | C] () -- C:\WINDOWS\kodakPN.ini
[2002/09/10 19:11:17 | 00,000,096 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2002/08/07 19:20:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2002/05/12 09:15:40 | 00,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2002/05/11 13:22:29 | 00,012,217 | ---- | C] () -- C:\WINDOWS\affiliate.INI
[2002/05/10 19:14:36 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/04/09 18:43:11 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\CRESNT.DLL
[2002/04/09 18:43:11 | 00,319,488 | ---- | C] () -- C:\WINDOWS\System32\CRES95.DLL
[2002/04/09 18:43:11 | 00,001,559 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2002/03/21 07:23:10 | 00,001,041 | ---- | C] () -- C:\WINDOWS\wsftppro.INI
[2002/03/21 07:04:26 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2002/03/19 22:10:22 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/03/16 13:18:31 | 00,051,712 | ---- | C] () -- C:\WINDOWS\wc98pp.dll
[2002/03/08 21:15:33 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2002/03/08 21:15:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2002/03/08 21:15:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2002/03/08 06:47:27 | 00,000,520 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2002/03/04 08:16:25 | 00,000,170 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2002/03/03 21:28:05 | 00,000,028 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2002/03/03 21:20:36 | 00,001,098 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/03/03 21:20:36 | 00,000,690 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2001/10/12 00:42:49 | 00,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2001/08/23 05:00:00 | 00,000,912 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 05:00:00 | 00,000,340 | ---- | C] () -- C:\WINDOWS\system.ini
[1999/04/20 03:15:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\unvise32.dll
[1999/01/04 14:25:00 | 00,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[1998/11/04 03:20:00 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/07/29 05:32:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/07/29 05:30:02 | 00,000,286 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2009/07/29 04:56:27 | 00,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/07/29 01:54:55 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/07/28 18:33:19 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe
[2009/07/28 07:34:00 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\b4qyy509.exe
[2009/07/28 06:44:48 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/28 06:41:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/28 06:40:50 | 40,216,1664 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/28 06:00:32 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/28 05:59:05 | 03,775,176 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brad\Desktop\mbam-setup.exe
[2009/07/26 14:52:21 | 00,359,929 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\dds.scr
[2009/07/14 19:55:10 | 10,314,752 | ---- | M] (Luis Cobian) -- C:\Documents and Settings\Brad\Desktop\cbSetup.exe
[2009/07/14 19:45:53 | 00,200,704 | ---- | M] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/14 05:30:02 | 00,000,028 | ---- | M] () -- C:\WINDOWS\qfnonl.ini
[2009/07/14 05:04:26 | 00,001,098 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2009/07/13 23:32:00 | 00,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 11:23:03 | 04,797,630 | -H-- | M] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\IconCache.db
[2009/07/13 06:36:14 | 00,013,588 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2009/07/12 07:23:10 | 19,690,7012 | ---- | M] () -- C:\Documents and Settings\Brad\My Documents\Reg Backup 7-12-09.reg
[2009/07/11 09:53:42 | 00,317,115 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/07/08 05:32:20 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/07/08 05:25:18 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/07/08 05:13:32 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/07/05 14:57:04 | 00,316,785 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090711-095341.backup
< End of report >

Other than being a bit slow lately I don't have any other problems with my PC. Thanks again for all of your help, and let me know what's next.

Brad

#10 bradmclean

bradmclean
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 29 July 2009 - 08:03 AM

I just realized I forgot to answer your question about the trusted sites. I do know about multnomah.or.us, and I did add it to my trusted zone. I don't recall adding whataboutadog.com, and I don't know what that site is.

Brad

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:53 AM

Posted 29 July 2009 - 08:52 AM

Hi,

could you please check if there are more unknown sites that have been added to your trusted zone?

BitTorrent and Morpheus still figure in your uninstall list, which made me believe that they are still installed on your system. Sometimes those entries are only leftovers. If you don't use them at all, the better :thumbup2:

Malwarebytes actually removed a couple of malicious entries and I was wondering if this had improved the speed of your PC. :)

The logs also suggest that you might be missing files, Windows needs to run smoothly. This might be causing delays as well. Do you have your Windows-CD at hand?

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 bradmclean

bradmclean
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 29 July 2009 - 09:41 AM

I looked at the trusted sites and whataboutadog is the only one there I don't know about. There are only the two entries. Should I go ahead and delete whataboutadog from the using internet options?

I haven't noticed a big change in speed, but I haven't done much while we're working on cleaning up my PC.

Yes, I do have my Windows CD handy.

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:53 AM

Posted 29 July 2009 - 10:42 AM

Hi,

yes please delete that entry from trusted zone. :thumbup2:

Please also run a system check, to see if any important windows files are missing:

Go to the Run box on the Start Menu and type in:

sfc /scannow

Note:Make sure to include the space between the first "c" and the "/".

This will run the System File checker and it will scan for corrupt or missing files. It may prompt you to insert the CD if it needs to obtain files.

Please post back when it has finished letting me know what it has reported.

More info on this process can be found here.


regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 bradmclean

bradmclean
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 30 July 2009 - 07:50 AM

Good morning,

I eliminated the whataboutadog.com entry from my trusted sites and ran sfc.

I had to click on the "retry" button in the windows protection dialog box around 150+ times after inserting my CD. I'm guessing it gave me the dialog box every time it needed a file. I didn't see that it created a report or anything.

I decided to run it again just to see what would happen. I got the same result. Didn't it fix it all the first time?

Thanks.

Brad

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:53 AM

Posted 30 July 2009 - 08:08 AM

Hi,

could you give me the exact saying of the popup window, please?

Is the CD you inserted the one from which you installed your system originally?

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users