Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with unknown malware


  • This topic is locked This topic is locked
24 replies to this topic

#1 Zen21

Zen21

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:20 PM

Posted 18 August 2009 - 09:37 PM

I have been trying to install Reader 9 on my system for months now but I keep getting the Error 1606 Error Cannot find network location \Internet Explorer\Plugins. I've tried all the forums, adobe and Microsoft site sugestions but to no avail it wont install. Deleted and re-entered all the reg info as instructed by microsoft but this didnt work. I tried removing Microsoft Office and that doesn't work. When I try to run msicuu2.exe I get a Run time error 380. I tried installing Reader the way Adobe recomeded by shutting everything down and nope...no deal. The only thing I could do was delete Reader 8 manually as instructed by Adobe but theres a hitch... I could not delete it from the Administration profile. Online virus scans like Panda and Kasperski will not work either. Thanks in advance. Im running XP SP3, P4 2.8G, 2500mb ram.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 21:48:07.76 on Tue 08/18/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1906 [GMT -4:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
C:\WINDOWS\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
d:\IObit\IObit Security 360\IS360srv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\SAiDownloader.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\soundman.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Program Files\Starfield\Desktop Notifier\wben.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner\Desktop\bleep\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page =
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\windows\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\windows\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [wben] "c:\windows\program files\starfield\desktop notifier\wben.exe"
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\nero\data\xtras\mssysmgr.exe
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [MSMSGS] "c:\program files\messenger\MSMSGS.EXE" /background
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
mRun: [Windows Defender] "c:\windows\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "c:\windows\program files\java\jre6\bin\jusched.exe"
mRun: [SoundMan] soundman.exe
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [mxomssmenu] "d:\maxtor\onetouch status\maxmenumgr.exe"
mRun: [iTunesHelper] "d:\itunes\iTunesHelper.exe"
mRun: [IObit Security 360] d:\iobit\iobit security 360\IS360tray.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [AVGIDS] "c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSUI.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [Adobe Photo Downloader] "d:\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [Software Informer] "d:\iobit\software informer\softinfo.exe" -autorun
dRun: [fsm]
dRunOnce: [KeyScrambler] c:\program files\keyscrambler\getting_started.html
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\spybot~1\SDHelper.dll
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} - hxxp://us.bookmarks.yahoo.com/YbConvFav.CAB
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - d:\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\google\google~1\goec62~1.dll \google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\windows\progra~1\window~2\MpShHook.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\vpfgam68.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\vpfgam68.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: d:\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\panda security\activescan 2.0\npwrapper.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin7.dll
FF - plugin: c:\program files\windows media player\npdrmv2.dll
FF - plugin: c:\program files\windows media player\npdsplay.dll
FF - plugin: c:\program files\windows media player\npwmsdrm.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll
FF - plugin: c:\windows\program files\java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\windows\program files\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\windows\program files\microsoft silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\windows\program files\microsoft silverlight\2.0.40115.0\npctrl.dll
FF - plugin: c:\windows\program files\microsoft silverlight\3.0.40723.0\npctrl.1.0.30401.0.dll
FF - plugin: c:\windows\program files\microsoft silverlight\3.0.40723.0\npctrl.dll
FF - plugin: c:\windows\program files\microsoft\office live\npOLW.dll
FF - plugin: d:\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\mozilla firefox\plugins\npwbe.dll
FF - plugin: d:\real\realplayer\netscape6\nprpjplug.dll
FF - plugin: d:\videolan\vlc\npvlc.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - trued:\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
d:\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
d:\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
d:\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
d:\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
d:\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
d:\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
d:\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
d:\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
d:\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
d:\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
d:\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
d:\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
d:\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
d:\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
d:\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
d:\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
d:\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
d:\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
d:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
d:\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
d:\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
d:\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
d:\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2009-7-22 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-8-13 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-13 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-13 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-13 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-13 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-8-13 1370488]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSAgent.exe [2009-7-22 5641736]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSWatcher.exe [2009-7-22 571912]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2009-2-25 13088]
R2 IS360service;IS360service;d:\iobit\iobit security 360\is360srv.exe [2009-8-10 307472]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2007-12-16 72672]
R2 Maxtor Sync Service;Maxtor Service;d:\maxtor\sync\SyncServices.exe [2008-7-21 193888]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2009-5-15 935208]
R2 Par1284;Par1284;e:\p-cut\procut production suite\program\Par1284.sys [2008-5-14 53344]
R2 SAiDownloader;SAiDownloader;c:\windows\system32\SAiDownloader.exe [2008-5-14 438272]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2007-4-27 316992]
R2 WinDefend;Windows Defender;c:\windows\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-8-13 29208]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-7-22 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-7-22 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSShim.sys [2009-7-22 27232]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-5-11 114672]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-8-13 29208]
S3 FA31x;Netgear FA311/312 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\FA31xND5.SYS [2008-10-1 16025]
S3 fiddrv;fiddrv;c:\windows\system32\drivers\fiddrv.sys [2007-11-25 9896]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-5-11 42112]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-2-28 44928]
S3 SGUARD;SGUARD;\??\c:\windows\system32\drivers\sguard.sys --> c:\windows\system32\drivers\SGuard.sys [?]

=============== Created Last 30 ================

2009-08-18 21:26 <DIR> --d----- C:\bleep
2009-08-18 18:19 <DIR> --d----- c:\windows\Profiles
2009-08-16 13:50 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-08-16 13:50 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-08-16 13:44 20 a------- c:\windows\system32\SYSTEM
2009-08-15 21:43 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-15 21:43 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-15 19:49 3,942,048 a------- C:\mwbts.exe
2009-08-13 20:17 <DIR> --d----- c:\windows\system32\Adobe
2009-08-13 20:12 524,288 a------- c:\windows\opuc.dll
2009-08-13 18:44 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-08-13 18:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations
2009-08-13 18:05 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-08-13 18:05 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-08-13 18:05 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-13 18:05 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-13 18:05 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-08-13 18:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-08-13 18:04 50,968 a------- c:\windows\system32\avgfwdx.dll
2009-08-13 18:04 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2009-08-13 18:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-08-13 17:48 <DIR> --d----- c:\docume~1\owner\applic~1\AVG8
2009-08-13 16:12 15,597 a------- c:\windows\system32\accserv.mib
2009-08-13 15:58 <DIR> -cd-h--- c:\windows\ie8
2009-08-11 17:37 <DIR> --d----- c:\docume~1\owner\applic~1\Software Informer
2009-08-11 17:27 55,168 ac------ c:\windows\system32\dllcache\aic78u2.sys
2009-08-11 17:27 12,800 ac------ c:\windows\system32\dllcache\aha154x.sys
2009-08-11 17:27 24,576 ac------ c:\windows\system32\dllcache\agcgauge.ax
2009-08-11 17:17 <DIR> --d----- c:\windows\system32\BackUp
2009-08-10 20:55 119,808 -c------ c:\windows\system32\dllcache\t2embed.dll
2009-08-10 20:55 81,920 -c------ c:\windows\system32\dllcache\fontsub.dll
2009-08-10 20:52 585,216 -c------ c:\windows\system32\dllcache\rpcrt4.dll
2009-08-10 20:49 56,832 -c------ c:\windows\system32\dllcache\secur32.dll
2009-08-10 20:47 354,304 -c------ c:\windows\system32\dllcache\winhttp.dll
2009-08-10 20:45 161,792 -c------ c:\windows\system32\dllcache\msdtcuiu.dll
2009-08-10 20:45 91,648 -c------ c:\windows\system32\dllcache\mtxoci.dll
2009-08-10 20:45 66,560 -c------ c:\windows\system32\dllcache\mtxclu.dll
2009-08-10 20:45 58,880 -c------ c:\windows\system32\dllcache\msdtclog.dll
2009-08-10 20:45 956,928 -c------ c:\windows\system32\dllcache\msdtctm.dll
2009-08-10 20:41 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-08-10 20:41 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-08-10 20:41 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-08-10 20:41 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-08-10 20:41 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-10 20:41 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-08-10 20:41 2,145,280 ac------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-10 20:41 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-10 20:39 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-08-10 20:39 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-08-10 20:30 286,720 -c------ c:\windows\system32\dllcache\gdi32.dll
2009-08-10 20:28 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-08-10 20:26 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-08-10 20:18 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-08-10 20:13 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-08-02 13:50 <DIR> --d----- c:\docume~1\owner\applic~1\Any DVD Converter Professional
2009-07-22 17:23 74,760 a------- c:\windows\system32\drivers\UniversalDD.sys
2009-07-22 17:23 25,608 a------- c:\windows\system32\drivers\AVGIDSErHr.sys

==================== Find3M ====================

2009-08-18 18:16 24,064 a------- c:\windows\autoload.exe
2009-08-11 16:18 134,288 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2009-07-30 16:10 114,672 a------- c:\windows\system32\drivers\keyscrambler.sys
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-16 11:24 87,608 a------- c:\docume~1\owner\applic~1\inst.exe
2009-07-16 11:24 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-07-16 11:24 47,360 a------- c:\docume~1\owner\applic~1\pcouffin.sys
2009-07-07 17:48 94,484 a---h--- c:\windows\system32\mlfcache.dat
2009-06-29 16:55 282,112 a------- c:\windows\system32\mscoree.dll
2009-06-24 15:36 265,797 a------- c:\windows\system32\pdvcodec.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2007-08-01 13:28 88 a--shr-- c:\windows\system32\239B347DBC.sys
2007-08-01 13:28 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 21:49:13.54 ===============

BC AdBot (Login to Remove)

 


#2 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:11:20 PM

Posted 30 August 2009 - 07:33 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 Zen21

Zen21
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:20 PM

Posted 31 August 2009 - 10:21 AM

Thanks for the reply! I have had problems with running any type of anti malware/virus program so I created another profile and was able to install it and run it from the new profile but it found nothing. The error I would get would be "Error 380" from Malwarebytes. In a last ditch effort, as I read through some of the other posts I downloaded A2 antimalware. This found a host of malware, spyware and viruses. I can post those logs if you like. Before I posted anything to this site Kasperski found nothing and I uninstalled it so I installed AGV. It found a few viruses Sheur2.exe I believe was the one it found but for some odd reason the log disappeared. AGV and Malware bytes find nothing at all. One other issue that comes to mind that on some items I receive a pop up saying I don't have administrative rights . Just the other night the computer speaker was beeping and there was no one at the computer. I quick turned off the internet and the beeping stopped. I noticed in AVG that there are some applications that are using ports that are in the 55000 and 65000 range too. By the way..I tried netstat and it opens quickly and then closes. I followed the directions regarding disabling antivirus and other programs and I hope these logs help. The Attched log is attached to this post. Again, thanks for the reply and your time!




DDS (Ver_09-07-30.01) - NTFSx86
Run by ETHEN at 10:52:16.37 on Mon 08/31/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1722 [GMT -4:00]

AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Program Files\Java\jre6\bin\jusched.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
C:\WINDOWS\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\SAiDownloader.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Internet Explorer\iexplore.exe
C:\Internet Explorer\iexplore.exe
C:\Internet Explorer\iexplore.exe
C:\Internet Explorer\iexplore.exe
C:\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\AVG\AVG8\avgui.exe
d:\IObit\IObit Security 360\IS360srv.exe
D:\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\ETHEN\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\windows\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\windows\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\windows\program files\java\jre6\bin\jusched.exe"
mRun: [SoundMan] soundman.exe
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [mxomssmenu] "d:\maxtor\onetouch status\maxmenumgr.exe"
mRun: [iTunesHelper] "d:\itunes\iTunesHelper.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Adobe Photo Downloader] "d:\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [AVGIDS] "c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSUI.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [Software Informer] "d:\iobit\software informer\softinfo.exe" -autorun
dRun: [fsm]
dRunOnce: [KeyScrambler] c:\program files\keyscrambler\getting_started.html
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} - hxxp://us.bookmarks.yahoo.com/YbConvFav.CAB
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - d:\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\google\google~1\goec62~1.dll \google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\windows\progra~1\window~2\MpShHook.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ethen\applic~1\mozilla\firefox\profiles\2arkiyzd.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\panda security\activescan 2.0\npwrapper.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin7.dll
FF - plugin: c:\program files\windows media player\npdrmv2.dll
FF - plugin: c:\program files\windows media player\npdsplay.dll
FF - plugin: c:\program files\windows media player\npwmsdrm.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll
FF - plugin: c:\windows\program files\java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\windows\program files\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\windows\program files\microsoft silverlight\3.0.40723.0\npctrl.1.0.30401.0.dll
FF - plugin: c:\windows\program files\microsoft silverlight\3.0.40723.0\npctrl.dll
FF - plugin: d:\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\mozilla firefox\plugins\npwbe.dll
FF - plugin: d:\videolan\vlc\npvlc.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
d:\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
d:\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
d:\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
d:\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
d:\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
d:\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
d:\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
d:\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
d:\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
d:\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
d:\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
d:\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
d:\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
d:\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
d:\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
d:\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
d:\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
d:\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
d:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
d:\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
d:\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
d:\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
d:\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2009-7-22 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-8-20 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-20 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-20 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-20 108552]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-8-28 980512]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-20 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-20 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-8-20 1370488]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSWatcher.exe [2009-7-22 571912]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2009-2-25 13088]
R2 IS360service;IS360service;d:\iobit\iobit security 360\is360srv.exe [2009-8-10 305936]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2007-12-16 72672]
R2 Maxtor Sync Service;Maxtor Service;d:\maxtor\sync\SyncServices.exe [2008-7-21 193888]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2009-5-15 935208]
R2 Par1284;Par1284;e:\p-cut\procut production suite\program\Par1284.sys [2008-5-14 53344]
R2 SAiDownloader;SAiDownloader;c:\windows\system32\SAiDownloader.exe [2008-5-14 438272]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2007-4-27 316992]
R2 WinDefend;Windows Defender;c:\windows\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-8-20 29208]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-7-22 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-7-22 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSShim.sys [2009-7-22 27232]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-5-11 114672]
S0 dlflofsu;dlflofsu;c:\windows\system32\drivers\svvhf.sys --> c:\windows\system32\drivers\svvhf.sys [?]
S0 tpmmmlj;tpmmmlj;c:\windows\system32\drivers\arhb.sys --> c:\windows\system32\drivers\arhb.sys [?]
S0 tqzj;tqzj;c:\windows\system32\drivers\psrcnk.sys --> c:\windows\system32\drivers\psrcnk.sys [?]
S0 ydgb;ydgb;c:\windows\system32\drivers\doquhd.sys --> c:\windows\system32\drivers\doquhd.sys [?]
S0 yteky;yteky;c:\windows\system32\drivers\yeeqj.sys --> c:\windows\system32\drivers\yeeqj.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSAgent.exe [2009-7-22 5641736]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-8-20 29208]
S3 FA31x;Netgear FA311/312 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\FA31xND5.SYS [2008-10-1 16025]
S3 fiddrv;fiddrv;c:\windows\system32\drivers\fiddrv.sys [2007-11-25 9896]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-5-11 42112]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-2-28 44928]
S3 SGUARD;SGUARD;\??\c:\windows\system32\drivers\sguard.sys --> c:\windows\system32\drivers\SGuard.sys [?]

=============== Created Last 30 ================

2009-08-28 20:04 56,320 a------- C:\eventlog.dll
2009-08-21 16:01 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-08-20 13:24 <DIR> --d----- c:\docume~1\ethen\applic~1\IObit
2009-08-20 12:27 108,552 -------- c:\windows\system32\drivers\avgtdix.sys
2009-08-20 12:27 12,552 -------- c:\windows\system32\drivers\avgrkx86.sys
2009-08-20 12:27 11,952 -------- c:\windows\system32\avgrsstx.dll
2009-08-20 12:27 335,240 -------- c:\windows\system32\drivers\avgldx86.sys
2009-08-20 12:27 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-08-20 12:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-08-20 12:26 50,968 -------- c:\windows\system32\avgfwdx.dll
2009-08-20 12:26 29,208 -------- c:\windows\system32\drivers\avgfwdx.sys
2009-08-20 12:21 <DIR> --d----- c:\docume~1\ethen\applic~1\AVG8
2009-08-18 21:26 <DIR> --d----- C:\bleep
2009-08-18 19:30 <DIR> --d----- c:\docume~1\ethen\applic~1\Malwarebytes
2009-08-18 18:19 <DIR> --d----- c:\windows\Profiles
2009-08-18 18:17 <DIR> --d----- c:\documents and settings\ethen\WINDOWS
2009-08-18 17:42 <DIR> --d----- c:\docume~1\ethen\applic~1\iolo
2009-08-18 16:57 <DIR> --dsh--- c:\documents and settings\ethen\PrivacIE
2009-08-18 16:52 <DIR> --dsh--- c:\documents and settings\ethen\IETldCache
2009-08-18 16:52 <DIR> --d----- c:\documents and settings\ETHEN
2009-08-16 13:50 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-08-16 13:50 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-08-16 13:44 20 -------- c:\windows\system32\SYSTEM
2009-08-15 21:43 38,160 -------- c:\windows\system32\drivers\MBAMSWISSARMY.SYS
2009-08-15 21:43 19,096 -------- c:\windows\system32\drivers\mbam.sys
2009-08-15 19:49 3,942,048 -------- C:\mwbts.exe
2009-08-13 20:17 <DIR> --d----- c:\windows\system32\Adobe
2009-08-13 20:12 524,288 -------- c:\windows\opuc.dll
2009-08-13 18:44 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-08-13 18:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations
2009-08-13 18:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-08-13 16:12 15,597 -------- c:\windows\system32\accserv.mib
2009-08-13 15:58 <DIR> -cd-h--- c:\windows\ie8
2009-08-11 17:27 55,168 -c------ c:\windows\system32\dllcache\aic78u2.sys
2009-08-11 17:27 12,800 -c------ c:\windows\system32\dllcache\aha154x.sys
2009-08-11 17:27 24,576 -c------ c:\windows\system32\dllcache\agcgauge.ax
2009-08-11 17:17 <DIR> --d----- c:\windows\system32\BackUp
2009-08-10 20:55 119,808 -c------ c:\windows\system32\dllcache\t2embed.dll
2009-08-10 20:55 81,920 -c------ c:\windows\system32\dllcache\fontsub.dll
2009-08-10 20:52 585,216 -c------ c:\windows\system32\dllcache\rpcrt4.dll
2009-08-10 20:49 56,832 -c------ c:\windows\system32\dllcache\secur32.dll
2009-08-10 20:47 354,304 -c------ c:\windows\system32\dllcache\winhttp.dll
2009-08-10 20:45 161,792 -c------ c:\windows\system32\dllcache\msdtcuiu.dll
2009-08-10 20:45 91,648 -c------ c:\windows\system32\dllcache\mtxoci.dll
2009-08-10 20:45 66,560 -c------ c:\windows\system32\dllcache\mtxclu.dll
2009-08-10 20:45 58,880 -c------ c:\windows\system32\dllcache\msdtclog.dll
2009-08-10 20:45 956,928 -c------ c:\windows\system32\dllcache\msdtctm.dll
2009-08-10 20:41 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-08-10 20:41 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-08-10 20:41 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-08-10 20:41 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-08-10 20:41 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-10 20:41 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-08-10 20:41 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-10 20:41 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-10 20:39 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-08-10 20:39 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-08-10 20:30 286,720 -c------ c:\windows\system32\dllcache\gdi32.dll
2009-08-10 20:28 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-08-10 20:26 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-08-10 20:18 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-08-10 20:13 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys

==================== Find3M ====================

2009-08-18 18:16 24,064 -------- c:\windows\autoload.exe
2009-07-30 16:10 114,672 -------- c:\windows\system32\drivers\keyscrambler.sys
2009-07-25 05:23 411,368 -------- c:\windows\system32\deploytk.dll
2009-07-22 17:23 74,760 -------- c:\windows\system32\drivers\UniversalDD.sys
2009-07-22 17:23 25,608 -------- c:\windows\system32\drivers\AVGIDSErHr.sys
2009-07-16 11:24 47,360 -------- c:\windows\system32\drivers\pcouffin.sys
2009-07-07 17:48 94,484 ----h--- c:\windows\system32\mlfcache.dat
2009-06-29 16:55 282,112 -------- c:\windows\system32\mscoree.dll
2009-06-24 15:36 265,797 -------- c:\windows\system32\pdvcodec.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-05 11:42 2,060,288 -------- c:\windows\system32\usbaaplrc.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2007-08-01 13:28 88 ---shr-- c:\windows\system32\239B347DBC.sys
2007-08-01 13:28 2,516 ---sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 10:53:08.40 ===============

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:20 PM

Posted 04 September 2009 - 12:17 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

Disable Realtime Protection
Antimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop. If you have already run ComboFix, delete your old copy and download a new one.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click the GMER program ******.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.

In your next reply include:
-the ComboFix log
-the GMER scan log

Please also tell me of any changes you have made to your computer since you started your topic.

With Regards,
The Panda

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:20 PM

Posted 04 September 2009 - 09:37 PM

From PM:

I ran combofix and after it restarted the computer it seems stalled. The open window of Find3M has been open for about 30 minutes and it's still trying to prepare a report. I turned off all the av am software to the best of my knowledge and directions as posted. What should I do. Again, thanks for the help! I'm not on the computer with the issues.

Please click the X on the ComboFix window (if it's still open by the time you've read this).

Then, take a OTL log.

Download and Run OTListIt
Please download OTListIt by OldTimer to your desktop.
Open OTListIt by double clicking its icon. If you are using Windows Vista, right click OTL.exe and select Run As Administrator.
Click Run Scan without changing any settings. When the scan is complete, a logfile will open.
Copy the contents of the log into your next reply. It will be saved as OTL.txt where OTL.exe is located. The Extra.txt is not needed.

Proceed to running GMER.

With Regards,
The Panda

#6 Zen21

Zen21
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:20 PM

Posted 05 September 2009 - 11:55 AM

Thanks for the help Panda! Since my first posting Aug 18, all that I recall is removing MS Office and adding a-squared free after reading a post here. This was done between my first post and before "DocSatan" replied to my post. a2 free did find a viruses or malware and I'll post that log as well. But once DocSatan replied I don't believe anything was changed other than removing the recent restore points. On the a2 free quarantine log "H" drive is a removable drive.

Since Combofix stalled on the Find3M after reboot and let it run over night, I ended the program as instructed. When Combofix was running I did notice it deleted "C:\System" before reboot. After reboot I now have the IE shortcut back on my desktop but it does not work. Simply exiting out of Combofix/Find3M did not work and I had to end the program. I downloaded OTL as instucted and the OTL log is below the a squared log file and finally the GMER log. One question...should I be running these programs on the user profile that gave me the problem or doesn't it matter? I did run the OTL program on the profile that has the issues.

a-squared free v. 4.5.0.11
© 2003-2009 Emsi Software GmbH - www.emsisoft.com

ID Object
0 H:\System Volume Information\_restore{617F64BF-E53E-4527-B32D-62E602DAC3FF}\RP31\A0007643.EXE Gen.Trojan!IK
1 C:\System Volume Information\_restore{617F64BF-E53E-4527-B32D-62E602DAC3FF}\RP30\A0007570.exe Trojan.Win32.Zapchast.uy!A2
2 C:\Documents and Settings\ETHEN\Application Data\Mozilla\Firefox\Profiles\2arkiyzd.default\cookies.sqlite:1251501143515000 Trace.TrackingCookie.doubleclick.net!A2
3 C:\System Volume Information\_restore{617F64BF-E53E-4527-B32D-62E602DAC3FF}\RP30\A0007525.exe Trojan.Win32.Zapchast.uy!A2
4 C:\System Volume Information\_restore{617F64BF-E53E-4527-B32D-62E602DAC3FF}\RP30\A0007555.exe Trojan.Win32.Zapchast.uy!A2
5 C:\fport\Fport-2.0\Fport.exe Riskware.Hacktool.FPort!IK
6 H:\My Computer\E Drive\TurboTax\Deluxe 2006\32bit\TTXCTBTI.EXE Gen.Trojan!IK
7 C:\Documents and Settings\ETHEN\Cookies\ethen@serving-sys[2].txt Trace.TrackingCookie.serving-sys!A2
8 E:\TurboTax\Deluxe 2006\32bit\TTXATBTI.EXE Gen.Trojan!IK
9 H:\System Volume Information\_restore{617F64BF-E53E-4527-B32D-62E602DAC3FF}\RP31\A0007644.EXE Gen.Trojan!IK
10 E:\TurboTax\Deluxe 2006\32bit\TTXCTBTI.EXE Gen.Trojan!IK
11 H:\My Computer\D Drive\Downloads\right where i want him.mp3 Trojan-Downloader.WMA.Wimad.n!IK
12 C:\System Volume Information\_restore{617F64BF-E53E-4527-B32D-62E602DAC3FF}\RP30\A0007496.exe Trojan.Win32.Zapchast.uy!A2
13 H:\System Volume Information\_restore{617F64BF-E53E-4527-B32D-62E602DAC3FF}\RP31\A0007645.exe Trojan.Agent!IK
14 E:\System Volume Information\_restore{617F64BF-E53E-4527-B32D-62E602DAC3FF}\RP31\A0007603.EXE Gen.Trojan!IK
15 C:\Documents and Settings\ETHEN\Cookies\ethen@com[1].txt Trace.TrackingCookie.com!A2
16 E:\System Volume Information\_restore{617F64BF-E53E-4527-B32D-62E602DAC3FF}\RP31\A0007602.EXE Gen.Trojan!IK
17 H:\System Volume Information\_restore{617F64BF-E53E-4527-B32D-62E602DAC3FF}\RP31\A0007646.exe Riskware.Hacktool.FPort!IK
18 H:\My Computer\C Drive\fport\Fport-2.0\Fport.exe Riskware.Hacktool.FPort!IK
19 E:\New Folderb\Temp\fport.zip Riskware.Hacktool.FPort!IK
20 H:\Maxtor backup\MAIN\History\Level2\C\Documents and Settings\Owner\Desktop\Temp\fport.zip Riskware.Hacktool.FPort!IK
21 C:\System Volume Information\_restore{617F64BF-E53E-4527-B32D-62E602DAC3FF}\RP31\A0007604.exe Riskware.Hacktool.FPort!IK
22 H:\My Computer\C Drive\Documents and Settings\Owner\Desktop\Temp\fport.zip Riskware.Hacktool.FPort!IK
23 H:\My Computer\E Drive\New Folderb\Temp\fport.zip Riskware.Hacktool.FPort!IK
24 H:\My Computer\E Drive\Dead HDD\D\Zone.com Deluxe Games\Bankshot Billiards Deluxe\BankshotBilliardsDeluxe.exe Trojan.Agent!IK
25 C:\Documents and Settings\ETHEN\Application Data\Mozilla\Firefox\Profiles\2arkiyzd.default\cookies.sqlite:1251569076484000 Trace.TrackingCookie.doubleclick.net!A2
26 H:\My Computer\E Drive\TurboTax\Deluxe 2006\32bit\TTXATBTI.EXE Gen.Trojan!IK
27 C:\System Volume Information\_restore{617F64BF-E53E-4527-B32D-62E602DAC3FF}\RP30\A0007539.exe Trojan.Win32.Zapchast.uy!A2
28 C:\Documents and Settings\ETHEN\Cookies\ethen@bs.serving-sys[2].txt Trace.TrackingCookie.bs.serving-sys!A2

END A-Squared quarantine log.


OTL logfile created on: 9/5/2009 12:28:10 PM - Run 3
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3, v.5755 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 91.62% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = ickTime\QTSystem
Drive C: | 83.02 Gb Total Space | 34.77 Gb Free Space | 41.88% Space Free | Partition Type: NTFS
Drive D: | 75.28 Gb Total Space | 65.79 Gb Free Space | 87.39% Space Free | Partition Type: NTFS
Drive E: | 74.58 Gb Total Space | 51.36 Gb Free Space | 68.87% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 465.76 Gb Total Space | 224.91 Gb Free Space | 48.29% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: MAIN
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Program Files\Windows Defender\MsMpEng.exe
PRC - [2007/10/31 01:32:28 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/20 12:26:59 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/20 12:27:03 | 01,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe
PRC - [2009/07/22 17:23:14 | 00,571,912 | R--- | M] (AVG) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\WINDOWS\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/02/25 18:06:42 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/08/20 17:35:12 | 00,305,936 | ---- | M] (IObit) -- d:\IObit\IObit Security 360\IS360srv.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\Program Files\Java\jre6\bin\jusched.exe
PRC - [2002/03/21 11:23:32 | 00,046,592 | ---- | M] (Avance Logic, Inc.) -- C:\WINDOWS\soundman.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- D:\iTunes\iTunesHelper.exe
PRC - [2009/08/20 12:26:59 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2009/08/20 12:27:10 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/07/22 17:23:12 | 01,600,008 | R--- | M] (AVG) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
PRC - [2009/08/20 12:27:10 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/07/16 22:23:34 | 00,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/07/21 18:15:14 | 00,193,888 | ---- | M] (Seagate Technology LLC) -- D:\Maxtor\Sync\SyncServices.exe
PRC - [2003/06/20 03:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2009/05/15 07:35:52 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2006/10/22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009/07/16 21:03:26 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/09/11 12:23:22 | 00,438,272 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\SAiDownloader.exe
PRC - [2007/04/27 01:00:04 | 00,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2007/04/27 07:40:00 | 00,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2001/08/18 08:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe
PRC - [2007/10/31 01:32:56 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe
PRC - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/20 12:26:59 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/20 12:27:10 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\WINDOWS\Program Files\iPod\bin\iPodService.exe
PRC - [2007/10/31 01:33:04 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2009/03/30 16:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
PRC - [2009/08/28 22:10:03 | 00,980,512 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Internet Explorer\iexplore.exe
PRC - [2007/10/31 01:32:48 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2007/10/31 01:32:28 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/10/31 01:33:04 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\Program Files\Java\jre6\bin\jusched.exe
PRC - [2002/03/21 11:23:32 | 00,046,592 | ---- | M] (Avance Logic, Inc.) -- C:\WINDOWS\soundman.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- D:\iTunes\iTunesHelper.exe
PRC - [2005/06/07 00:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- D:\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2009/07/22 17:23:12 | 01,600,008 | R--- | M] (AVG) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
PRC - [2009/06/25 14:30:08 | 00,338,456 | ---- | M] (Starfield Technologies, Inc.) -- C:\WINDOWS\Program Files\Starfield\Desktop Notifier\wben.exe
PRC - [2005/02/25 20:28:03 | 00,212,992 | ---- | M] (Ahead Software) -- C:\Program Files\Nero\data\Xtras\mssysmgr.exe
PRC - [2003/04/14 20:05:20 | 01,498,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\MSMSGS.EXE
PRC - [2009/07/16 22:23:34 | 00,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/09/05 12:06:31 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/08/28 22:10:03 | 00,980,512 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free [Auto | Running])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/20 12:26:59 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/08/20 12:26:59 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2009/08/20 12:27:03 | 01,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe -- (avgfws8 [Auto | Running])
SRV - [2009/07/22 17:23:10 | 05,641,736 | R--- | M] (AVG) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent [Auto | Stopped])
SRV - [2009/07/22 17:23:14 | 00,571,912 | R--- | M] (AVG) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe -- (AVGIDSWatcher [Auto | Running])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\WINDOWS\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - File not found -- -- (GoogleDesktopManager [On_Demand | Stopped])
SRV - [2007/10/31 01:32:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/02/25 18:06:42 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\WINDOWS\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/08/20 17:35:12 | 00,305,936 | ---- | M] (IObit) -- d:\IObit\IObit Security 360\IS360srv.exe -- (IS360service [Auto | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/01/09 13:56:00 | 00,049,152 | ---- | M] () -- C:\WINDOWS\System32\LxrSII1s.exe -- (LxrSII1s [On_Demand | Stopped])
SRV - [2008/07/21 18:15:14 | 00,193,888 | ---- | M] (Seagate Technology LLC) -- D:\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service [Auto | Running])
SRV - [2003/06/20 03:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2009/05/15 07:35:52 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0 [Auto | Running])
SRV - [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [On_Demand | Stopped])
SRV - [2006/10/22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing [On_Demand | Stopped])
SRV - [2009/07/16 21:03:26 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
SRV - [2008/11/18 15:45:28 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
SRV - [2006/12/13 23:17:26 | 00,057,344 | ---- | M] (Sonic Solutions) -- D:\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [Disabled | Stopped])
SRV - [2006/12/13 23:17:02 | 00,294,912 | ---- | M] (Sonic Solutions) -- D:\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Disabled | Stopped])
SRV - [2007/01/16 13:44:48 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [Disabled | Stopped])
SRV - [2007/09/11 12:23:22 | 00,438,272 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\SAiDownloader.exe -- (SAiDownloader [Auto | Running])
SRV - [2007/04/27 01:00:04 | 00,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer [Auto | Running])
SRV - [2007/04/27 07:40:00 | 00,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer [Auto | Running])
SRV - [2001/08/18 08:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (SimpTcp [Auto | Running])
SRV - [2007/10/31 01:32:56 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe -- (SNMP [Auto | Running])
SRV - [2007/01/15 09:05:30 | 00,073,728 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/11/18 21:02:00 | 00,329,056 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\DRIVERS\3c1807pd.sys -- (3c1807pd [On_Demand | Running])
DRV - [2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2002/03/25 21:13:54 | 00,303,948 | ---- | M] (Avance Logic, Inc.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [1999/09/10 07:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])
DRV - [2009/08/20 12:26:51 | 00,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\avgfwdx.sys -- (Avgfwdx [On_Demand | Running])
DRV - [2009/08/20 12:26:51 | 00,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\avgfwdx.sys -- (Avgfwfd [On_Demand | Stopped])
DRV - [2009/07/22 17:23:40 | 00,121,352 | R--- | M] (AVG Technologies ) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys -- (AVGIDSDriver [On_Demand | Running])
DRV - [2009/07/22 17:23:40 | 00,025,608 | ---- | M] (AVG Technologies ) -- C:\WINDOWS\System32\Drivers\AVGIDSErHr.sys -- (AVGIDSErHr [Boot | Running])
DRV - [2009/07/22 17:23:40 | 00,030,216 | ---- | M] (AVG Technologies ) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys -- (AVGIDSFilter [On_Demand | Running])
DRV - [2009/07/22 17:23:40 | 00,027,232 | ---- | M] (AVG Technologies ) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys -- (AVGIDSShim [On_Demand | Running])
DRV - [2009/08/20 12:27:42 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/08/20 12:27:41 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/08/20 12:27:49 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86 [Boot | Running])
DRV - [2009/08/20 12:27:49 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2006/11/01 09:59:10 | 00,035,064 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLABMFSM.SYS -- (DLABMFSM [Auto | Running])
DRV - [2006/11/01 09:59:04 | 00,032,472 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2006/09/15 10:45:24 | 00,012,920 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2006/11/01 09:59:36 | 00,009,400 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLADResM.SYS -- (DLADResM [Auto | Running])
DRV - [2006/11/01 09:59:02 | 00,104,760 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2006/11/01 09:59:06 | 00,026,744 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2006/11/01 09:59:02 | 00,014,520 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2006/09/15 10:45:22 | 00,028,184 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])
DRV - [2006/11/01 09:59:10 | 00,094,648 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2006/11/01 09:59:08 | 00,098,104 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2006/10/25 09:22:22 | 00,099,816 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2006/09/15 10:42:52 | 00,051,768 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2001/08/17 08:12:32 | 00,016,074 | ---- | M] (NETGEAR Corp.) -- C:\WINDOWS\System32\DRIVERS\FA312nd5.sys -- (FA312 [On_Demand | Running])
DRV - [2001/04/17 18:41:00 | 00,016,025 | ---- | M] (NETGEAR Corp.) -- C:\WINDOWS\System32\DRIVERS\FA31xND5.SYS -- (FA31x [On_Demand | Stopped])
DRV - [2007/11/25 20:33:41 | 00,009,896 | ---- | M] () -- C:\WINDOWS\System32\drivers\fiddrv.sys -- (fiddrv [On_Demand | Stopped])
DRV - [2008/03/13 09:51:52 | 00,057,536 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\ftdibus.sys -- (FTDIBUS [On_Demand | Stopped])
DRV - [2008/03/13 09:50:02 | 00,072,000 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\ftser2k.sys -- (FTSER2K [On_Demand | Stopped])
DRV - [2007/10/30 19:47:08 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2009/07/30 16:10:06 | 00,114,672 | ---- | M] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys -- (KeyScrambler [On_Demand | Running])
DRV - [2006/01/10 10:52:00 | 00,072,672 | ---- | M] () -- C:\WINDOWS\System32\Drivers\LxrSII1d.sys -- (LxrSII1d [Auto | Running])
DRV - [2007/05/04 17:04:04 | 00,042,112 | ---- | M] (Motorola Inc) -- C:\WINDOWS\System32\DRIVERS\motodrv.sys -- (MotDev [On_Demand | Stopped])
DRV - [2007/05/04 16:54:08 | 00,022,528 | ---- | M] (Motorola) -- C:\WINDOWS\System32\DRIVERS\motmodem.sys -- (motmodem [On_Demand | Stopped])
DRV - [2001/08/17 10:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
DRV - [2007/05/03 14:37:08 | 00,022,152 | ---- | M] (Maxtor Corp.) -- C:\WINDOWS\System32\DRIVERS\mxopswd.sys -- (MXOPSWD [On_Demand | Running])
DRV - [2006/10/22 13:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2001/08/17 08:50:26 | 00,731,648 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4.sys -- (nv4 [On_Demand | Stopped])
DRV - [2007/05/18 12:12:50 | 00,053,344 | ---- | M] (Warp Nine Engineering) -- e:\P-Cut\ProCut Production Suite\Program\Par1284.sys -- (Par1284 [Auto | Running])
DRV - [2009/07/16 11:24:07 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2004/05/05 22:48:40 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Running])
DRV - [2001/08/18 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/08/09 04:00:00 | 00,036,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/12/02 13:19:30 | 00,050,688 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\RxFilter.sys -- (RxFilter [Disabled | Stopped])
DRV - [2007/06/05 11:56:40 | 00,044,928 | ---- | M] (Panda Software) -- C:\WINDOWS\System32\DRIVERS\SDTHOOK.sys -- (SDTHOOK [On_Demand | Stopped])
DRV - [2006/12/29 21:22:36 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/04/27 07:40:00 | 00,090,688 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel [Auto | Running])
DRV - [2002/09/26 15:41:58 | 00,029,312 | R--- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (sisagp [Boot | Running])
DRV - [2003/03/25 18:50:46 | 00,004,096 | R--- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide [Boot | Running])
DRV - [2002/10/17 16:14:46 | 00,049,024 | R--- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex [Boot | Running])
DRV - [2002/08/20 18:19:08 | 00,009,472 | R--- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf [Boot | Running])
DRV - [2009/02/13 22:13:28 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2005/10/09 02:05:16 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
DRV - [2009/06/05 11:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2001/08/17 09:28:26 | 00,113,762 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\DRIVERS\USRpdA.sys -- (USRpdA [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/defaulta.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 C2 F2 D6 03 25 CA 01 [binary data]
IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.6.0623
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.5.0.0
FF - prefs.js..extensions.enabledItems: service@touchpdf.com:1.13
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.1
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090414
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.507.024.001
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p="


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\WINDOWS\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/17 11:19:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/08/20 12:26:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/08/20 12:27:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: D:\Mozilla Firefox\components [2009/08/28 19:09:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: D:\Mozilla Firefox\plugins [2009/08/12 11:17:51 | 00,000,000 | ---D | M]

[2009/04/15 18:46:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2009/02/13 21:52:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/15 18:46:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/09/04 13:13:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\vpfgam68.default\extensions
[2009/08/15 17:49:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\vpfgam68.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/06/29 10:00:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\vpfgam68.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/08/11 18:55:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\vpfgam68.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2009/08/11 18:20:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\vpfgam68.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/07/17 13:58:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\vpfgam68.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2009/08/10 20:00:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\vpfgam68.default\extensions\keyscrambler@qfx.software.corporation
[2009/07/17 13:58:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\vpfgam68.default\extensions\service@touchpdf.com
[2008/12/12 14:23:54 | 00,002,158 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\vpfgam68.default\searchplugins\MySpace.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\WINDOWS\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\WINDOWS\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Photo Downloader] D:\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVGIDS] C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe (AVG)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] D:\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mxomssmenu] D:\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Avance Logic, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\WINDOWS\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Nero\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - HKCU..\Run: [wben] C:\WINDOWS\Program Files\Starfield\Desktop Notifier\wben.exe (Starfield Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecConsole = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9 - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} http://us.bookmarks.yahoo.com/YbConvFav.CAB (YbUploadFavsCtl Class)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 24.229.54.220 207.44.96.129 204.186.0.201
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - D:\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\WINDOWS\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/22 02:41:41 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/10 08:48:26 | 00,000,032 | ---- | M] () - H:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (smrgdf) - C:\WINDOWS\System32\smrgdf.exe ()
O34 - HKLM BootExecute: (D:\iolo\System) - File not found
O34 - HKLM BootExecute: (Mechanic) - File not found
O34 - HKLM BootExecute: (5") - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/05 12:25:02 | 03,192,102 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2009/09/05 12:25:02 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/09/05 12:25:02 | 00,288,768 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\5i9lsi0v.exe
[2009/09/05 12:25:02 | 00,000,287 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Infected with unknown malware.url
[2009/09/05 12:23:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (3)
[2009/09/05 12:19:39 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/09/04 21:17:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\tsystem
[2009/09/04 21:09:02 | 00,000,210 | ---- | C] () -- C:\Boot.bak
[2009/09/04 21:09:00 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/09/04 21:08:58 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/09/04 21:02:36 | 00,230,912 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/04 21:02:36 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/09/04 21:02:36 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/09/04 21:02:36 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/09/04 21:02:36 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/09/04 21:02:36 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/09/04 21:02:36 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/04 21:02:36 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/09/04 21:02:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/04 21:02:30 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF30804.exe
[2009/09/04 21:02:30 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/09/04 21:02:26 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/02 20:10:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder
[2009/09/01 19:46:29 | 00,000,374 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\www.neons.org Search.url
[2009/09/01 19:46:00 | 00,000,271 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\www.neons.org View topic - Car broke down yet again! Stalls after warms up and..... (2).url
[2009/09/01 19:45:03 | 00,000,260 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\www.neons.org View topic - Car broke down yet again! Stalls after warms up and......url
[2009/09/01 19:40:40 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\96-99OBDII.doc
[2009/08/28 22:06:45 | 00,000,632 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2009/08/28 20:04:41 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\eventlog.dll
[2009/08/26 20:50:22 | 08,648,672 | ---- | C] (IObit ) -- C:\Documents and Settings\Owner\Desktop\is360setup.exe
[2009/08/24 20:04:19 | 00,000,561 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Mozilla Firefox.lnk
[2009/08/24 17:28:53 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Kieras Christmas list 2004.doc
[2009/08/21 15:11:42 | 00,000,240 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AVG Free Forum AVG 8.5 Free Edition Program Update issue - build 233.url
[2009/08/21 10:54:51 | 00,018,046 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Neon Fuel Filler.odt
[2009/08/21 10:42:59 | 00,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2BF29590-F45E-47F4-B2DE-15DA8E3A6B56}.job
[2009/08/20 21:01:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Security Toolbar
[2009/08/20 14:14:11 | 00,000,328 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009/08/20 12:27:49 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/20 12:27:49 | 00,012,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/08/20 12:27:49 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/20 12:27:49 | 00,001,491 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.5.lnk
[2009/08/20 12:27:42 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/20 12:27:41 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/20 12:27:25 | 40,603,993 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/20 12:27:23 | 00,076,683 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/20 12:27:21 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/20 12:27:19 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/20 12:27:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/08/20 12:27:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/08/20 12:26:51 | 00,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2009/08/20 12:26:51 | 00,029,208 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2009/08/20 11:04:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2009/08/18 21:30:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\bleep
[2009/08/18 21:26:11 | 00,000,000 | ---D | C] -- C:\bleep
[2009/08/18 19:44:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\HiJackThis
[2009/08/18 19:32:10 | 00,000,483 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/18 18:19:06 | 00,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat Reader 4.0.lnk
[2009/08/18 18:19:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\Profiles
[2009/08/18 17:53:37 | 01,510,460 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\New Settings File.OPS
[2009/08/18 17:25:51 | 00,002,093 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2009/08/18 16:58:11 | 00,000,394 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6A0EC750-D229-4077-A2ED-918FE52462A7}.job
[2009/08/18 15:57:56 | 00,000,573 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to RegSeeker.exe.lnk
[2009/08/18 15:16:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Promosoft Corporation
[2009/08/18 14:17:46 | 01,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Owner\Desktop\WinsockxpFix.exe
[2009/08/18 13:22:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\xp_secconsole
[2009/08/18 13:22:03 | 00,521,301 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\xp_secconsole.zip
[2009/08/18 12:58:39 | 00,003,601 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\wininstaller.reg
[2009/08/18 12:56:32 | 00,001,118 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\checkassoc.reg
[2009/08/18 12:54:47 | 00,000,158 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\defaultbrowser.reg
[2009/08/18 12:53:56 | 00,000,786 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1606.vbs
[2009/08/16 17:06:52 | 00,000,729 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to iexplore.exe.lnk
[2009/08/16 17:00:45 | 00,000,311 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\- How to make IE default browser again.url
[2009/08/16 15:06:37 | 00,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2009.lnk
[2009/08/16 15:06:37 | 00,001,224 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Process Credit Cards in QuickBooks.lnk
[2009/08/16 15:06:37 | 00,001,180 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Support for QuickBooks.lnk
[2009/08/16 15:06:37 | 00,001,180 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Intuit.com Services.lnk
[2009/08/16 15:06:37 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Checks & More for QuickBooks.lnk
[2009/08/16 15:06:37 | 00,001,140 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Payroll for QuickBooks.lnk
[2009/08/16 13:50:58 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/08/16 13:50:58 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/08/16 13:44:56 | 00,000,020 | ---- | C] () -- C:\WINDOWS\System32\SYSTEM
[2009/08/16 13:36:46 | 00,004,566 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/08/15 21:43:48 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSWISSARMY.SYS
[2009/08/15 21:43:46 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/15 20:48:24 | 00,359,656 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\msicuu2(2).exe
[2009/08/15 20:06:29 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/15 20:06:29 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/15 20:06:29 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/15 19:49:14 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\mwbts.exe
[2009/08/15 19:49:02 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mwbts.exe
[2009/08/15 15:13:03 | 00,000,116 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\New Internet Shortcut (5).url
[2009/08/14 21:26:05 | 00,001,066 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20090814_212604.reg
[2009/08/14 20:39:11 | 00,004,992 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20090814_203910.reg
[2009/08/14 20:28:09 | 00,042,688 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20090814_202808.reg
[2009/08/14 20:24:55 | 00,003,562 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20090814_202454.reg
[2009/08/14 20:08:46 | 00,190,362 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20090814_200844.reg
[2009/08/14 18:42:10 | 00,005,164 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20090814_184208.reg
[2009/08/14 18:39:23 | 00,198,290 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20090814_183920.reg
[2009/08/14 17:05:46 | 00,001,532 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2009/08/14 15:14:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\clrav
[2009/08/14 14:15:39 | 00,007,344 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\user.conf
[2009/08/14 13:12:51 | 00,144,158 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\clrav.zip
[2009/08/14 12:26:09 | 00,000,144 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\New Internet Shortcut (4).url
[2009/08/14 11:07:25 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$obe Reader manual remove.doc
[2009/08/13 20:17:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/08/13 20:12:00 | 00,524,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\opuc.dll
[2009/08/13 18:44:16 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/08/13 18:06:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/08/13 18:04:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/08/13 16:29:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\DVD Folder
[2009/08/13 16:14:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/08/13 16:14:56 | 00,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2009/08/13 16:14:56 | 00,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2009/08/13 16:14:56 | 00,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2009/08/13 16:14:56 | 00,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2009/08/13 16:14:56 | 00,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2009/08/13 16:14:56 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/08/13 16:14:56 | 00,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2009/08/13 16:14:56 | 00,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2009/08/13 16:14:56 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/08/13 16:14:56 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/08/13 16:14:56 | 00,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2009/08/13 16:14:56 | 00,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2009/08/13 16:14:55 | 00,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2009/08/13 16:14:55 | 00,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2009/08/13 16:14:55 | 00,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2009/08/13 16:14:55 | 00,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2009/08/13 16:14:55 | 00,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2009/08/13 16:14:55 | 00,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2009/08/13 16:14:55 | 00,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2009/08/13 16:12:32 | 00,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2009/08/13 16:07:29 | 00,000,138 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\New Internet Shortcut (3).url
[2009/08/13 16:00:25 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer Troubleshooting.url
[2009/08/13 15:58:26 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/08/13 14:52:01 | 00,000,974 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to IE8-WindowsXP-x86-ENU.exe.lnk
[2009/08/13 14:45:42 | 00,000,346 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/08/12 18:04:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\2009-07-14
[2009/08/12 18:04:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Any DVD Converter Professional
[2009/08/12 17:59:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Any Video Converter
[2009/08/12 17:59:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Arthur First Grade
[2009/08/12 17:59:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Baby pics
[2009/08/12 17:59:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\CD Lists
[2009/08/12 17:58:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Corel User Files
[2009/08/12 17:58:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\DISNEY TRIP
[2009/08/12 17:53:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\DivXToDvd
[2009/08/12 17:53:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\DOT
[2009/08/12 17:52:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\DRA
[2009/08/12 17:52:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Fax
[2009/08/12 17:52:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Giant 6-26 customer complaint_files
[2009/08/12 17:52:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Health Care Docs
[2009/08/12 17:24:55 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\Hennessey Grafix
[2009/08/12 17:24:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ITC
[2009/08/12 17:24:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\JVC
[2009/08/12 17:24:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ItsDeductible2006
[2009/08/12 17:24:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Morpheus Playlists
[2009/08/12 17:22:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Morpheus Shared
[2009/08/12 17:22:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Mt Luther_files
[2009/08/12 17:22:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Albums
[2009/08/12 17:22:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Google Gadgets
[2009/08/12 17:22:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Library
[2009/08/12 16:53:45 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Music
[2009/08/12 16:52:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My PDF's
[2009/08/12 16:37:15 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Pictures
[2009/08/12 16:37:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Received Files
[2009/08/12 16:37:01 | 00,000,000 | R-SD | C] -- C:\Documents and Settings\Owner\My Documents\My Stationery
[2009/08/12 16:36:53 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos
[2009/08/12 16:36:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Widgets
[2009/08/12 16:36:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Nero Recode
[2009/08/12 16:36:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Nero Collections
[2009/08/12 16:36:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\MySpaceIM Pics
[2009/08/12 16:27:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\NeroVision
[2009/08/12 16:26:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\PcSetup
[2009/08/12 16:26:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Old Family Pics
[2009/08/12 16:25:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Saved Searches
[2009/08/12 16:25:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Quarantine
[2009/08/12 16:25:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\PM Projects
[2009/08/12 16:25:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\SCANNED DOCUMENTS
[2009/08/12 16:25:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Tami's stuff
[2009/08/12 16:25:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Total 3D Landscape
[2009/08/12 16:25:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Total 3D Home
[2009/08/12 16:24:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Kiera's Folder
[2009/08/12 16:21:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Traci's Projects
[2009/08/12 16:21:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Turbo Lister
[2009/08/12 16:21:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Turbo Lister Backup
[2009/08/12 16:21:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\TurboTax
[2009/08/12 16:19:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Word Docs
[2009/08/12 16:17:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Work
[2009/08/12 12:27:49 | 00,133,120 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1606.doc
[2009/08/12 12:23:35 | 00,000,182 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\New Internet Shortcut (2).url
[2009/08/11 19:07:42 | 00,000,971 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to AdbeRdr910_en_US_Std.exe.lnk
[2009/08/11 18:55:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\LastPass
[2009/08/11 17:48:23 | 00,000,605 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Baseline Security Analyzer 2.1.lnk
[2009/08/11 17:37:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Software Informer
[2009/08/11 17:36:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2009/08/11 17:27:23 | 00,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2009/08/11 17:27:23 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2009/08/11 17:27:20 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2009/08/11 17:20:46 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2009/08/11 17:20:46 | 00,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2009/08/11 17:20:45 | 00,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2009/08/11 17:20:45 | 00,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2009/08/11 17:20:45 | 00,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2009/08/11 17:20:44 | 00,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2009/08/11 17:20:44 | 00,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2009/08/11 17:20:44 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2009/08/11 17:20:43 | 00,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2009/08/11 17:20:42 | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2009/08/11 17:20:42 | 00,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2009/08/11 17:20:42 | 00,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2009/08/11 17:20:41 | 00,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2009/08/11 17:20:40 | 00,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2009/08/11 17:20:40 | 00,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2009/08/11 17:20:40 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2009/08/11 17:20:39 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2009/08/11 17:20:39 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2009/08/11 17:20:37 | 00,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2009/08/11 17:20:37 | 00,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2009/08/11 17:20:37 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2009/08/11 17:20:36 | 00,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2009/08/11 17:20:36 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2009/08/11 17:20:27 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2009/08/11 17:17:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\BackUp
[2009/08/10 20:55:38 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2009/08/10 20:55:38 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2009/08/10 20:52:31 | 00,585,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2009/08/10 20:49:15 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\secur32.dll
[2009/08/10 20:47:13 | 00,354,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll
[2009/08/10 20:45:11 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2009/08/10 20:45:11 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2009/08/10 20:45:11 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxclu.dll
[2009/08/10 20:45:11 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2009/08/10 20:45:10 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2009/08/10 20:41:59 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/08/10 20:41:57 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/08/10 20:41:57 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/08/10 20:41:56 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/08/10 20:41:56 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/08/10 20:41:56 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/08/10 20:41:54 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/08/10 20:41:51 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/08/10 20:39:54 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/08/10 20:39:53 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/08/10 20:30:44 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
[2009/08/10 20:28:18 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/08/10 20:26:42 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/08/10 20:18:56 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/08/10 20:13:41 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/08/07 11:03:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (2)
[2009/07/14 10:04:46 | 00,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/06/01 13:43:15 | 00,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/02/16 22:37:47 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/16 22:37:47 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/02/16 20:31:11 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/02/16 20:31:11 | 00,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/01/31 12:55:25 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/30 14:47:36 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/11/05 19:02:55 | 00,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/09/17 14:41:07 | 00,000,013 | ---- | C] () -- C:\WINDOWS\System32\NFrs.drv
[2008/06/05 20:48:08 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2008/06/05 20:48:08 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2008/06/05 20:48:08 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2008/06/05 20:48:07 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2008/02/28 21:02:17 | 00,000,031 | ---- | C] () -- C:\WINDOWS\bewin32.INI
[2007/12/16 16:12:20 | 00,072,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
[2007/12/15 12:20:46 | 00,000,146 | ---- | C] () -- C:\WINDOWS\ATOMTIME.INI
[2007/11/25 20:33:41 | 00,009,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\fiddrv.sys
[2007/05/11 10:55:19 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\239B347DBC.sys
[2007/05/11 10:48:47 | 00,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/03/02 19:56:32 | 00,000,147 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2007/03/02 13:52:59 | 00,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2007/02/25 12:40:16 | 00,032,768 | R--- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2007/02/25 12:40:06 | 00,001,045 | ---- | C] () -- C:\WINDOWS\System32\2_ssetup.ini
[2007/02/25 12:40:06 | 00,000,926 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2007/02/25 12:40:06 | 00,000,033 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2007/02/23 15:14:59 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2007/02/22 10:55:03 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/23 16:15:22 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/01/17 13:57:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/12/14 00:01:36 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/12/14 00:01:36 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/10/22 13:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 13:22:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 13:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 13:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 13:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 13:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/06/29 15:47:28 | 00,003,072 | ---- | C] () -- C:\WINDOWS\WinIo.sys
[2001/08/18 08:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/18 08:00:00 | 00,000,664 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/18 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[2009/09/05 12:25:00 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2BF29590-F45E-47F4-B2DE-15DA8E3A6B56}.job
[2009/09/05 12:25:00 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{89442B34-00E2-44D7-BB2C-265B72E172D4}.job
[2009/09/05 12:25:00 | 00,000,394 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{572CF56A-69DB-42D6-8532-895FC5D0B8B1}.job
[2009/09/05 12:24:40 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/09/05 12:11:50 | 00,000,394 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6A0EC750-D229-4077-A2ED-918FE52462A7}.job
[2009/09/05 12:07:28 | 00,000,287 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Infected with unknown malware.url
[2009/09/05 12:06:31 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/09/04 21:21:19 | 00,000,346 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/04 21:19:25 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/04 21:18:13 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/04 21:17:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/04 21:17:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/04 21:09:02 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/09/04 21:02:23 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF30804.exe
[2009/09/04 20:54:52 | 21,900,328 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/09/04 20:42:21 | 00,288,768 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\5i9lsi0v.exe
[2009/09/04 20:39:14 | 03,192,102 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2009/09/04 13:00:03 | 40,603,993 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/04 12:57:02 | 00,013,070 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/03 22:25:22 | 00,230,912 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/03 11:15:27 | 00,076,683 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/02 21:46:54 | 00,000,509 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\WINPAGE.EXE.lnk
[2009/09/02 20:25:53 | 00,001,981 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/01 19:46:29 | 00,000,374 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\www.neons.org Search.url
[2009/09/01 19:46:00 | 00,000,271 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\www.neons.org View topic - Car broke down yet again! Stalls after warms up and..... (2).url
[2009/09/01 19:45:03 | 00,000,260 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\www.neons.org View topic - Car broke down yet again! Stalls after warms up and......url
[2009/09/01 19:40:42 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\96-99OBDII.doc
[2009/08/28 22:06:45 | 00,000,632 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2009/08/28 17:48:11 | 00,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/28 15:20:56 | 00,522,544 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/28 15:20:56 | 00,442,240 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/28 15:20:56 | 00,071,540 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/28 15:06:59 | 00,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/26 20:50:26 | 08,648,672 | ---- | M] (IObit ) -- C:\Documents and Settings\Owner\Desktop\is360setup.exe
[2009/08/26 18:09:55 | 00,000,483 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/24 20:04:19 | 00,000,561 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Mozilla Firefox.lnk
[2009/08/23 22:24:46 | 00,000,328 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009/08/21 15:11:42 | 00,000,240 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AVG Free Forum AVG 8.5 Free Edition Program Update issue - build 233.url
[2009/08/21 12:52:17 | 00,000,664 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/21 10:57:08 | 00,018,046 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Neon Fuel Filler.odt
[2009/08/20 12:27:49 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/20 12:27:49 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/08/20 12:27:49 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/20 12:27:49 | 00,001,491 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.5.lnk
[2009/08/20 12:27:42 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/20 12:27:41 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/20 12:27:23 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/20 12:27:21 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/20 12:26:51 | 00,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2009/08/20 12:26:51 | 00,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2009/08/18 20:09:02 | 00,000,210 | ---- | M] () -- C:\Boot.bak
[2009/08/18 18:19:06 | 00,000,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat Reader 4.0.lnk
[2009/08/18 18:16:26 | 00,024,064 | ---- | M] () -- C:\WINDOWS\autoload.exe
[2009/08/18 17:53:39 | 01,510,460 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\New Settings File.OPS
[2009/08/18 16:30:29 | 00,130,640 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/18 16:30:02 | 00,441,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/18 15:57:56 | 00,000,573 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to RegSeeker.exe.lnk
[2009/08/18 14:32:04 | 00,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090826-211747.backup
[2009/08/18 14:17:53 | 01,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Owner\Desktop\WinsockxpFix.exe
[2009/08/18 13:22:07 | 00,521,301 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\xp_secconsole.zip
[2009/08/18 12:58:40 | 00,003,601 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\wininstaller.reg
[2009/08/18 12:56:33 | 00,001,118 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\checkassoc.reg
[2009/08/18 12:54:48 | 00,000,158 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\defaultbrowser.reg
[2009/08/18 12:54:00 | 00,000,786 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1606.vbs
[2009/08/16 17:06:53 | 00,000,729 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to iexplore.exe.lnk
[2009/08/16 17:00:45 | 00,000,311 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\- How to make IE default browser again.url
[2009/08/16 16:01:29 | 00,000,090 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/08/16 15:06:37 | 00,002,093 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2009/08/16 15:06:37 | 00,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2009.lnk
[2009/08/16 15:06:37 | 00,001,224 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Process Credit Cards in QuickBooks.lnk
[2009/08/16 15:06:37 | 00,001,180 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Support for QuickBooks.lnk
[2009/08/16 15:06:37 | 00,001,180 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Intuit.com Services.lnk
[2009/08/16 15:06:37 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Checks & More for QuickBooks.lnk
[2009/08/16 15:06:37 | 00,001,140 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Payroll for QuickBooks.lnk
[2009/08/16 13:44:56 | 00,000,020 | ---- | M] () -- C:\WINDOWS\System32\SYSTEM
[2009/08/16 12:54:50 | 00,002,407 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/08/15 20:47:30 | 00,359,656 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\msicuu2(2).exe
[2009/08/15 19:44:54 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\mwbts.exe
[2009/08/15 19:44:54 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mwbts.exe
[2009/08/15 15:13:13 | 00,000,116 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\New Internet Shortcut (5).url
[2009/08/14 21:26:07 | 00,001,066 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20090814_212604.reg
[2009/08/14 20:39:14 | 00,004,992 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20090814_203910.reg
[2009/08/14 20:28:13 | 00,042,688 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20090814_202808.reg
[2009/08/14 20:24:59 | 00,003,562 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20090814_202454.reg
[2009/08/14 20:08:50 | 00,190,362 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20090814_200844.reg
[2009/08/14 18:42:15 | 00,005,164 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20090814_184208.reg
[2009/08/14 18:39:54 | 00,198,290 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20090814_183920.reg
[2009/08/14 17:05:46 | 00,001,532 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2009/08/14 13:38:05 | 00,007,344 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\user.conf
[2009/08/14 13:13:36 | 00,144,158 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\clrav.zip
[2009/08/14 12:26:15 | 00,000,144 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\New Internet Shortcut (4).url
[2009/08/14 11:07:25 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$obe Reader manual remove.doc
[2009/08/13 16:38:40 | 02,105,344 | ---- | M] () -- C:\WINDOWS\System32\secsetup.sdb
[2009/08/13 16:07:37 | 00,000,138 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\New Internet Shortcut (3).url
[2009/08/13 16:00:25 | 00,000,134 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer Troubleshooting.url
[2009/08/13 14:52:01 | 00,000,974 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to IE8-WindowsXP-x86-ENU.exe.lnk
[2009/08/12 12:28:47 | 00,133,120 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1606.doc
[2009/08/12 12:23:41 | 00,000,182 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\New Internet Shortcut (2).url
[2009/08/11 21:25:03 | 00,438,141 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2009/08/11 19:07:42 | 00,000,971 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to AdbeRdr910_en_US_Std.exe.lnk
[2009/08/11 17:48:23 | 00,000,605 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Baseline Security Analyzer 2.1.lnk
[2009/08/11 16:18:42 | 00,134,288 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\mscoree.dll:SummaryInformation
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1
< End of report >




GMER 1.0.15.15077 [5i9lsi0v.exe] - http://www.gmer.net
Rootkit quick scan 2009-09-05 12:46:48
Windows 5.1.2600 Service Pack 3, v.5755


---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice sisidex.sys (SISIDEX Driver/Windows ® 2000 DDK provider)

Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:20 PM

Posted 05 September 2009 - 12:16 PM

Hello.

Those logs look clean. Please tell me what issues are still present.

With Regards,
The Panda

#8 Zen21

Zen21
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:20 PM

Posted 05 September 2009 - 01:32 PM

Well I had a shortcut on my desktop for this topic and when I clicked on it access was denied. Also Adobe Reader does not install. I had to put on Reader 4. System Mechanic will not install. Malwarebytes will not run on "owner" profile only ran when I created another profile. As I watched Combofix run it appeared to find things (C:\System was one of them) and remove them but it froze after reboot.

Before (months ago) I had Kasperski Internet security and it would never block or find anything. Neither would Malwarebytes or Spybot. No online scan would work either. But when the computer would make sounds without users input and when I was denied access because I did not have admin privleges I became suspicious. Started researching and downloaded AVG. AVG found the Shuer2 virus and it said it removed it but the pop ups of not having admin privleges kept coming. After reading a post here, I downloaded the A2 free and it found a host of viruses as posted previously. As I write this there are 10 svchost files running and a "system" PID 4 file with no extention running. AVG identity protection is always allowing a ton of temp files to run and are similar to the following C:\windows\temp\c60cf967-29b3-44a6-822a-6c23333591aaa.tmp. There are about one hundred or more of these files allowed to run and this was only one day. I don't have a clue what these items are but I'm assuming combofix found something?

#9 Zen21

Zen21
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:20 PM

Posted 05 September 2009 - 01:58 PM

Okay, I was able to run Combofix without having it freak out. The log is posted below. Thanks in advance!!!

ComboFix 09-09-03.02 - Owner 09/05/2009 14:45.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2034 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

H:\Autorun.inf
.
---- Previous Run -------
.
c:\documents and settings\Owner\Application Data\inst.exe
c:\windows\Installer\1e4eea.msp
c:\windows\Installer\1e4eeb.msp
c:\windows\Installer\1e4eec.msp
c:\windows\Installer\1e4eed.msp
c:\windows\Installer\1e4eee.msp
c:\windows\Installer\1e4eef.msp
c:\windows\Installer\1e4ef0.msp
c:\windows\Installer\1e4ef1.msp
c:\windows\Installer\1e4ef2.msp
c:\windows\Installer\45597b.msp
c:\windows\Installer\45597c.msp
c:\windows\Installer\45597d.msp
c:\windows\Installer\45597e.msp
c:\windows\Installer\45597f.msp
c:\windows\Installer\455980.msp
c:\windows\Installer\455981.msp
c:\windows\Installer\455982.msp
c:\windows\Installer\455983.msp
c:\windows\Installer\6206ec2.msi
c:\windows\Installer\873520.msi
c:\windows\Installer\c0dbd4.msp
c:\windows\Installer\c0dbd5.msp
c:\windows\Installer\c0dbd6.msp
c:\windows\Installer\c0dbd7.msp
c:\windows\Installer\c0dbd8.msp
c:\windows\Installer\c0dbd9.msp
c:\windows\Installer\c0dbda.msp
c:\windows\Installer\c0dbdb.msp
c:\windows\Installer\c0dbdc.msp
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN


((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
.

2009-09-05 01:17 . 2009-09-05 01:17 -------- d-----w- c:\windows\system32\tsystem
2009-08-31 20:12 . 2009-08-31 20:12 -------- d-----w- c:\documents and settings\ETHEN\Local Settings\Application Data\Broderbund Software
2009-08-31 18:28 . 2009-08-31 18:28 -------- d-----w- c:\documents and settings\ETHEN\Local Settings\Application Data\Acelogix
2009-08-29 00:04 . 2007-10-31 05:31 56320 ----a-w- C:\eventlog.dll
2009-08-28 23:10 . 2009-08-28 23:10 -------- d-----w- c:\documents and settings\ETHEN\Local Settings\Application Data\AVG Security Toolbar
2009-08-28 23:09 . 2009-08-28 23:09 -------- d-----w- c:\documents and settings\ETHEN\Local Settings\Application Data\Mozilla
2009-08-21 20:01 . 2009-08-21 20:01 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-21 01:01 . 2009-08-21 01:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AVG Security Toolbar
2009-08-20 17:26 . 2009-08-20 17:26 -------- d-----w- c:\documents and settings\ETHEN\Application Data\Apple Computer
2009-08-20 17:24 . 2009-08-20 17:31 -------- d-----w- c:\documents and settings\ETHEN\Application Data\IObit
2009-08-20 16:27 . 2009-08-20 16:27 12552 ------w- c:\windows\system32\drivers\avgrkx86.sys
2009-08-20 16:27 . 2009-08-20 16:27 11952 ------w- c:\windows\system32\avgrsstx.dll
2009-08-20 16:27 . 2009-08-20 16:27 108552 ------w- c:\windows\system32\drivers\avgtdix.sys
2009-08-20 16:27 . 2009-08-20 16:27 335240 ------w- c:\windows\system32\drivers\avgldx86.sys
2009-08-20 16:27 . 2009-08-20 16:27 27784 ------w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-20 16:27 . 2009-09-04 17:00 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-20 16:27 . 2009-08-21 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-20 16:26 . 2009-08-20 16:26 50968 ------w- c:\windows\system32\avgfwdx.dll
2009-08-20 16:26 . 2009-08-20 16:26 29208 ------w- c:\windows\system32\drivers\avgfwdx.sys
2009-08-20 16:21 . 2009-08-20 16:21 -------- d-----w- c:\documents and settings\ETHEN\Application Data\AVG8
2009-08-20 16:19 . 2009-08-20 16:19 -------- d-----w- c:\documents and settings\ETHEN\Local Settings\Application Data\Google
2009-08-20 15:04 . 2009-08-20 15:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Snapfish
2009-08-19 01:26 . 2009-08-19 01:26 -------- d-----w- C:\bleep
2009-08-19 01:23 . 2009-08-19 01:23 -------- d-----w- c:\documents and settings\ETHEN\Application Data\Nero
2009-08-18 23:30 . 2009-08-18 23:30 -------- d-----w- c:\documents and settings\ETHEN\Application Data\Malwarebytes
2009-08-18 22:19 . 2009-08-18 22:19 -------- d-----w- c:\windows\Profiles
2009-08-18 22:17 . 2009-08-18 22:17 -------- d-----w- c:\documents and settings\ETHEN\WINDOWS
2009-08-18 21:42 . 2009-08-18 21:42 -------- d-----w- c:\documents and settings\ETHEN\Application Data\iolo
2009-08-18 20:57 . 2009-08-18 20:57 -------- d-sh--w- c:\documents and settings\ETHEN\PrivacIE
2009-08-18 20:53 . 2009-08-20 17:26 -------- d-----w- c:\documents and settings\ETHEN\Local Settings\Application Data\Apple Computer
2009-08-18 19:16 . 2009-08-18 19:55 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Promosoft Corporation
2009-08-16 18:49 . 2009-08-16 18:50 -------- d-----w- c:\documents and settings\Kiera\Application Data\Corel
2009-08-16 17:54 . 2009-08-16 17:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-16 17:50 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-16 17:50 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-16 17:34 . 2009-08-16 17:34 -------- d-----w- c:\documents and settings\Kiera\Local Settings\Application Data\Intuit
2009-08-16 01:46 . 2009-08-16 01:46 -------- d-----w- c:\documents and settings\Kiera\Local Settings\Application Data\AVG Security Toolbar
2009-08-16 01:43 . 2009-08-16 01:43 -------- d-----w- c:\documents and settings\Kiera\Application Data\Malwarebytes
2009-08-16 01:43 . 2009-08-03 17:36 38160 ------w- c:\windows\system32\drivers\MBAMSWISSARMY.SYS
2009-08-16 01:43 . 2009-08-03 17:36 19096 ------w- c:\windows\system32\drivers\mbam.sys
2009-08-15 23:49 . 2009-08-15 23:44 3942048 ------w- C:\mwbts.exe
2009-08-14 00:17 . 2009-08-14 00:17 -------- d-----w- c:\windows\system32\Adobe
2009-08-14 00:12 . 2008-12-05 00:54 524288 ------w- c:\windows\opuc.dll
2009-08-13 22:44 . 2009-08-31 16:21 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-13 22:06 . 2009-08-13 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-08-13 22:04 . 2009-08-20 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-13 20:14 . 2001-08-18 12:00 5632 -c----w- c:\windows\system32\dllcache\smimsgif.dll
2009-08-13 20:14 . 2001-08-18 12:00 5632 -c----w- c:\windows\system32\dllcache\smierrsy.dll
2009-08-13 20:14 . 2001-08-18 12:00 15872 -c----w- c:\windows\system32\dllcache\smierrsm.dll
2009-08-13 20:14 . 2001-08-18 12:00 10240 -c----w- c:\windows\system32\dllcache\snmpstup.dll
2009-08-13 20:14 . 2001-08-18 12:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2009-08-13 19:58 . 2009-08-16 17:41 -------- dc-h--w- c:\windows\ie8
2009-08-11 22:55 . 2009-08-11 22:55 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\LastPass
2009-08-11 21:37 . 2009-08-13 19:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Software Informer
2009-08-11 21:27 . 2001-08-17 18:07 55168 -c----w- c:\windows\system32\dllcache\aic78u2.sys
2009-08-11 21:27 . 2001-08-17 17:52 12800 -c----w- c:\windows\system32\dllcache\aha154x.sys
2009-08-11 21:17 . 2009-08-11 21:17 -------- d-----w- c:\windows\system32\BackUp
2009-08-11 00:55 . 2009-06-16 14:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-08-11 00:55 . 2009-06-16 14:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2009-08-11 00:52 . 2009-04-15 14:51 585216 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2009-08-11 00:49 . 2009-02-03 19:59 56832 -c----w- c:\windows\system32\dllcache\secur32.dll
2009-08-11 00:47 . 2008-12-16 12:30 354304 -c----w- c:\windows\system32\dllcache\winhttp.dll
2009-08-11 00:45 . 2008-06-12 14:23 91648 -c----w- c:\windows\system32\dllcache\mtxoci.dll
2009-08-11 00:45 . 2008-06-12 14:23 66560 -c----w- c:\windows\system32\dllcache\mtxclu.dll
2009-08-11 00:45 . 2008-06-12 14:23 58880 -c----w- c:\windows\system32\dllcache\msdtclog.dll
2009-08-11 00:45 . 2008-06-12 14:23 161792 -c----w- c:\windows\system32\dllcache\msdtcuiu.dll
2009-08-11 00:45 . 2008-06-12 14:23 956928 -c----w- c:\windows\system32\dllcache\msdtctm.dll
2009-08-11 00:41 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-08-11 00:41 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-08-11 00:41 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-08-11 00:41 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-08-11 00:41 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-11 00:41 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-08-11 00:41 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-11 00:41 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-11 00:39 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-08-11 00:39 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-08-11 00:30 . 2008-10-23 12:36 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll
2009-08-11 00:28 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-08-11 00:26 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-08-11 00:18 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-08-11 00:13 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 17:36 . 2009-02-14 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-03 00:14 . 2007-04-15 03:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Canon
2009-09-01 17:33 . 2008-09-15 00:20 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
2009-08-24 21:59 . 2009-07-14 02:16 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2009-08-18 22:19 . 2007-02-22 14:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-18 22:16 . 2007-02-23 19:13 24064 ------w- c:\windows\autoload.exe
2009-08-18 20:52 . 2009-08-18 20:52 130640 ------w- c:\documents and settings\ETHEN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-18 20:35 . 2007-06-23 16:14 130640 ------w- c:\documents and settings\Kiera\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-18 20:30 . 2007-02-22 07:39 130640 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-18 19:55 . 2007-03-06 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-16 22:25 . 2009-06-01 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 10
2009-08-16 20:30 . 2007-04-06 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2009-08-16 16:55 . 2008-12-30 16:09 -------- d-----w- c:\documents and settings\Kiera\Application Data\Apple Computer
2009-08-13 20:27 . 2007-11-15 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-11 22:24 . 2007-06-08 16:22 -------- d-----w- c:\program files\Common Files\Real
2009-08-11 22:16 . 2009-07-05 01:21 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-02 17:50 . 2009-08-02 17:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Any DVD Converter Professional
2009-07-30 20:10 . 2008-05-11 21:33 114672 ------w- c:\windows\system32\drivers\keyscrambler.sys
2009-07-25 09:23 . 2008-11-23 17:18 411368 ------w- c:\windows\system32\deploytk.dll
2009-07-22 21:23 . 2009-07-22 21:23 74760 ------w- c:\windows\system32\drivers\UniversalDD.sys
2009-07-22 21:23 . 2009-07-22 21:23 25608 ------w- c:\windows\system32\drivers\AVGIDSErHr.sys
2009-07-17 18:54 . 2008-12-25 14:37 -------- d-----w- c:\program files\Common Files\Apple
2009-07-16 23:21 . 2009-01-31 16:52 -------- d-----w- c:\documents and settings\Owner\Application Data\Any Video Converter
2009-07-16 15:32 . 2009-07-16 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Vso
2009-07-16 15:24 . 2009-07-16 15:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso
2009-07-16 15:24 . 2009-07-16 15:24 47360 ----a-w- c:\documents and settings\Owner\Application Data\pcouffin.sys
2009-07-16 15:24 . 2009-07-16 15:24 47360 ------w- c:\windows\system32\drivers\pcouffin.sys
2009-07-15 02:36 . 2008-04-23 12:49 455584 ------w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-14 16:50 . 2009-07-14 16:50 -------- d-----w- c:\documents and settings\Owner\Application Data\NeroDigital™
2009-07-14 16:06 . 2009-07-14 16:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Nero
2009-07-14 13:55 . 2008-05-14 15:35 -------- d-----w- c:\program files\Common Files\Nero
2009-07-14 13:54 . 2009-07-14 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-07-12 03:27 . 2009-07-12 02:20 -------- d-----w- c:\documents and settings\Owner\Application Data\MOVAVI
2009-07-11 02:16 . 2009-07-11 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PIXELA
2009-07-11 01:41 . 2009-07-09 23:13 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss
2009-07-11 01:38 . 2009-02-17 00:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Roxio
2009-07-09 05:31 . 2009-07-09 05:01 664 ------w- c:\windows\system32\d3d9caps.dat
2009-07-08 13:17 . 2009-07-08 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-07-07 22:25 . 2007-02-22 16:44 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2009-07-07 21:48 . 2009-03-28 17:10 94484 ---h--w- c:\windows\system32\mlfcache.dat
2009-06-29 20:55 . 2007-10-24 05:47 282112 ------w- c:\windows\system32\mscoree.dll
2009-06-24 19:36 . 2009-06-24 19:36 265797 ------w- c:\windows\system32\pdvcodec.dll
2009-06-16 14:36 . 2001-08-18 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2001-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2007-08-01 17:28 . 2007-05-11 14:55 88 --sh--r- c:\windows\system32\239B347DBC.sys
2007-08-01 17:28 . 2007-05-11 14:48 2516 --sh--w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:56 1062144 ------w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wben"="c:\windows\Program Files\Starfield\Desktop Notifier\wben.exe" [2009-06-25 338456]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Nero\data\Xtras\mssysmgr.exe" [2005-02-26 212992]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2003-04-15 1498032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\windows\Program Files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"mxomssmenu"="d:\maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2009-07-13 292128]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"Adobe Photo Downloader"="d:\adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"AVGIDS"="c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-07-22 1600008]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-20 2007832]
"SoundMan"="soundman.exe" - c:\windows\soundman.exe [2002-03-21 46592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
"Software Informer"="d:\iobit\Software Informer\softinfo.exe" [2009-07-15 1953861]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KeyScrambler"="c:\program files\KeyScrambler\getting_started.html" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-7-16 984352]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-20 16:27 11952 ------w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf d:\iolo\System Mechanic 5

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MBCameraMonitor.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ioloSystemService"=3 (0x3)
"ioloFileInfoList"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Defender"="c:\windows\Program Files\Windows Defender\MSASCui.exe" -hide

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\kav\\kis\\setup.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"e:\\P-Cut\\ProCut Production Suite\\Program\\app2.exe"=
"c:\\WINDOWS\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"d:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [7/22/2009 5:23 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8/20/2009 12:27 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/20/2009 12:27 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/20/2009 12:27 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/20/2009 12:26 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/20/2009 12:26 PM 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [8/20/2009 12:27 PM 1370488]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [7/22/2009 5:23 PM 571912]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2/25/2009 6:06 PM 13088]
R2 IS360service;IS360service;d:\iobit\IObit Security 360\is360srv.exe [8/10/2009 8:10 PM 305936]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [12/16/2007 4:12 PM 72672]
R2 SAiDownloader;SAiDownloader;c:\windows\system32\SAiDownloader.exe [5/14/2008 12:20 PM 438272]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [4/27/2007 1:00 AM 316992]
R2 WinDefend;Windows Defender;c:\windows\Program Files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8/20/2009 12:26 PM 29208]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys [7/22/2009 5:23 PM 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys [7/22/2009 5:23 PM 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys [7/22/2009 5:23 PM 27232]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [5/11/2008 5:33 PM 114672]
S0 dlflofsu;dlflofsu;c:\windows\system32\drivers\svvhf.sys --> c:\windows\system32\drivers\svvhf.sys [?]
S0 tpmmmlj;tpmmmlj;c:\windows\system32\drivers\arhb.sys --> c:\windows\system32\drivers\arhb.sys [?]
S0 tqzj;tqzj;c:\windows\system32\drivers\psrcnk.sys --> c:\windows\system32\drivers\psrcnk.sys [?]
S0 ydgb;ydgb;c:\windows\system32\drivers\doquhd.sys --> c:\windows\system32\drivers\doquhd.sys [?]
S0 yteky;yteky;c:\windows\system32\drivers\yeeqj.sys --> c:\windows\system32\drivers\yeeqj.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe [7/22/2009 5:23 PM 5641736]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8/20/2009 12:26 PM 29208]
S3 FA31x;Netgear FA311/312 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\FA31xND5.SYS [10/1/2008 8:45 AM 16025]
S3 fiddrv;fiddrv;c:\windows\system32\drivers\fiddrv.sys [11/25/2007 8:33 PM 9896]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [5/11/2008 9:18 PM 42112]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2/28/2008 6:26 PM 44928]
S3 SGUARD;SGUARD;\??\c:\windows\system32\drivers\SGuard.sys --> c:\windows\system32\drivers\SGuard.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AUJASNKJ
*NewlyCreated* - SISPORT
*Deregistered* - aujasnkj
*Deregistered* - SiSPort

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\windows\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-08-24 c:\windows\Tasks\SmartDefrag.job
- d:\iobit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-15 13:22]

2009-09-05 c:\windows\Tasks\User_Feed_Synchronization-{2BF29590-F45E-47F4-B2DE-15DA8E3A6B56}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

2009-09-05 c:\windows\Tasks\User_Feed_Synchronization-{572CF56A-69DB-42D6-8532-895FC5D0B8B1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

2009-09-05 c:\windows\Tasks\User_Feed_Synchronization-{6A0EC750-D229-4077-A2ED-918FE52462A7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

2009-09-05 c:\windows\Tasks\User_Feed_Synchronization-{89442B34-00E2-44D7-BB2C-265B72E172D4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKU-Default-Run-fsm - (no file)
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - d:\intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vpfgam68.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vpfgam68.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: d:\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Panda Security\ActiveScan 2.0\npwrapper.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\Windows Media Player\npdrmv2.dll
FF - plugin: c:\program files\Windows Media Player\npdsplay.dll
FF - plugin: c:\program files\Windows Media Player\npwmsdrm.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
FF - plugin: c:\windows\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\windows\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\windows\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\windows\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll
FF - plugin: c:\windows\Program Files\Microsoft Silverlight\3.0.40723.0\npctrl.1.0.30401.0.dll
FF - plugin: c:\windows\Program Files\Microsoft Silverlight\3.0.40723.0\npctrl.dll
FF - plugin: d:\itunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\mozilla firefox\plugins\npwbe.dll
FF - plugin: d:\videolan\VLC\npvlc.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 14:50
Windows 5.1.2600 Service Pack 3, v.5755 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
@SACL=(02 0001)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,7e,19,5f,60,63,52,47,94,c0,91,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,7e,19,5f,60,63,52,47,94,c0,91,\

[HKEY_USERS\S-1-5-21-299502267-813497703-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@SACL=(02 0002)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@SACL=(02 0001)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
@SACL=(02 0001)
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@SACL=(02 0001)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@SACL=(02 0001)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@SACL=(02 0001)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@SACL=(02 0001)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@SACL=(02 0001)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.BrowseUI\RegBackup]
@DACL=(02 0000)
@SACL=(02 0001)

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.BrowseUI\RegBackup\0]
@DACL=(02 0000)
@SACL=(02 0001)
"b2d616dacc02fc34"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,
46,00,41,00,32,00,34,00,45,00,36,00,33,00,2d,00,42,00,30,00,37,00,38,00,2d,\
"b42c8d8e0ba38174"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,
46,00,41,00,32,00,34,00,45,00,36,00,33,00,2d,00,42,00,30,00,37,00,38,00,2d,\
"604f5070e6534612"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,
46,00,41,00,32,00,34,00,45,00,36,00,33,00,2d,00,42,00,30,00,37,00,38,00,2d,\
"a1538e51a3acc21a"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,
46,00,41,00,32,00,34,00,45,00,36,00,33,00,2d,00,42,00,30,00,37,00,38,00,2d,\
"ce2200417672dac3"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,35,00,
45,00,36,00,41,00,42,00,37,00,38,00,30,00,2d,00,37,00,37,00,34,00,33,00,2d,\
"bdd293678f280589"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,35,00,
45,00,36,00,41,00,42,00,37,00,38,00,30,00,2d,00,37,00,37,00,34,00,33,00,2d,\
"9e5007d1b8eb6e61"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,35,00,
45,00,36,00,41,00,42,00,37,00,38,00,30,00,2d,00,37,00,37,00,34,00,33,00,2d,\
"6efd3d6d456034ee"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"ba16c9a1ef678a07"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,32,00,
32,00,42,00,46,00,30,00,43,00,32,00,30,00,2d,00,36,00,44,00,41,00,37,00,2d,\
"8d49d5f4d7e1ceec"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,32,00,
32,00,42,00,46,00,30,00,43,00,32,00,30,00,2d,00,36,00,44,00,41,00,37,00,2d,\
"4ff98fe742d088f0"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,32,00,
32,00,42,00,46,00,30,00,43,00,32,00,30,00,2d,00,36,00,44,00,41,00,37,00,2d,\
"6efd3d6ddc75642a"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"d06089e5bfd8ecfb"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,46,00,
33,00,33,00,36,00,38,00,33,00,37,00,34,00,2d,00,43,00,46,00,31,00,39,00,2d,\
"e8abb44b953d171e"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,46,00,
33,00,33,00,36,00,38,00,33,00,37,00,34,00,2d,00,43,00,46,00,31,00,39,00,2d,\
"a2244b947d8ea600"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,46,00,
33,00,33,00,36,00,38,00,33,00,37,00,34,00,2d,00,43,00,46,00,31,00,39,00,2d,\
"e4bd79b1192870b1"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,39,00,
31,00,45,00,41,00,33,00,46,00,38,00,42,00,2d,00,43,00,39,00,39,00,42,00,2d,\
"5af905ff5bb48e28"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,39,00,
31,00,45,00,41,00,33,00,46,00,38,00,42,00,2d,00,43,00,39,00,39,00,42,00,2d,\
"64868e7888b8fabc"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,39,00,
31,00,45,00,41,00,33,00,46,00,38,00,42,00,2d,00,43,00,39,00,39,00,42,00,2d,\
"6efd3d6d2a3a9e9c"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"8debf4a98c26cbfc"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,
34,00,31,00,33,00,42,00,41,00,32,00,43,00,2d,00,42,00,34,00,36,00,31,00,2d,\
"3c3115c6c7e226fa"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,
34,00,31,00,33,00,42,00,41,00,32,00,43,00,2d,00,42,00,34,00,36,00,31,00,2d,\
"3633832ab48de6a6"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,
34,00,31,00,33,00,42,00,41,00,32,00,43,00,2d,00,42,00,34,00,36,00,31,00,2d,\
"6efd3d6dbf3425d1"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"d4d68259061d28fe"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,46,00,
36,00,31,00,46,00,46,00,45,00,43,00,31,00,2d,00,37,00,35,00,34,00,46,00,2d,\
"f3e82f69f425f968"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,46,00,
36,00,31,00,46,00,46,00,45,00,43,00,31,00,2d,00,37,00,35,00,34,00,46,00,2d,\
"db9558f097f98808"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,46,00,
36,00,31,00,46,00,46,00,45,00,43,00,31,00,2d,00,37,00,35,00,34,00,46,00,2d,\
"6efd3d6d350fc6d3"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"82dbe8ea390bf58f"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,37,00,
42,00,41,00,34,00,43,00,37,00,34,00,32,00,2d,00,39,00,45,00,38,00,31,00,2d,\
"aaf7bfc72a37aa69"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,37,00,
42,00,41,00,34,00,43,00,37,00,34,00,32,00,2d,00,39,00,45,00,38,00,31,00,2d,\
"1f79cbc16fd73ab4"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,37,00,
42,00,41,00,34,00,43,00,37,00,34,00,32,00,2d,00,39,00,45,00,38,00,31,00,2d,\
"6efd3d6d0a191ba2"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"b87f9c064de14a56"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,32,00,
31,00,35,00,36,00,39,00,36,00,31,00,34,00,2d,00,42,00,37,00,39,00,35,00,2d,\
"3abe75587676c0cc"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,32,00,
31,00,35,00,36,00,39,00,36,00,31,00,34,00,2d,00,42,00,37,00,39,00,35,00,2d,\
"044bc65538fa145b"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,32,00,
31,00,35,00,36,00,39,00,36,00,31,00,34,00,2d,00,42,00,37,00,39,00,35,00,2d,\
"0b7b84d185e227c5"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,32,00,
31,00,35,00,36,00,39,00,36,00,31,00,34,00,2d,00,42,00,37,00,39,00,35,00,2d,\
"6efd3d6d7ef3a47b"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"9dfb0fc71bde561a"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,34,00,
44,00,35,00,43,00,38,00,43,00,32,00,41,00,2d,00,44,00,30,00,37,00,35,00,2d,\
"c4bf800ef27c6e09"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,34,00,
44,00,35,00,43,00,38,00,43,00,32,00,41,00,2d,00,44,00,30,00,37,00,35,00,2d,\
"b82d47c1687cf79b"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,34,00,
44,00,35,00,43,00,38,00,43,00,32,00,41,00,2d,00,44,00,30,00,37,00,35,00,2d,\
"cc6272181d854261"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,31,00,
36,00,39,00,41,00,30,00,36,00,39,00,31,00,2d,00,38,00,44,00,46,00,39,00,2d,\
"63bc367213f02c13"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,31,00,
36,00,39,00,41,00,30,00,36,00,39,00,31,00,2d,00,38,00,44,00,46,00,39,00,2d,\
"98beae4c2c86aef3"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,31,00,
36,00,39,00,41,00,30,00,36,00,39,00,31,00,2d,00,38,00,44,00,46,00,39,00,2d,\
"6efd3d6d2e97ac4c"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"70ea3ba4081f61a2"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,41,00,
46,00,34,00,46,00,36,00,35,00,31,00,30,00,2d,00,46,00,39,00,38,00,32,00,2d,\
"5d0f730a9327f224"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,41,00,
46,00,34,00,46,00,36,00,35,00,31,00,30,00,2d,00,46,00,39,00,38,00,32,00,2d,\
"926325bb50f14a7f"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,41,00,
46,00,34,00,46,00,36,00,35,00,31,00,30,00,2d,00,46,00,39,00,38,00,32,00,2d,\
"6efd3d6d3b0d8f8f"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"0ca510bf42cfbdba"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,
31,00,45,00,30,00,34,00,35,00,38,00,31,00,2d,00,34,00,45,00,45,00,45,00,2d,\
"425a2003f93cf94b"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,
31,00,45,00,30,00,34,00,35,00,38,00,31,00,2d,00,34,00,45,00,45,00,45,00,2d,\
"432df9142ef3ea25"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,
31,00,45,00,30,00,34,00,35,00,38,00,31,00,2d,00,34,00,45,00,45,00,45,00,2d,\
"00871fa9ec45b97c"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,
31,00,45,00,30,00,34,00,35,00,38,00,31,00,2d,00,34,00,45,00,45,00,45,00,2d,\
"6efd3d6d71dd5397"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"eb6683791116aae3"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,41,00,
30,00,38,00,43,00,31,00,31,00,44,00,32,00,2d,00,41,00,32,00,32,00,38,00,2d,\
"2c66680ad9e179b9"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,41,00,
30,00,38,00,43,00,31,00,31,00,44,00,32,00,2d,00,41,00,32,00,32,00,38,00,2d,\
"3fa89ec8da3c030a"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,41,00,
30,00,38,00,43,00,31,00,31,00,44,00,32,00,2d,00,41,00,32,00,32,00,38,00,2d,\
"6efd3d6d220444ce"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"46a2029de569088b"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,
30,00,42,00,42,00,32,00,37,00,36,00,33,00,2d,00,36,00,41,00,37,00,37,00,2d,\
"2958cf8113737917"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,
30,00,42,00,42,00,32,00,37,00,36,00,33,00,2d,00,36,00,41,00,37,00,37,00,2d,\
"bd98986679d90f3c"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,
30,00,42,00,42,00,32,00,37,00,36,00,33,00,2d,00,36,00,41,00,37,00,37,00,2d,\
"6efd3d6dd67be6a6"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"3b8ced057b2ed7e6"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"e4d96ccb69d0c60c"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,
37,00,35,00,36,00,41,00,36,00,34,00,31,00,2d,00,44,00,45,00,37,00,31,00,2d,\
"f9c61fdef54d6e5e"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,
37,00,35,00,36,00,41,00,36,00,34,00,31,00,2d,00,44,00,45,00,37,00,31,00,2d,\
"dd0c6598169f23ae"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,
37,00,35,00,36,00,41,00,36,00,34,00,31,00,2d,00,44,00,45,00,37,00,31,00,2d,\
"6efd3d6d5ac22821"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"05a5614cdbf51d28"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,
39,00,33,00,35,00,44,00,42,00,39,00,33,00,2d,00,32,00,31,00,45,00,38,00,2d,\
"efe249c963b7cb17"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,
39,00,33,00,35,00,44,00,42,00,39,00,33,00,2d,00,32,00,31,00,45,00,38,00,2d,\
"688f4b8337f55f9b"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,
39,00,33,00,35,00,44,00,42,00,39,00,33,00,2d,00,32,00,31,00,45,00,38,00,2d,\
"6efd3d6de8e7f305"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"fe6d9232a2d869b9"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,37,00,
65,00,36,00,35,00,33,00,32,00,31,00,35,00,2d,00,66,00,61,00,32,00,35,00,2d,\
"a533dedcbf0decc7"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,37,00,
65,00,36,00,35,00,33,00,32,00,31,00,35,00,2d,00,66,00,61,00,32,00,35,00,2d,\
"2c793b405b9046d2"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,37,00,
65,00,36,00,35,00,33,00,32,00,31,00,35,00,2d,00,66,00,61,00,32,00,35,00,2d,\
"6efd3d6d91ca8794"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"152a0842d6236acd"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,61,00,
63,00,66,00,33,00,35,00,30,00,31,00,35,00,2d,00,35,00,32,00,36,00,65,00,2d,\
"549b3c71d61cd014"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,61,00,
63,00,66,00,33,00,35,00,30,00,31,00,35,00,2d,00,35,00,32,00,36,00,65,00,2d,\
"484dc5247b0232a6"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,61,00,
63,00,66,00,33,00,35,00,30,00,31,00,35,00,2d,00,35,00,32,00,36,00,65,00,2d,\
"6efd3d6de53184e0"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"323aeb12fcc0abe5"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,
30,00,42,00,42,00,32,00,37,00,36,00,34,00,2d,00,36,00,41,00,37,00,37,00,2d,\
"f19bb4a7d7f5f7a9"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,
30,00,42,00,42,00,32,00,37,00,36,00,34,00,2d,00,36,00,41,00,37,00,37,00,2d,\
"47a56b31e6983b4b"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,
30,00,42,00,42,00,32,00,37,00,36,00,34,00,2d,00,36,00,41,00,37,00,37,00,2d,\
"6efd3d6dcfd245c8"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"a7395c3411d40f58"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,
33,00,43,00,30,00,33,00,36,00,46,00,31,00,2d,00,41,00,31,00,38,00,36,00,2d,\
"3f7e04f0be8003de"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,
33,00,43,00,30,00,33,00,36,00,46,00,31,00,2d,00,41,00,31,00,38,00,36,00,2d,\
"5d58b5f5b310fad3"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,
33,00,43,00,30,00,33,00,36,00,46,00,31,00,2d,00,41,00,31,00,38,00,36,00,2d,\
"6efd3d6d22c6e175"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"a99fa77d3613256a"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,
30,00,42,00,42,00,32,00,37,00,36,00,35,00,2d,00,36,00,41,00,37,00,37,00,2d,\
"1686123034f2c0d6"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,
30,00,42,00,42,00,32,00,37,00,36,00,35,00,2d,00,36,00,41,00,37,00,37,00,2d,\
"e8e1f976d4ee875a"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,
30,00,42,00,42,00,32,00,37,00,36,00,35,00,2d,00,36,00,41,00,37,00,37,00,2d,\
"6efd3d6d0501cb47"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"4befc015a1e727c3"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,41,00,
46,00,36,00,30,00,34,00,45,00,46,00,45,00,2d,00,38,00,38,00,39,00,37,00,2d,\
"61e044dda891e97d"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,41,00,
46,00,36,00,30,00,34,00,45,00,46,00,45,00,2d,00,38,00,38,00,39,00,37,00,2d,\
"6a35feccbcea2b2f"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,41,00,
46,00,36,00,30,00,34,00,45,00,46,00,45,00,2d,00,38,00,38,00,39,00,37,00,2d,\
"abe0b0ac732d91be"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,34,00,
41,00,46,00,34,00,41,00,35,00,46,00,43,00,2d,00,39,00,31,00,32,00,41,00,2d,\
"08465099fe66abd9"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,34,00,
41,00,46,00,34,00,41,00,35,00,46,00,43,00,2d,00,39,00,31,00,32,00,41,00,2d,\
"150e9811ca7d8016"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,34,00,
41,00,46,00,34,00,41,00,35,00,46,00,43,00,2d,00,39,00,31,00,32,00,41,00,2d,\
"22963742ddd44b0a"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,
43,00,44,00,34,00,46,00,43,00,34,00,45,00,2d,00,35,00,32,00,31,00,43,00,2d,\
"1dedba3610e51532"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,
43,00,44,00,34,00,46,00,43,00,34,00,45,00,2d,00,35,00,32,00,31,00,43,00,2d,\
"f866153a07291d18"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,
43,00,44,00,34,00,46,00,43,00,34,00,45,00,2d,00,35,00,32,00,31,00,43,00,2d,\
"6efd3d6deec6a527"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"995b2ce83a9e0f01"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,
30,00,33,00,44,00,33,00,38,00,30,00,30,00,2d,00,42,00,44,00,38,00,31,00,2d,\
"b2f9ff427cffcced"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,
30,00,33,00,44,00,33,00,38,00,30,00,30,00,2d,00,42,00,44,00,38,00,31,00,2d,\
"2d9c923b5a3ab291"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,
30,00,33,00,44,00,33,00,38,00,30,00,30,00,2d,00,42,00,44,00,38,00,31,00,2d,\
"02fe6087f04d818e"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,
30,00,33,00,44,00,33,00,38,00,30,00,31,00,2d,00,42,00,44,00,38,00,31,00,2d,\
"55e459d59ff8fb92"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,
30,00,33,00,44,00,33,00,38,00,30,00,31,00,2d,00,42,00,44,00,38,00,31,00,2d,\
"82d8007c684c0e80"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,
30,00,33,00,44,00,33,00,38,00,30,00,31,00,2d,00,42,00,44,00,38,00,31,00,2d,\
"4dc6214f9937743b"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,33,00,
46,00,34,00,45,00,45,00,46,00,38,00,30,00,2d,00,42,00,46,00,45,00,38,00,2d,\
"dd01a393f6d2b914"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,33,00,
46,00,34,00,45,00,45,00,46,00,38,00,30,00,2d,00,42,00,46,00,45,00,38,00,2d,\
"93f9ba0df121427a"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,33,00,
46,00,34,00,45,00,45,00,46,00,38,00,30,00,2d,00,42,00,46,00,45,00,38,00,2d,\
"908e569722cd9dbc"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,34,00,
33,00,38,00,37,00,35,00,35,00,43,00,32,00,2d,00,41,00,38,00,42,00,41,00,2d,\
"23339e0a67b56730"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,34,00,
33,00,38,00,37,00,35,00,35,00,43,00,32,00,2d,00,41,00,38,00,42,00,41,00,2d,\
"28fc7c1a6c70bbdb"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,34,00,
33,00,38,00,37,00,35,00,35,00,43,00,32,00,2d,00,41,00,38,00,42,00,41,00,2d,\
"9b44a7f6f437b880"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"287a235af895b0e9"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,33,00,
43,00,43,00,46,00,38,00,41,00,34,00,31,00,2d,00,35,00,43,00,38,00,35,00,2d,\
"a63580a6831fb2ff"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,33,00,
43,00,43,00,46,00,38,00,41,00,34,00,31,00,2d,00,35,00,43,00,38,00,35,00,2d,\
"0f7057127944f7ae"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,33,00,
43,00,43,00,46,00,38,00,41,00,34,00,31,00,2d,00,35,00,43,00,38,00,35,00,2d,\
"6efd3d6dcb875ec4"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"cdab92a20eae66eb"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,
43,00,44,00,34,00,46,00,43,00,34,00,43,00,2d,00,35,00,32,00,31,00,43,00,2d,\
"223367873764acf3"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,
43,00,44,00,34,00,46,00,43,00,34,00,43,00,2d,00,35,00,32,00,31,00,43,00,2d,\
"ad1f742aaa1e957e"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,
43,00,44,00,34,00,46,00,43,00,34,00,43,00,2d,00,35,00,32,00,31,00,43,00,2d,\
"6efd3d6d3dbc88c6"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"b9337b2d1707c585"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,
43,00,44,00,34,00,46,00,43,00,34,00,44,00,2d,00,35,00,32,00,31,00,43,00,2d,\
"faf01ca1f3e2224d"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,
43,00,44,00,34,00,46,00,43,00,34,00,44,00,2d,00,35,00,32,00,31,00,43,00,2d,\
"5722877d355fa109"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,
43,00,44,00,34,00,46,00,43,00,34,00,44,00,2d,00,35,00,32,00,31,00,43,00,2d,\
"6efd3d6d24152ba8"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"36c1aa19a6181d30"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,44,00,
44,00,33,00,31,00,33,00,45,00,30,00,34,00,2d,00,46,00,45,00,46,00,46,00,2d,\
"97a98db02daf9291"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,44,00,
44,00,33,00,31,00,33,00,45,00,30,00,34,00,2d,00,46,00,45,00,46,00,46,00,2d,\
"57f91898bbe800f2"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,44,00,
44,00,33,00,31,00,33,00,45,00,30,00,34,00,2d,00,46,00,45,00,46,00,46,00,2d,\
"6efd3d6d950af31d"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"5fbcaeb6ee72e791"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,
46,00,38,00,41,00,44,00,32,00,44,00,31,00,2d,00,41,00,45,00,33,00,36,00,2d,\
"f2491f675799cb7f"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,
46,00,38,00,41,00,44,00,32,00,44,00,31,00,2d,00,41,00,45,00,33,00,36,00,2d,\
"dd5c3b60973c3066"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,
46,00,38,00,41,00,44,00,32,00,44,00,31,00,2d,00,41,00,45,00,33,00,36,00,2d,\
"6efd3d6ddd6009bc"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"54f749797fc4752e"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,46,00,
38,00,33,00,38,00,33,00,38,00,35,00,32,00,2d,00,46,00,43,00,44,00,33,00,2d,\
"0576efbc8bb384f0"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,46,00,
38,00,33,00,38,00,33,00,38,00,35,00,32,00,2d,00,46,00,43,00,44,00,33,00,2d,\
"e4b677f7a0801c4e"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,46,00,
38,00,33,00,38,00,33,00,38,00,35,00,32,00,2d,00,46,00,43,00,44,00,33,00,2d,\
"36bd0f874181713b"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,38,00,
43,00,37,00,34,00,36,00,31,00,45,00,46,00,2d,00,32,00,42,00,31,00,33,00,2d,\
"c5ccf9e897898d90"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,38,00,
43,00,37,00,34,00,36,00,31,00,45,00,46,00,2d,00,32,00,42,00,31,00,33,00,2d,\
"5dd12fe7bd0b465d"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,38,00,
43,00,37,00,34,00,36,00,31,00,45,00,46,00,2d,00,32,00,42,00,31,00,33,00,2d,\
"e9716fab77d2379d"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,
35,00,36,00,38,00,32,00,39,00,43,00,39,00,2d,00,32,00,44,00,35,00,39,00,2d,\
"e5a743af037a8cf7"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,
35,00,36,00,38,00,32,00,39,00,43,00,39,00,2d,00,32,00,44,00,35,00,39,00,2d,\
"ce4b10a9c301bf9c"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,
35,00,36,00,38,00,32,00,39,00,43,00,39,00,2d,00,32,00,44,00,35,00,39,00,2d,\
"9b44a7f60005bda5"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"860355bc9dc9954b"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"fe626d648daddcb4"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"a3d96c54e2d85759"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,2c,00,00,00
"6efd3d6dd1cab974"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"c8a5db7d407304de"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2c,00,00,00
"4635a1adcbb43589"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,2c,00,00,00
"ed21a16ac50e7468"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,2c,00,00,00
"c7748f3554caa76a"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\
"942115cf0495ffb0"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,
5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,49,00,6e,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.BrowseUI\RegBackup\0.map]
@DACL=(02 0000)
@SACL=(02 0001)
"b2d616dacc02fc34"=",33,HKCR,CLSID\\{EFA24E63-B078-11d0-89E4-00C04FC9E26E},,"
"b42c8d8e0ba38174"=",33,HKCR,CLSID\\{EFA24E63-B078-11d0-89E4-00C04FC9E26E}\\DefaultIcon,,"
"604f5070e6534612"=",33,HKCR,CLSID\\{EFA24E63-B078-11d0-89E4-00C04FC9E26E}\\InProcServer32,,"
"a1538e51a3acc21a"=",33,HKCR,CLSID\\{EFA24E63-B078-11d0-89E4-00C04FC9E26E}\\InProcServer32,ThreadingModel,"
"ce2200417672dac3"=",33,HKCR,CLSID\\{5E6AB780-7743-11CF-A12B-00AA004AE837},,"
"bdd293678f280589"=",33,HKCR,CLSID\\{5E6AB780-7743-11CF-A12B-00AA004AE837}\\InProcServer32,,"
"9e5007d1b8eb6e61"=",33,HKCR,CLSID\\{5E6AB780-7743-11CF-A12B-00AA004AE837}\\InProcServer32,ThreadingModel,"
"6efd3d6d456034ee"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{5E6AB780-7743-11CF-A12B-00AA004AE837},"
"ba16c9a1ef678a07"=",33,HKCR,CLSID\\{22BF0C20-6DA7-11D0-B373-00A0C9034938},,"
"8d49d5f4d7e1ceec"=",33,HKCR,CLSID\\{22BF0C20-6DA7-11D0-B373-00A0C9034938}\\InProcServer32,,"
"4ff98fe742d088f0"=",33,HKCR,CLSID\\{22BF0C20-6DA7-11D0-B373-00A0C9034938}\\InProcServer32,ThreadingModel,"
"6efd3d6ddc75642a"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{22BF0C20-6DA7-11D0-B373-00A0C9034938},"
"d06089e5bfd8ecfb"=",33,HKCR,CLSID\\{F3368374-CF19-11d0-B93D-00A0C90312e1},,"
"e8abb44b953d171e"=",33,HKCR,CLSID\\{F3368374-CF19-11d0-B93D-00A0C90312e1}\\InProcServer32,,"
"a2244b947d8ea600"=",33,HKCR,CLSID\\{F3368374-CF19-11d0-B93D-00A0C90312e1}\\InProcServer32,ThreadingModel,"
"e4bd79b1192870b1"=",33,HKCR,CLSID\\{91EA3F8B-C99B-11d0-9815-00C04FD91972},,"
"5af905ff5bb48e28"=",33,HKCR,CLSID\\{91EA3F8B-C99B-11d0-9815-00C04FD91972}\\InProcServer32,,"
"64868e7888b8fabc"=",33,HKCR,CLSID\\{91EA3F8B-C99B-11d0-9815-00C04FD91972}\\InProcServer32,ThreadingModel,"
"6efd3d6d2a3a9e9c"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{91EA3F8B-C99B-11d0-9815-00C04FD91972},"
"8debf4a98c26cbfc"=",33,HKCR,CLSID\\{6413BA2C-B461-11d1-A18A-080036B11A03},,"
"3c3115c6c7e226fa"=",33,HKCR,CLSID\\{6413BA2C-B461-11d1-A18A-080036B11A03}\\InProcServer32,,"
"3633832ab48de6a6"=",33,HKCR,CLSID\\{6413BA2C-B461-11d1-A18A-080036B11A03}\\InProcServer32,ThreadingModel,"
"6efd3d6dbf3425d1"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{6413BA2C-B461-11d1-A18A-080036B11A03},"
"d4d68259061d28fe"=",33,HKCR,CLSID\\{F61FFEC1-754F-11d0-80CA-00AA005B4383},,"
"f3e82f69f425f968"=",33,HKCR,CLSID\\{F61FFEC1-754F-11d0-80CA-00AA005B4383}\\InProcServer32,,"
"db9558f097f98808"=",33,HKCR,CLSID\\{F61FFEC1-754F-11d0-80CA-00AA005B4383}\\InProcServer32,ThreadingModel,"
"6efd3d6d350fc6d3"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{F61FFEC1-754F-11d0-80CA-00AA005B4383},"
"82dbe8ea390bf58f"=",33,HKCR,CLSID\\{7BA4C742-9E81-11CF-99D3-00AA004AE837},,"
"aaf7bfc72a37aa69"=",33,HKCR,CLSID\\{7BA4C742-9E81-11CF-99D3-00AA004AE837}\\InProcServer32,,"
"1f79cbc16fd73ab4"=",33,HKCR,CLSID\\{7BA4C742-9E81-11CF-99D3-00AA004AE837}\\InProcServer32,ThreadingModel,"
"6efd3d6d0a191ba2"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{7BA4C742-9E81-11CF-99D3-00AA004AE837},"
"b87f9c064de14a56"=",33,HKCR,CLSID\\{21569614-B795-46b1-85F4-E737A8DC09AD},,"
"3abe75587676c0cc"=",33,HKCR,CLSID\\{21569614-B795-46b1-85F4-E737A8DC09AD}\\DefaultIcon,,"
"044bc65538fa145b"=",33,HKCR,CLSID\\{21569614-B795-46b1-85F4-E737A8DC09AD}\\InProcServer32,,"
"0b7b84d185e227c5"=",33,HKCR,CLSID\\{21569614-B795-46b1-85F4-E737A8DC09AD}\\InProcServer32,ThreadingModel,"
"6efd3d6d7ef3a47b"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{21569614-B795-46b1-85F4-E737A8DC09AD},"
"9dfb0fc71bde561a"=",33,HKCR,CLSID\\{4D5C8C2A-D075-11d0-B416-00C04FB90376},,"
"c4bf800ef27c6e09"=",33,HKCR,CLSID\\{4D5C8C2A-D075-11d0-B416-00C04FB90376}\\InProcServer32,,"
"b82d47c1687cf79b"=",33,HKCR,CLSID\\{4D5C8C2A-D075-11d0-B416-00C04FB90376}\\InProcServer32,ThreadingModel,"
"cc6272181d854261"=",33,HKCR,CLSID\\{169A0691-8DF9-11d1-A1C4-00C04FD75D13},,"
"63bc367213f02c13"=",33,HKCR,CLSID\\{169A0691-8DF9-11d1-A1C4-00C04FD75D13}\\InProcServer32,,"
"98beae4c2c86aef3"=",33,HKCR,CLSID\\{169A0691-8DF9-11d1-A1C4-00C04FD75D13}\\InProcServer32,ThreadingModel,"
"6efd3d6d2e97ac4c"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{169A0691-8DF9-11d1-A1C4-00C04FD75D13},"
"70ea3ba4081f61a2"=",33,HKCR,CLSID\\{AF4F6510-F982-11d0-8595-00AA004CD6D8},,"
"5d0f730a9327f224"=",33,HKCR,CLSID\\{AF4F6510-F982-11d0-8595-00AA004CD6D8}\\InProcServer32,,"
"926325bb50f14a7f"=",33,HKCR,CLSID\\{AF4F6510-F982-11d0-8595-00AA004CD6D8}\\InProcServer32,ThreadingModel,"
"6efd3d6d3b0d8f8f"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{AF4F6510-F982-11d0-8595-00AA004CD6D8},"
"0ca510bf42cfbdba"=",33,HKCR,CLSID\\{01E04581-4EEE-11d0-BFE9-00AA005B4383},,"
"425a2003f93cf94b"=",33,HKCR,CLSID\\{01E04581-4EEE-11d0-BFE9-00AA005B4383},MenuTextPUI,"
"432df9142ef3ea25"=",33,HKCR,CLSID\\{01E04581-4EEE-11d0-BFE9-00AA005B4383}\\InProcServer32,,"
"00871fa9ec45b97c"=",33,HKCR,CLSID\\{01E04581-4EEE-11d0-BFE9-00AA005B4383}\\InProcServer32,ThreadingModel,"
"6efd3d6d71dd5397"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{01E04581-4EEE-11d0-BFE9-00AA005B4383},"
"eb6683791116aae3"=",33,HKCR,CLSID\\{A08C11D2-A228-11d0-825B-00AA005B4383},,"
"2c66680ad9e179b9"=",33,HKCR,CLSID\\{A08C11D2-A228-11d0-825B-00AA005B4383}\\InProcServer32,,"
"3fa89ec8da3c030a"=",33,HKCR,CLSID\\{A08C11D2-A228-11d0-825B-00AA005B4383}\\InProcServer32,ThreadingModel,"
"6efd3d6d220444ce"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{A08C11D2-A228-11d0-825B-00AA005B4383},"
"46a2029de569088b"=",33,HKCR,CLSID\\{00BB2763-6A77-11D0-A535-00C04FD7D062},,"
"2958cf8113737917"=",33,HKCR,CLSID\\{00BB2763-6A77-11D0-A535-00C04FD7D062}\\InProcServer32,,"
"bd98986679d90f3c"=",33,HKCR,CLSID\\{00BB2763-6A77-11D0-A535-00C04FD7D062}\\InProcServer32,ThreadingModel,"
"6efd3d6dd67be6a6"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{00BB2763-6A77-11D0-A535-00C04FD7D062},"
"3b8ced057b2ed7e6"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileAssociation,CutList,"
"e4d96ccb69d0c60c"=",33,HKCR,CLSID\\{6756A641-DE71-11d0-831B-00AA005B4383},,"
"f9c61fdef54d6e5e"=",33,HKCR,CLSID\\{6756A641-DE71-11d0-831B-00AA005B4383}\\InProcServer32,,"
"dd0c6598169f23ae"=",33,HKCR,CLSID\\{6756A641-DE71-11d0-831B-00AA005B4383}\\InProcServer32,ThreadingModel,"
"6efd3d6d5ac22821"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{6756A641-DE71-11d0-831B-00AA005B4383},"
"05a5614cdbf51d28"=",33,HKCR,CLSID\\{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A},,"
"efe249c963b7cb17"=",33,HKCR,CLSID\\{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}\\InProcServer32,,"
"688f4b8337f55f9b"=",33,HKCR,CLSID\\{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}\\InProcServer32,ThreadingModel,"
"6efd3d6de8e7f305"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A},"
"fe6d9232a2d869b9"=",33,HKCR,CLSID\\{7e653215-fa25-46bd-a339-34a2790f3cb7},,"
"a533dedcbf0decc7"=",33,HKCR,CLSID\\{7e653215-fa25-46bd-a339-34a2790f3cb7}\\InProcServer32,,"
"2c793b405b9046d2"=",33,HKCR,CLSID\\{7e653215-fa25-46bd-a339-34a2790f3cb7}\\InProcServer32,ThreadingModel,"
"6efd3d6d91ca8794"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{7e653215-fa25-46bd-a339-34a2790f3cb7},"
"152a0842d6236acd"=",33,HKCR,CLSID\\{acf35015-526e-4230-9596-becbe19f0ac9},,"
"549b3c71d61cd014"=",33,HKCR,CLSID\\{acf35015-526e-4230-9596-becbe19f0ac9}\\InProcServer32,,"
"484dc5247b0232a6"=",33,HKCR,CLSID\\{acf35015-526e-4230-9596-becbe19f0ac9}\\InProcServer32,ThreadingModel,"
"6efd3d6de53184e0"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{acf35015-526e-4230-9596-becbe19f0ac9},"
"323aeb12fcc0abe5"=",33,HKCR,CLSID\\{00BB2764-6A77-11D0-A535-00C04FD7D062},,"
"f19bb4a7d7f5f7a9"=",33,HKCR,CLSID\\{00BB2764-6A77-11D0-A535-00C04FD7D062}\\InProcServer32,,"
"47a56b31e6983b4b"=",33,HKCR,CLSID\\{00BB2764-6A77-11D0-A535-00C04FD7D062}\\InProcServer32,ThreadingModel,"
"6efd3d6dcfd245c8"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{00BB2764-6A77-11D0-A535-00C04FD7D062},"
"a7395c3411d40f58"=",33,HKCR,CLSID\\{03C036F1-A186-11D0-824A-00AA005B4383},,"
"3f7e04f0be8003de"=",33,HKCR,CLSID\\{03C036F1-A186-11D0-824A-00AA005B4383}\\InProcServer32,,"
"5d58b5f5b310fad3"=",33,HKCR,CLSID\\{03C036F1-A186-11D0-824A-00AA005B4383}\\InProcServer32,ThreadingModel,"
"6efd3d6d22c6e175"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{03C036F1-A186-11D0-824A-00AA005B4383},"
"a99fa77d3613256a"=",33,HKCR,CLSID\\{00BB2765-6A77-11D0-A535-00C04FD7D062},,"
"1686123034f2c0d6"=",33,HKCR,CLSID\\{00BB2765-6A77-11D0-A535-00C04FD7D062}\\InProcServer32,,"
"e8e1f976d4ee875a"=",33,HKCR,CLSID\\{00BB2765-6A77-11D0-A535-00C04FD7D062}\\InProcServer32,ThreadingModel,"
"6efd3d6d0501cb47"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{00BB2765-6A77-11D0-A535-00C04FD7D062},"
"4befc015a1e727c3"=",33,HKCR,CLSID\\{AF604EFE-8897-11D1-B944-00A0C90312E1},,"
"61e044dda891e97d"=",33,HKCR,CLSID\\{AF604EFE-8897-11D1-B944-00A0C90312E1}\\InProcServer32,,"
"6a35feccbcea2b2f"=",33,HKCR,CLSID\\{AF604EFE-8897-11D1-B944-00A0C90312E1}\\InProcServer32,ThreadingModel,"
"abe0b0ac732d91be"=",33,HKCR,CLSID\\{4AF4A5FC-912A-11D1-B945-00A0C90312E1},,"
"08465099fe66abd9"=",33,HKCR,CLSID\\{4AF4A5FC-912A-11D1-B945-00A0C90312E1}\\InProcServer32,,"
"150e9811ca7d8016"=",33,HKCR,CLSID\\{4AF4A5FC-912A-11D1-B945-00A0C90312E1}\\InProcServer32,ThreadingModel,"
"22963742ddd44b0a"=",33,HKCR,CLSID\\{ECD4FC4E-521C-11D0-B792-00A0C90312E1},,"
"1dedba3610e51532"=",33,HKCR,CLSID\\{ECD4FC4E-521C-11D0-B792-00A0C90312E1}\\InProcServer32,,"
"f866153a07291d18"=",33,HKCR,CLSID\\{ECD4FC4E-521C-11D0-B792-00A0C90312E1}\\InProcServer32,ThreadingModel,"
"6efd3d6deec6a527"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{ECD4FC4E-521C-11D0-B792-00A0C90312E1},"
"995b2ce83a9e0f01"=",33,HKCR,CLSID\\{603D3800-BD81-11d0-A3A5-00C04FD706EC},,"
"b2f9ff427cffcced"=",33,HKCR,CLSID\\{603D3800-BD81-11d0-A3A5-00C04FD706EC}\\InProcServer32,,"
"2d9c923b5a3ab291"=",33,HKCR,CLSID\\{603D3800-BD81-11d0-A3A5-00C04FD706EC}\\InProcServer32,ThreadingModel,"
"02fe6087f04d818e"=",33,HKCR,CLSID\\{603D3801-BD81-11d0-A3A5-00C04FD706EC},,"
"55e459d59ff8fb92"=",33,HKCR,CLSID\\{603D3801-BD81-11d0-A3A5-00C04FD706EC}\\InProcServer32,,"
"82d8007c684c0e80"=",33,HKCR,CLSID\\{603D3801-BD81-11d0-A3A5-00C04FD706EC}\\InProcServer32,ThreadingModel,"
"4dc6214f9937743b"=",33,HKCR,CLSID\\{3F4EEF80-BFE8-11d0-A3A5-00C04FD706EC},,"
"dd01a393f6d2b914"=",33,HKCR,CLSID\\{3F4EEF80-BFE8-11d0-A3A5-00C04FD706EC}\\InProcServer32,ThreadingModel,"
"93f9ba0df121427a"=",33,HKCR,CLSID\\{3F4EEF80-BFE8-11d0-A3A5-00C04FD706EC}\\InProcServer32,,"
"908e569722cd9dbc"=",33,HKCR,CLSID\\{438755C2-A8BA-11D1-B96B-00A0C90312E1},,"
"23339e0a67b56730"=",33,HKCR,CLSID\\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\\InProcServer32,ThreadingModel,"
"28fc7c1a6c70bbdb"=",33,HKCR,CLSID\\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\\InProcServer32,,"
"9b44a7f6f437b880"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SharedTaskScheduler\\,{438755C2-A8BA-11D1-B96B-00A0C90312E1},"
"287a235af895b0e9"=",33,HKCR,CLSID\\{3CCF8A41-5C85-11d0-9796-00AA00B90ADF},,"
"a63580a6831fb2ff"=",33,HKCR,CLSID\\{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}\\InProcServer32,,"
"0f7057127944f7ae"=",33,HKCR,CLSID\\{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}\\InProcServer32,ThreadingModel,"
"6efd3d6dcb875ec4"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{3CCF8A41-5C85-11d0-9796-00AA00B90ADF},"
"cdab92a20eae66eb"=",33,HKCR,CLSID\\{ECD4FC4C-521C-11D0-B792-00A0C90312E1},,"
"223367873764acf3"=",33,HKCR,CLSID\\{ECD4FC4C-521C-11D0-B792-00A0C90312E1}\\InProcServer32,,"
"ad1f742aaa1e957e"=",33,HKCR,CLSID\\{ECD4FC4C-521C-11D0-B792-00A0C90312E1}\\InProcServer32,ThreadingModel,"
"6efd3d6d3dbc88c6"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{ECD4FC4C-521C-11D0-B792-00A0C90312E1},"
"b9337b2d1707c585"=",33,HKCR,CLSID\\{ECD4FC4D-521C-11D0-B792-00A0C90312E1},,"
"faf01ca1f3e2224d"=",33,HKCR,CLSID\\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}\\InProcServer32,,"
"5722877d355fa109"=",33,HKCR,CLSID\\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}\\InProcServer32,ThreadingModel,"
"6efd3d6d24152ba8"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{ECD4FC4D-521C-11D0-B792-00A0C90312E1},"
"36c1aa19a6181d30"=",33,HKCR,CLSID\\{DD313E04-FEFF-11d1-8ECD-0000F87A470C},,"
"97a98db02daf9291"=",33,HKCR,CLSID\\{DD313E04-FEFF-11d1-8ECD-0000F87A470C}\\InProcServer32,,"
"57f91898bbe800f2"=",33,HKCR,CLSID\\{DD313E04-FEFF-11d1-8ECD-0000F87A470C}\\InProcServer32,ThreadingModel,"
"6efd3d6d950af31d"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{DD313E04-FEFF-11d1-8ECD-0000F87A470C},"
"5fbcaeb6ee72e791"=",33,HKCR,CLSID\\{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11},,"
"f2491f675799cb7f"=",33,HKCR,CLSID\\{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}\\InProcServer32,,"
"dd5c3b60973c3066"=",33,HKCR,CLSID\\{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}\\InProcServer32,ThreadingModel,"
"6efd3d6ddd6009bc"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11},"
"54f749797fc4752e"=",33,HKCR,CLSID\\{F8383852-FCD3-11d1-A6B9-006097DF5BD4},,"
"0576efbc8bb384f0"=",33,HKCR,CLSID\\{F8383852-FCD3-11d1-A6B9-006097DF5BD4}\\InProcServer32,,"
"e4b677f7a0801c4e"=",33,HKCR,CLSID\\{F8383852-FCD3-11d1-A6B9-006097DF5BD4}\\InProcServer32,ThreadingModel,"
"36bd0f874181713b"=",33,HKCR,CLSID\\{8C7461EF-2B13-11d2-BE35-3078302C2030},,"
"c5ccf9e897898d90"=",33,HKCR,CLSID\\{8C7461EF-2B13-11d2-BE35-3078302C2030}\\InProcServer32,,"
"5dd12fe7bd0b465d"=",33,HKCR,CLSID\\{8C7461EF-2B13-11d2-BE35-3078302C2030}\\InProcServer32,ThreadingModel,"
"e9716fab77d2379d"=",33,HKCR,CLSID\\{E56829C9-2D59-11d2-BE38-3078302C2030},,"
"e5a743af037a8cf7"=",33,HKCR,CLSID\\{E56829C9-2D59-11d2-BE38-3078302C2030}\\InProcServer32,,"
"ce4b10a9c301bf9c"=",33,HKCR,CLSID\\{E56829C9-2D59-11d2-BE38-3078302C2030}\\InProcServer32,ThreadingModel,"
"9b44a7f60005bda5"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SharedTaskScheduler,{8C7461EF-2B13-11d2-BE35-3078302C2030},"
"860355bc9dc9954b"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{DB8DC413-C0AA-11D0-9545-080009B1C2F3},OTNEEDSSFCACHE,"
"fe626d648daddcb4"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FindExtensions\\Static\\InetFind,"
"a3d96c54e2d85759"=",33,HKCR,CLSID\\{31E2C0DF-A328-470b-A1EA-3760759A3822},"
"6efd3d6dd1cab974"=",1,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{31E2C0DF-A328-470b-A1EA-3760759A3822},"
"c8a5db7d407304de"=",33,HKCR,Software\\Microsoft\\Internet Explorer\\Bar,"
"4635a1adcbb43589"=",33,HKCR,CLSID\\%CLSID_BROWSEUI%,"
"ed21a16ac50e7468"=",33,HKCR,CLSID\\%CLSID_BROWSEUI%\\InProcServer32,"
"c7748f3554caa76a"=",1,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,%CLSID_BROWSEUI%,"
"942115cf0495ffb0"=",33,HKLM,Software\\Microsoft\\Internet Explorer\\AdvancedOptions\\%M%\\RADIO,"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Preferences\HME\S-1-5-21-299502267-813497703-725345543-1006]
@DACL=(02 0000)
@SACL=(02 0001)
"SharedLibraryPath"=""
"AcceptedPrivacyStatement"=dword:00000001
"UsageTracking"=dword:00000001
"ForceUsageTracking"=dword:00000000
"DisplayName"="Kiera"
.
Completion time: 2009-09-05 14:53
ComboFix-quarantined-files.txt 2009-09-05 18:53

Pre-Run: 37,225,631,744 bytes free
Post-Run: 37,195,288,576 bytes free

901 --- E O F --- 2009-09-03 15:16

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:20 PM

Posted 05 September 2009 - 02:31 PM

Hello.

I see some leftover entries.

It sounds like a corrupt user profile to me.

Run ComboFix with CFScript
We will run ComboFix again with a script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    Folder::
    c:\windows\system32\tsystem
    
    Dirlook::
    C:\bleep
    
    RegLock::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    [HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.BrowseUI\RegBackup]
    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Preferences\HME\S-1-5-21-299502267-813497703-725345543-1006]
    
    Driver::
    dlflofsu
    tpmmmlj
    tqzj
    ydgb
    yteky
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

With Regards,
The Panda

#11 Zen21

Zen21
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:20 PM

Posted 05 September 2009 - 04:00 PM

All I have is a black screen with a pointer.

#12 Zen21

Zen21
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:20 PM

Posted 05 September 2009 - 04:37 PM

Okay...gave it another shot. I've always had problems restarting when the USB drive was plugged in so I unplugged it and it ran. Although there was an error message that popped up advising ***.cfxxe or the like caused this error. It asked to send it and I clicked no and the program continued. Here's the log. Again I did not have the "H" drive plugged in during this scan though.

ComboFix 09-09-05.01 - Owner 09/05/2009 17:22.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1941 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_dlflofsu
-------\Service_tpmmmlj
-------\Service_tqzj
-------\Service_ydgb
-------\Service_yteky


((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
.

2009-09-05 01:17 . 2009-09-05 01:17 -------- d-----w- c:\windows\system32\tsystem
2009-08-31 20:12 . 2009-08-31 20:12 -------- d-----w- c:\documents and settings\ETHEN\Local Settings\Application Data\Broderbund Software
2009-08-31 18:28 . 2009-08-31 18:28 -------- d-----w- c:\documents and settings\ETHEN\Local Settings\Application Data\Acelogix
2009-08-29 00:04 . 2007-10-31 05:31 56320 ----a-w- C:\eventlog.dll
2009-08-28 23:10 . 2009-08-28 23:10 -------- d-----w- c:\documents and settings\ETHEN\Local Settings\Application Data\AVG Security Toolbar
2009-08-28 23:09 . 2009-08-28 23:09 -------- d-----w- c:\documents and settings\ETHEN\Local Settings\Application Data\Mozilla
2009-08-21 20:01 . 2009-08-21 20:01 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-21 01:01 . 2009-08-21 01:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AVG Security Toolbar
2009-08-20 17:26 . 2009-08-20 17:26 -------- d-----w- c:\documents and settings\ETHEN\Application Data\Apple Computer
2009-08-20 17:24 . 2009-08-20 17:31 -------- d-----w- c:\documents and settings\ETHEN\Application Data\IObit
2009-08-20 16:27 . 2009-08-20 16:27 12552 ------w- c:\windows\system32\drivers\avgrkx86.sys
2009-08-20 16:27 . 2009-08-20 16:27 11952 ------w- c:\windows\system32\avgrsstx.dll
2009-08-20 16:27 . 2009-08-20 16:27 108552 ------w- c:\windows\system32\drivers\avgtdix.sys
2009-08-20 16:27 . 2009-08-20 16:27 335240 ------w- c:\windows\system32\drivers\avgldx86.sys
2009-08-20 16:27 . 2009-08-20 16:27 27784 ------w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-20 16:27 . 2009-09-04 17:00 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-20 16:27 . 2009-08-21 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-20 16:26 . 2009-08-20 16:26 50968 ------w- c:\windows\system32\avgfwdx.dll
2009-08-20 16:26 . 2009-08-20 16:26 29208 ------w- c:\windows\system32\drivers\avgfwdx.sys
2009-08-20 16:21 . 2009-08-20 16:21 -------- d-----w- c:\documents and settings\ETHEN\Application Data\AVG8
2009-08-20 16:19 . 2009-08-20 16:19 -------- d-----w- c:\documents and settings\ETHEN\Local Settings\Application Data\Google
2009-08-20 15:04 . 2009-08-20 15:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Snapfish
2009-08-19 01:26 . 2009-08-19 01:26 -------- d-----w- C:\bleep
2009-08-19 01:23 . 2009-08-19 01:23 -------- d-----w- c:\documents and settings\ETHEN\Application Data\Nero
2009-08-18 23:30 . 2009-08-18 23:30 -------- d-----w- c:\documents and settings\ETHEN\Application Data\Malwarebytes
2009-08-18 22:19 . 2009-08-18 22:19 -------- d-----w- c:\windows\Profiles
2009-08-18 22:17 . 2009-08-18 22:17 -------- d-----w- c:\documents and settings\ETHEN\WINDOWS
2009-08-18 21:42 . 2009-08-18 21:42 -------- d-----w- c:\documents and settings\ETHEN\Application Data\iolo
2009-08-18 20:57 . 2009-08-18 20:57 -------- d-sh--w- c:\documents and settings\ETHEN\PrivacIE
2009-08-18 20:53 . 2009-08-20 17:26 -------- d-----w- c:\documents and settings\ETHEN\Local Settings\Application Data\Apple Computer
2009-08-18 19:16 . 2009-08-18 19:55 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Promosoft Corporation
2009-08-16 18:49 . 2009-08-16 18:50 -------- d-----w- c:\documents and settings\Kiera\Application Data\Corel
2009-08-16 17:54 . 2009-08-16 17:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-16 17:50 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-16 17:50 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-16 17:34 . 2009-08-16 17:34 -------- d-----w- c:\documents and settings\Kiera\Local Settings\Application Data\Intuit
2009-08-16 01:46 . 2009-08-16 01:46 -------- d-----w- c:\documents and settings\Kiera\Local Settings\Application Data\AVG Security Toolbar
2009-08-16 01:43 . 2009-08-16 01:43 -------- d-----w- c:\documents and settings\Kiera\Application Data\Malwarebytes
2009-08-16 01:43 . 2009-08-03 17:36 38160 ------w- c:\windows\system32\drivers\MBAMSWISSARMY.SYS
2009-08-16 01:43 . 2009-08-03 17:36 19096 ------w- c:\windows\system32\drivers\mbam.sys
2009-08-15 23:49 . 2009-08-15 23:44 3942048 ------w- C:\mwbts.exe
2009-08-14 00:17 . 2009-08-14 00:17 -------- d-----w- c:\windows\system32\Adobe
2009-08-14 00:12 . 2008-12-05 00:54 524288 ------w- c:\windows\opuc.dll
2009-08-13 22:44 . 2009-08-31 16:21 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-13 22:06 . 2009-08-13 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-08-13 22:04 . 2009-08-20 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-13 20:14 . 2001-08-18 12:00 5632 -c----w- c:\windows\system32\dllcache\smimsgif.dll
2009-08-13 20:14 . 2001-08-18 12:00 5632 -c----w- c:\windows\system32\dllcache\smierrsy.dll
2009-08-13 20:14 . 2001-08-18 12:00 15872 -c----w- c:\windows\system32\dllcache\smierrsm.dll
2009-08-13 20:14 . 2001-08-18 12:00 10240 -c----w- c:\windows\system32\dllcache\snmpstup.dll
2009-08-13 20:14 . 2001-08-18 12:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2009-08-13 19:58 . 2009-08-16 17:41 -------- dc-h--w- c:\windows\ie8
2009-08-11 22:55 . 2009-08-11 22:55 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\LastPass
2009-08-11 21:37 . 2009-08-13 19:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Software Informer
2009-08-11 21:27 . 2001-08-17 18:07 55168 -c----w- c:\windows\system32\dllcache\aic78u2.sys
2009-08-11 21:27 . 2001-08-17 17:52 12800 -c----w- c:\windows\system32\dllcache\aha154x.sys
2009-08-11 21:17 . 2009-08-11 21:17 -------- d-----w- c:\windows\system32\BackUp
2009-08-11 00:55 . 2009-06-16 14:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-08-11 00:55 . 2009-06-16 14:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2009-08-11 00:52 . 2009-04-15 14:51 585216 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2009-08-11 00:49 . 2009-02-03 19:59 56832 -c----w- c:\windows\system32\dllcache\secur32.dll
2009-08-11 00:47 . 2008-12-16 12:30 354304 -c----w- c:\windows\system32\dllcache\winhttp.dll
2009-08-11 00:45 . 2008-06-12 14:23 91648 -c----w- c:\windows\system32\dllcache\mtxoci.dll
2009-08-11 00:45 . 2008-06-12 14:23 66560 -c----w- c:\windows\system32\dllcache\mtxclu.dll
2009-08-11 00:45 . 2008-06-12 14:23 58880 -c----w- c:\windows\system32\dllcache\msdtclog.dll
2009-08-11 00:45 . 2008-06-12 14:23 161792 -c----w- c:\windows\system32\dllcache\msdtcuiu.dll
2009-08-11 00:45 . 2008-06-12 14:23 956928 -c----w- c:\windows\system32\dllcache\msdtctm.dll
2009-08-11 00:41 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-08-11 00:41 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-08-11 00:41 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-08-11 00:41 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-08-11 00:41 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-11 00:41 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-08-11 00:41 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-11 00:41 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-11 00:39 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-08-11 00:39 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-08-11 00:30 . 2008-10-23 12:36 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll
2009-08-11 00:28 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-08-11 00:26 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-08-11 00:18 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-08-11 00:13 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 17:36 . 2009-02-14 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-03 00:14 . 2007-04-15 03:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Canon
2009-09-01 17:33 . 2008-09-15 00:20 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
2009-08-24 21:59 . 2009-07-14 02:16 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2009-08-18 22:19 . 2007-02-22 14:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-18 22:16 . 2007-02-23 19:13 24064 ------w- c:\windows\autoload.exe
2009-08-18 20:52 . 2009-08-18 20:52 130640 ------w- c:\documents and settings\ETHEN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-18 20:35 . 2007-06-23 16:14 130640 ------w- c:\documents and settings\Kiera\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-18 20:30 . 2007-02-22 07:39 130640 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-18 19:55 . 2007-03-06 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-16 22:25 . 2009-06-01 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 10
2009-08-16 20:30 . 2007-04-06 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2009-08-16 16:55 . 2008-12-30 16:09 -------- d-----w- c:\documents and settings\Kiera\Application Data\Apple Computer
2009-08-13 20:27 . 2007-11-15 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-11 22:24 . 2007-06-08 16:22 -------- d-----w- c:\program files\Common Files\Real
2009-08-11 22:16 . 2009-07-05 01:21 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-02 17:50 . 2009-08-02 17:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Any DVD Converter Professional
2009-07-30 20:10 . 2008-05-11 21:33 114672 ------w- c:\windows\system32\drivers\keyscrambler.sys
2009-07-25 09:23 . 2008-11-23 17:18 411368 ------w- c:\windows\system32\deploytk.dll
2009-07-22 21:23 . 2009-07-22 21:23 74760 ------w- c:\windows\system32\drivers\UniversalDD.sys
2009-07-22 21:23 . 2009-07-22 21:23 25608 ------w- c:\windows\system32\drivers\AVGIDSErHr.sys
2009-07-17 18:54 . 2008-12-25 14:37 -------- d-----w- c:\program files\Common Files\Apple
2009-07-16 23:21 . 2009-01-31 16:52 -------- d-----w- c:\documents and settings\Owner\Application Data\Any Video Converter
2009-07-16 15:32 . 2009-07-16 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Vso
2009-07-16 15:24 . 2009-07-16 15:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso
2009-07-16 15:24 . 2009-07-16 15:24 47360 ----a-w- c:\documents and settings\Owner\Application Data\pcouffin.sys
2009-07-16 15:24 . 2009-07-16 15:24 47360 ------w- c:\windows\system32\drivers\pcouffin.sys
2009-07-15 02:36 . 2008-04-23 12:49 455584 ------w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-14 16:50 . 2009-07-14 16:50 -------- d-----w- c:\documents and settings\Owner\Application Data\NeroDigital™
2009-07-14 16:06 . 2009-07-14 16:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Nero
2009-07-14 13:55 . 2008-05-14 15:35 -------- d-----w- c:\program files\Common Files\Nero
2009-07-14 13:54 . 2009-07-14 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-07-12 03:27 . 2009-07-12 02:20 -------- d-----w- c:\documents and settings\Owner\Application Data\MOVAVI
2009-07-11 02:16 . 2009-07-11 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PIXELA
2009-07-11 01:41 . 2009-07-09 23:13 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss
2009-07-11 01:38 . 2009-02-17 00:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Roxio
2009-07-09 05:31 . 2009-07-09 05:01 664 ------w- c:\windows\system32\d3d9caps.dat
2009-07-08 13:17 . 2009-07-08 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-07-07 22:25 . 2007-02-22 16:44 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2009-07-07 21:48 . 2009-03-28 17:10 94484 ---h--w- c:\windows\system32\mlfcache.dat
2009-06-29 20:55 . 2007-10-24 05:47 282112 ------w- c:\windows\system32\mscoree.dll
2009-06-24 19:36 . 2009-06-24 19:36 265797 ------w- c:\windows\system32\pdvcodec.dll
2009-06-16 14:36 . 2001-08-18 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2001-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2007-08-01 17:28 . 2007-05-11 14:55 88 --sh--r- c:\windows\system32\239B347DBC.sys
2007-08-01 17:28 . 2007-05-11 14:48 2516 --sh--w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\bleep ----

2009-08-19 01:26 . 2009-08-19 01:05 472064 ------w- c:\bleep\RootRepeal.exe
2009-08-19 01:26 . 2009-08-19 01:02 359932 ------w- c:\bleep\dds.scr


((((((((((((((((((((((((((((( SnapShot@2009-09-05_18.50.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-05 21:05 . 2009-09-05 21:05 16384 c:\windows\Temp\Perflib_Perfdata_e50.dat
+ 2009-09-05 21:05 . 2009-09-05 21:05 16384 c:\windows\Temp\Perflib_Perfdata_900.dat
+ 2009-09-05 18:51 . 2008-10-16 19:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-09-05 18:51 . 2007-10-31 05:33 13824 c:\windows\system32\dllcache\cache\wscntfy.exe
+ 2009-09-05 18:51 . 2007-10-31 05:32 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-09-05 18:51 . 2007-10-31 05:33 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-09-05 18:51 . 2007-10-31 05:32 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-09-05 18:51 . 2007-10-31 05:32 71680 c:\windows\system32\dllcache\cache\ssdpsrv.dll
+ 2009-09-05 18:51 . 2007-10-31 05:32 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-09-05 18:51 . 2007-10-31 05:32 59904 c:\windows\system32\dllcache\cache\regsvc.dll
+ 2009-09-05 18:51 . 2007-10-31 05:32 88576 c:\windows\system32\dllcache\cache\rasauto.dll
+ 2009-09-05 18:51 . 2007-10-31 05:32 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-09-05 18:51 . 2006-10-19 02:47 27136 c:\windows\system32\dllcache\cache\mspmsnsv.dll
+ 2009-09-05 18:51 . 2007-10-31 05:31 33792 c:\windows\system32\dllcache\cache\msgsvc.dll
+ 2009-09-05 18:51 . 2007-10-31 05:32 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-09-05 18:51 . 2007-10-31 05:31 22016 c:\windows\system32\dllcache\cache\lpk.dll
+ 2009-09-05 18:51 . 2007-10-31 05:31 19968 c:\windows\system32\dllcache\cache\linkinfo.dll
+ 2009-09-05 18:51 . 2007-10-30 23:40 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-09-05 18:51 . 2007-10-30 23:41 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-09-05 18:51 . 2007-10-31 05:31 56320 c:\windows\system32\dllcache\cache\eventlog.dll
+ 2009-09-05 18:51 . 2007-10-31 05:32 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-09-05 18:51 . 2007-10-31 05:31 62464 c:\windows\system32\dllcache\cache\cryptsvc.dll
+ 2009-09-05 18:51 . 2007-10-31 05:31 77824 c:\windows\system32\dllcache\cache\browser.dll
+ 2009-09-05 18:51 . 2007-10-30 23:46 14336 c:\windows\system32\dllcache\cache\asyncmac.sys
+ 2009-09-05 18:51 . 2001-08-18 12:00 11648 c:\windows\system32\dllcache\cache\acpiec.sys
+ 2009-09-05 18:51 . 2007-10-31 05:32 5120 c:\windows\system32\dllcache\cache\sfc.dll
+ 2009-09-05 18:51 . 2001-08-18 12:00 2944 c:\windows\system32\dllcache\cache\null.sys
+ 2009-09-05 18:51 . 2001-08-18 12:00 4224 c:\windows\system32\dllcache\cache\beep.sys
+ 2009-09-05 18:51 . 2007-10-31 05:32 129024 c:\windows\system32\dllcache\cache\xmlprov.dll
+ 2009-09-05 18:51 . 2007-10-31 05:33 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-09-05 18:51 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-09-05 18:51 . 2007-10-31 05:32 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-09-05 18:51 . 2007-10-31 05:32 185856 c:\windows\system32\dllcache\cache\upnphost.dll
+ 2009-09-05 18:51 . 2007-10-31 05:32 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-09-05 18:51 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-09-05 18:51 . 2007-10-31 05:32 249856 c:\windows\system32\dllcache\cache\tapisrv.dll
+ 2009-09-05 18:51 . 2007-10-31 05:32 171008 c:\windows\system32\dllcache\cache\srsvc.dll
+ 2009-09-05 18:51 . 2007-10-31 05:32 135168 c:\windows\system32\dllcache\cache\shsvcs.dll
+ 2009-09-05 18:51 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-09-05 18:51 . 2007-10-31 05:32 192512 c:\windows\system32\dllcache\cache\schedsvc.dll
+ 2009-09-05 18:51 . 2007-10-31 05:32 181248 c:\windows\system32\dllcache\cache\scecli.dll
+ 2009-09-05 18:51 . 2009-02-09 12:10 401408 c:\windows\system32\dllcache\cache\rpcss.dll
+ 2009-09-05 18:51 . 2007-10-31 05:32 409088 c:\windows\system32\dllcache\cache\qmgr.dll
+ 2009-09-05 18:51 . 2007-10-31 05:31 435200 c:\windows\system32\dllcache\cache\ntmssvc.dll
+ 2009-09-05 18:51 . 2007-10-31 00:27 574976 c:\windows\system32\dllcache\cache\ntfs.sys
+ 2009-09-05 18:51 . 2007-10-31 05:31 198144 c:\windows\system32\dllcache\cache\netman.dll
+ 2009-09-05 18:51 . 2007-10-31 05:31 407040 c:\windows\system32\dllcache\cache\netlogon.dll
+ 2009-09-05 18:51 . 2007-10-31 00:33 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-09-05 18:51 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\cache\mswsock.dll
+ 2009-09-05 18:51 . 2007-10-31 05:31 927504 c:\windows\system32\dllcache\cache\mfc40u.dll
+ 2009-09-05 18:51 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-09-05 18:51 . 2007-10-31 05:31 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-09-05 18:51 . 2008-07-07 20:26 253952 c:\windows\system32\dllcache\cache\es.dll
+ 2009-09-05 18:51 . 2007-10-31 05:31 792064 c:\windows\system32\dllcache\cache\comres.dll
+ 2009-09-05 18:51 . 2007-10-31 05:31 617472 c:\windows\system32\dllcache\cache\comctl32.dll
+ 2009-09-05 18:51 . 2007-10-30 21:37 142592 c:\windows\system32\dllcache\cache\aec.sys
+ 2009-09-05 18:51 . 2007-10-31 05:32 1614336 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-09-05 18:51 . 2009-02-06 11:08 2189056 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-09-05 18:51 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-09-05 18:51 . 2009-05-13 05:15 5936128 c:\windows\system32\dllcache\cache\mshtml.dll
+ 2009-09-05 18:51 . 2007-10-31 05:32 1033728 c:\windows\system32\dllcache\cache\explorer.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:56 1062144 ------w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wben"="c:\windows\Program Files\Starfield\Desktop Notifier\wben.exe" [2009-06-25 338456]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Nero\data\Xtras\mssysmgr.exe" [2005-02-26 212992]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2003-04-15 1498032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\windows\Program Files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"mxomssmenu"="d:\maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2009-07-13 292128]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"Adobe Photo Downloader"="d:\adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"AVGIDS"="c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-07-22 1600008]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-20 2007832]
"SoundMan"="soundman.exe" - c:\windows\soundman.exe [2002-03-21 46592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
"Software Informer"="d:\iobit\Software Informer\softinfo.exe" [2009-07-15 1953861]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KeyScrambler"="c:\program files\KeyScrambler\getting_started.html" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-7-16 984352]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-20 16:27 11952 ------w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf d:\iolo\System Mechanic 5

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MBCameraMonitor.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ioloSystemService"=3 (0x3)
"ioloFileInfoList"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Defender"="c:\windows\Program Files\Windows Defender\MSASCui.exe" -hide

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\kav\\kis\\setup.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"e:\\P-Cut\\ProCut Production Suite\\Program\\app2.exe"=
"c:\\WINDOWS\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"d:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [7/22/2009 5:23 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8/20/2009 12:27 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/20/2009 12:27 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/20/2009 12:27 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/20/2009 12:26 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/20/2009 12:26 PM 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [8/20/2009 12:27 PM 1370488]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [7/22/2009 5:23 PM 571912]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2/25/2009 6:06 PM 13088]
R2 IS360service;IS360service;d:\iobit\IObit Security 360\is360srv.exe [8/10/2009 8:10 PM 305936]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [12/16/2007 4:12 PM 72672]
R2 SAiDownloader;SAiDownloader;c:\windows\system32\SAiDownloader.exe [5/14/2008 12:20 PM 438272]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [4/27/2007 1:00 AM 316992]
R2 WinDefend;Windows Defender;c:\windows\Program Files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8/20/2009 12:26 PM 29208]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys [7/22/2009 5:23 PM 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys [7/22/2009 5:23 PM 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys [7/22/2009 5:23 PM 27232]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [5/11/2008 5:33 PM 114672]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe [7/22/2009 5:23 PM 5641736]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8/20/2009 12:26 PM 29208]
S3 FA31x;Netgear FA311/312 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\FA31xND5.SYS [10/1/2008 8:45 AM 16025]
S3 fiddrv;fiddrv;c:\windows\system32\drivers\fiddrv.sys [11/25/2007 8:33 PM 9896]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [5/11/2008 9:18 PM 42112]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2/28/2008 6:26 PM 44928]
S3 SGUARD;SGUARD;\??\c:\windows\system32\drivers\SGuard.sys --> c:\windows\system32\drivers\SGuard.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\windows\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-09-05 c:\windows\Tasks\User_Feed_Synchronization-{2BF29590-F45E-47F4-B2DE-15DA8E3A6B56}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

2009-09-05 c:\windows\Tasks\User_Feed_Synchronization-{572CF56A-69DB-42D6-8532-895FC5D0B8B1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

2009-09-05 c:\windows\Tasks\User_Feed_Synchronization-{6A0EC750-D229-4077-A2ED-918FE52462A7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

2009-09-05 c:\windows\Tasks\User_Feed_Synchronization-{89442B34-00E2-44D7-BB2C-265B72E172D4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - d:\intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vpfgam68.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vpfgam68.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: d:\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Panda Security\ActiveScan 2.0\npwrapper.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\Windows Media Player\npdrmv2.dll
FF - plugin: c:\program files\Windows Media Player\npdsplay.dll
FF - plugin: c:\program files\Windows Media Player\npwmsdrm.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
FF - plugin: c:\windows\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\windows\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\windows\Program Files\Microsoft Silverlight\3.0.40723.0\npctrl.1.0.30401.0.dll
FF - plugin: c:\windows\Program Files\Microsoft Silverlight\3.0.40723.0\npctrl.dll
FF - plugin: d:\itunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\mozilla firefox\plugins\npwbe.dll
FF - plugin: d:\videolan\VLC\npvlc.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 17:28
Windows 5.1.2600 Service Pack 3, v.5755 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
@SACL=(02 0001)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,7e,19,5f,60,63,52,47,94,c0,91,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,7e,19,5f,60,63,52,47,94,c0,91,\

[HKEY_USERS\S-1-5-21-299502267-813497703-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@SACL=(02 0002)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(388)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-05 17:30
ComboFix-quarantined-files.txt 2009-09-05 21:30
ComboFix2.txt 2009-09-05 18:53

Pre-Run: 37,170,909,184 bytes free
Post-Run: 37,131,972,608 bytes free

439 --- E O F --- 2009-09-03 15:16

#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:20 PM

Posted 05 September 2009 - 06:37 PM

Hello.

Are any of those problems described present on the new user profile?

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
    c:\windows\system32\tsystem /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select Critical Areas.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


Please take a new DDS.txt log.

With Regards,
The Panda

#14 Zen21

Zen21
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:20 PM

Posted 05 September 2009 - 08:59 PM

Here is the SystemLook log. In the mean time, Kaspersky is downloading the updates so it wont be till the morning I get the other two logs to you. Thanks again for your time.

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 21:46 on 05/09/2009 by Owner (Administrator - Elevation successful)

========== dir ==========

c:\windows\system32\tsystem - Parameters: "/s"

---Files---
None found.

c:\windows\system32\tsystem\internet explorer d----- [01:17 05/09/2009]

c:\windows\system32\tsystem\internet explorer\connection wizard d----- [01:17 05/09/2009]

c:\windows\system32\tsystem\microsoft frontpage d----- [01:17 05/09/2009]

c:\windows\system32\tsystem\microsoft frontpage\version3.0 d----- [01:17 05/09/2009]

c:\windows\system32\tsystem\microsoft frontpage\version3.0\bin d----- [01:17 05/09/2009]

c:\windows\system32\tsystem\movie maker d----- [01:17 05/09/2009]

c:\windows\system32\tsystem\msn gaming zone d----- [01:17 05/09/2009]

c:\windows\system32\tsystem\msn gaming zone\windows d----- [01:17 05/09/2009]

c:\windows\system32\tsystem\netmeeting d----- [01:17 05/09/2009]

c:\windows\system32\tsystem\outlook express d----- [01:17 05/09/2009]

c:\windows\system32\tsystem\windows media player d----- [01:17 05/09/2009]

c:\windows\system32\tsystem\windows nt d----- [01:17 05/09/2009]

c:\windows\system32\tsystem\windows nt\accessories d----- [01:17 05/09/2009]

c:\windows\system32\tsystem\windows nt\pinball d----- [01:17 05/09/2009]

c:\windows\system32\tsystem\xerox d----- [01:17 05/09/2009]

c:\windows\system32\tsystem\xerox\nwwia d----- [01:17 05/09/2009]

-=End Of File=-

#15 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:20 PM

Posted 05 September 2009 - 09:31 PM

Hello.

Kaspersky is downloading the updates so it wont be till the morning I get the other two logs to you

Don't worry about it.

Kaspersky sometimes decides to take a really long time. If it's unreasonably long, feel free to abort the scan as it's not vital.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users