Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dds.scr Log


  • This topic is locked This topic is locked
9 replies to this topic

#1 thumper58

thumper58

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 27 October 2009 - 11:11 PM

Moderator note: Topic referenced below was posted by this member's son and concerns the same computer. ~ OB

see http://www.bleepingcomputer.com/forums/t/266498/security-center-alert-and-other-fake-virus-alerts/ for background. I'm not sure what kind of infection I have.

My son contacted you first regarding a virus that entered my computer while trying to access information on the imbd.com site. He has removed a number of items but it is still causing trouble e.g.
-Sysem Hibernate no longer works, it starts to Hibernate then blinks and comes back on
- Outlook is misbehaving, it will no longer open MSWord as the preferred editor. I get an error message that says Word is no longer available yet I can open Word just fine
- This screen blinks on and off (quickly) from time to time, particularly when rebooting. It didn't do this prior to being infected
- When I try to go to a specific URL in IE, I often get redirected to an unrelated site.

Per the instructions in the forum I received, I tried downloading dds.scr. The first hint of a problem is that when I start to download the file, under program type rather than "screensaver, 351KB" it says "AutoCAD LT Script, 511KB". I downloaded it and tried running it and it will only open a Notepad file of jibberish. The desktop Icon doesn't look like the one in the instructiions. (I did disable script blocking (McAfee) prior to downloading or running the file)

I am not sure if I should go ahead and try running RootRepeal or not. Thought I'd better check with you.

Thank you,
David

Pasting in logs from other topic. ~ OB

ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2009/10/23 18:20
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xBA63C000 Size: 7872 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA6F24000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\windows\temp\sqlite_mfkagy4ps4aqri9
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_0hnktp586vcjmo8
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_5un8xmdmxq1dj7x
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_6b3hfe1shsadg6l
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_b0q0y9hfe4tregu
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_ct478fbowh7u6p7
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_gaqddo9v4irqjat
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_jatond6w1um8kxt
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_lxyvmdyxn6sc41k
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\perflib_perfdata_810.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\WINDOWS\Temp\sqlite_gpTzIon331ZQZN0
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xb9ecae22

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xb9eabcdc

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xb9eabece

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xb9ecb610

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xb9ecb8c4

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xb9ec9b14

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xb9ecbd30

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xb9ecb0e2

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xb9eab982

==EOF==

Running from: C:\Documents and Settings\David Stevenson\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\David Stevenson\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!

Volume in drive C has no label.
Volume Serial Number is 2475-6B2F

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 04:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 04:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 04:00 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 05:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 05:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 05:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

04/13/2008 05:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\system32

04/13/2008 05:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

04/13/2008 05:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Total Files Listed:
9 File(s) 1,932,288 bytes
0 Dir(s) 57,429,905,408 bytes free

Attached Files


Edited by Orange Blossom, 28 October 2009 - 08:15 PM.


BC AdBot (Login to Remove)

 


#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 PM

Posted 03 November 2009 - 05:17 AM

Hello and :( to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

*If you have since resolved the original problem you were having, we would appreciate you letting us know.

*If not please perform the following steps below so we can have a look at the current condition of your machine.

*If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

**If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.


You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications.
In order to be notified via email when your topic has a reply you need to enable topic notifications. To enable topic notifications you should do the following:

1. Click on the My Controls link at the top of the page to enter your control panel.

2. Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.

3. Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.

4. Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied

The topics you are tracking are shown Here.
Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

----------------------------*-------------------------------

We need to see some information about what is happening in your machine.

Please perform the following scan:


Posted Image
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:(

#3 thumper58

thumper58
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 03 November 2009 - 10:02 PM

Hi, I know you folks are very busy and buried and you're providing a valuable service so I don't wish to sound ungrateful but it seems as though no one actually read my last message. I have done all of the steps outlined in your previous message, responded with a description of the symptoms I am experienceing on my computer and explained that I cannot download and run the dds file. I attached screenshots to my previous message to show you the results I got when I tried to download the dds file.

I have also enabled automatic email notification but have waited a week and got no such notification. So, this evening I decided to check your website and lo & behold found your most recent message basically again telling me to do everything I've already tried.

I am not sure how much longer my computer will be funcitoning. The symptoms of the corruption, virus or malware (whatever it is) are apparently progressing, Today my McAfee won't run, it gives me an error message that says the computer is not connected to the internet when in fact it is. Also, the screen blinks off & on several times a day; all of the desktop icons go away then slowly it repopulates the desktop. Both of these are recent developments. As mentioned by my son in an earlier message, Sarting in Safe Mode does not work nor does System Hibernate.

Please if you can, help. I fear my only option will soon be to reformat and reinstall everything, something I would desperately like to avoid.

Thank you

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 AM

Posted 03 November 2009 - 10:46 PM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am Posted Image and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

==========

I am concerned that your son in his determination to rid your computer of this infection might have done more harm then good!

I think I have removed a lot of what was installed by using Spybot, process explorer and spyware doctor to identify bad files, then removing exes, dlls, temporary files and registry keys myself

http://www.bleepingcomputer.com/forums/ind...t&p=1470016

Altering the computers registry by an untrained novice can have disastrous results. We will see...

==========

RKill by Grinler

Link #1
Link #2
Link #3
Link #4

  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen with briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.
==========

Download and Run ComboFix (by sUBs)

You must rename it before saving it.

Posted Image

Posted Image

Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

With your next post please provide:

* Combofix.txt

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 thumper58

thumper58
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 04 November 2009 - 02:30 PM

Attached File  log.txt   20.83KB   8 downloadsello thebytes, thanks very much for your detailed instructions. Before I start, I'd just like to reiterate how much I do appreciate your help and the help of the other folks at Bleeping Computer. I know you folks do this for free and your services are very much appreciated by me.

I ran the RKill by Grinler and it ran fine from the 1st Link.

I then ran ComboFix after downloading to my desktop and changing the name. It ran fine; the only unexpected issue was it came back and said there's a newer version available and asked if I wanted to download it. I clicked "no" and ran the one you directed me to.

I have attached the log ComboFix produced. I saved it to my desktop as .txt file and have attached that version too.

Thank you again for your assitance. Incidently, my son is actually a degree'd software engineer with certifications in .NETFramework so he's not exactly a novice. My virus problem came up while visiting him in another state. Unfortunately, I had to return home so he wisely directed me to your site for help upon my return.

Best Regards,
thumper58

Attached Files



#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 AM

Posted 04 November 2009 - 10:26 PM

Well done. :(

I'd just like to reiterate how much I do appreciate your help and the help of the other folks at Bleeping Computer.

Your welcome.

==========

newer version available

Allow it to update next time.

==========

Incidently, my son is actually a degree'd software engineer with certifications in .NETFramework so he's not exactly a novice. My virus problem came up while visiting him in another state. Unfortunately, I had to return home so he wisely directed me to your site for help upon my return

:) More experienced than most indeed. We could use him around here if he had an interest.
http://www.bleepingcomputer.com/forums/t/86678/malware-removal-training-program/

==========

Please copy & paste your logs directly into the post. It makes it easier to read.

==========

Let's continue.......

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

==========

:( Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

killall::

File::
C:\jyacth.exe


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

=========

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
==========

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.Posted Image
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
==========

With your next post please provide:

* Exehelper log
* Combofix log
* MBAM log
* ESET log
* OTL.txt
* OTL Extra.txt
* How is your computer running?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 thumper58

thumper58
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 06 November 2009 - 10:08 AM

Hello thcbytes,

here are the logs & information as directed:

exeHelper by Raktor
Build 20091021
Run at 14:59:51 on 11/05/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

**********************************************

ComboFix Log:

ComboFix 09-11-05.01 - David Stevenson 11/05/2009 16:09.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1484 [GMT -7:00]
Running from: c:\documents and settings\David Stevenson\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\David Stevenson\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"C:\jyacth.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\David Stevenson\Desktop\exeHelper.com
C:\jyacth.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.

2009-11-05 15:21 . 2009-11-05 15:22 -------- d--h--w- c:\program files\ASI_temp
2009-11-04 18:46 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-04 18:46 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-04 18:23 . 2009-11-04 18:54 -------- d-----w- C:\thcbytes
2009-10-29 02:03 . 2009-10-29 02:03 -------- d-----w- c:\documents and settings\David Stevenson\Application Data\Spyzooka
2009-10-28 23:56 . 2009-10-29 02:03 -------- d-----w- c:\program files\SpyZooka
2009-10-24 04:02 . 2009-10-28 23:27 815760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-10-24 04:02 . 2009-10-28 23:27 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-10-24 04:02 . 2009-10-28 23:27 1638104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-10-24 04:02 . 2009-10-28 23:27 788368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-10-24 04:02 . 2009-10-28 23:27 1179232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-10-24 04:00 . 2009-10-24 04:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-24 04:00 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-24 04:00 . 2009-10-24 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-24 04:00 . 2009-10-24 04:00 -------- d-----w- c:\program files\Lavasoft
2009-10-23 23:44 . 2009-10-23 23:44 -------- d-----w- c:\documents and settings\David Stevenson\Local Settings\Application Data\Threat Expert
2009-10-23 23:30 . 2009-10-25 21:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-23 21:08 . 2009-10-23 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-23 21:08 . 2009-10-23 23:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-19 22:10 . 2009-10-19 22:11 -------- d-----w- c:\program files\VideoReDoPlus
2009-10-15 22:40 . 2009-10-15 22:40 -------- d-----w- c:\documents and settings\David Stevenson\Local Settings\Application Data\WinZip
2009-10-15 22:39 . 2009-10-15 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-10-12 16:04 . 2009-10-12 16:04 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2009-10-09 00:08 . 2009-10-09 00:08 -------- d-----w- c:\documents and settings\David Stevenson\Application Data\InstallShield
2009-10-07 01:52 . 2009-10-07 01:52 -------- d-----w- c:\documents and settings\David Stevenson\Application Data\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 21:54 . 2009-09-19 23:00 -------- d-----w- c:\program files\EagleVision
2009-11-05 21:34 . 2009-09-19 22:19 8636 ----a-w- c:\documents and settings\David Stevenson\Application Data\wklnhst.dat
2009-11-05 14:16 . 2009-09-19 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-11-05 14:16 . 2009-09-20 22:38 -------- d-----w- c:\documents and settings\David Stevenson\Application Data\CE
2009-11-04 17:07 . 2009-09-19 21:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-23 20:53 . 2006-03-01 08:05 -------- d-----w- c:\program files\McAfee
2009-10-22 17:57 . 2009-09-20 04:19 -------- d-----w- c:\documents and settings\David Stevenson\Application Data\GARMIN
2009-10-12 16:15 . 2009-09-19 23:00 99408 ----a-w- c:\documents and settings\David Stevenson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-11 20:29 . 2006-03-01 08:06 -------- d-----w- c:\program files\Google
2009-10-09 00:08 . 2006-03-01 07:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-06 19:42 . 2009-10-06 19:42 -------- d-----w- c:\program files\Xilisoft
2009-10-01 15:00 . 2009-09-24 14:04 -------- d-----w- c:\program files\Palm
2009-09-29 22:22 . 2009-09-29 22:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-29 22:22 . 2006-03-01 07:47 -------- d-----w- c:\program files\Java
2009-09-29 22:03 . 2009-09-29 22:03 152576 ----a-w- c:\documents and settings\David Stevenson\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-09-25 23:21 . 2009-09-25 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-25 23:21 . 2009-09-25 23:21 -------- d-----w- c:\program files\McAfee Security Scan
2009-09-25 22:48 . 2009-09-25 22:47 -------- d-----w- c:\program files\Common Files\Solveig Multimedia
2009-09-25 22:47 . 2009-09-25 22:47 -------- d-----w- c:\program files\Solveig Multimedia
2009-09-25 22:32 . 2006-03-01 07:57 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-09-24 23:36 . 2009-09-19 23:08 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-24 14:09 . 2009-09-24 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\HotSync
2009-09-24 14:04 . 2009-09-24 14:04 8854 ----a-r- c:\documents and settings\David Stevenson\Application Data\Microsoft\Installer\{32EF6F81-583E-4127-918D-D3768A8957C4}\PDTHelpShortcut__4B691FC6F103435EA1F6339BD6C78617_2.exe
2009-09-24 14:04 . 2009-09-24 14:04 65536 ----a-r- c:\documents and settings\David Stevenson\Application Data\Microsoft\Installer\{32EF6F81-583E-4127-918D-D3768A8957C4}\PalmDesktopShortcut.exe
2009-09-24 14:04 . 2009-09-24 14:04 65536 ----a-r- c:\documents and settings\David Stevenson\Application Data\Microsoft\Installer\{32EF6F81-583E-4127-918D-D3768A8957C4}\NewShortcut1_1.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe
2009-09-24 14:04 . 2009-09-24 14:04 65536 ----a-r- c:\documents and settings\David Stevenson\Application Data\Microsoft\Installer\{32EF6F81-583E-4127-918D-D3768A8957C4}\ARPPRODUCTICON.exe
2009-09-24 14:04 . 2009-09-24 14:04 40960 ----a-r- c:\documents and settings\David Stevenson\Application Data\Microsoft\Installer\{32EF6F81-583E-4127-918D-D3768A8957C4}\NewShortcut6_45BA714564B04B5DBDC240E20FCDC6DC.exe
2009-09-24 14:04 . 2009-09-24 14:04 40960 ----a-r- c:\documents and settings\David Stevenson\Application Data\Microsoft\Installer\{32EF6F81-583E-4127-918D-D3768A8957C4}\NewShortcut1_45BA714564B04B5DBDC240E20FCDC6DC.exe
2009-09-24 14:03 . 2009-09-24 14:03 -------- d-----w- c:\documents and settings\David Stevenson\Application Data\HotSync
2009-09-24 14:02 . 2009-09-24 14:08 16694 ----a-w- c:\windows\system32\drivers\PalmUSBD.sys
2009-09-24 14:02 . 2009-09-24 14:08 53248 ----a-w- c:\windows\PalmDevC.dll
2009-09-24 14:02 . 2004-06-09 21:27 53248 ----a-w- c:\windows\system32\palmdevc.dll
2009-09-23 23:03 . 2004-08-11 23:14 87699 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-09-22 22:55 . 2009-09-22 22:55 -------- d-----w- c:\documents and settings\David Stevenson\Application Data\ArcSoft
2009-09-22 22:54 . 2009-09-22 22:54 -------- d-----w- c:\documents and settings\David Stevenson\Application Data\Image Zone Express
2009-09-22 22:53 . 2009-09-20 19:38 -------- d-----w- c:\documents and settings\David Stevenson\Application Data\HP
2009-09-21 16:01 . 2009-09-21 16:01 -------- d-----w- c:\program files\Citrix
2009-09-21 04:42 . 2009-09-21 04:42 138 ----a-w- c:\documents and settings\David Stevenson\Local Settings\Application Data\fusioncache.dat
2009-09-21 04:35 . 2009-09-21 04:35 -------- d-----w- c:\documents and settings\David Stevenson\Application Data\Sonic
2009-09-21 04:34 . 2009-09-21 04:34 -------- d-----w- c:\documents and settings\David Stevenson\Application Data\Leadertech
2009-09-21 00:17 . 2009-09-21 00:17 9454 ----a-r- c:\documents and settings\David Stevenson\Application Data\Microsoft\Installer\{AFDFC350-C142-4790-BE12-8357AECD028F}\_6FEFF9B68218417F98F549.exe
2009-09-21 00:17 . 2009-09-21 00:17 -------- d-----w- c:\program files\SyncToy 2.0
2009-09-21 00:16 . 2009-09-21 00:16 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-20 23:58 . 2009-09-20 22:35 -------- d-----w- c:\program files\CE
2009-09-20 23:53 . 2009-09-20 16:48 -------- d-----w- c:\documents and settings\David Stevenson\Application Data\Autodesk
2009-09-20 22:27 . 2009-09-20 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-09-20 22:27 . 2006-03-01 07:53 -------- d-----w- c:\program files\CyberLink
2009-09-20 21:55 . 2009-09-20 21:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-09-20 21:54 . 2009-09-20 21:54 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-09-20 21:13 . 2009-09-20 20:43 -------- d-----w- c:\program files\KIP
2009-09-20 20:43 . 2009-09-20 20:43 53248 ----a-r- c:\documents and settings\David Stevenson\Application Data\Microsoft\Installer\{C0333997-7B38-416D-B69B-206CC24A9F7C}\NewShortcut11_C03339977B38416DB69B206CC24A9F7C.exe
2009-09-20 20:43 . 2009-09-20 20:43 53248 ----a-r- c:\documents and settings\David Stevenson\Application Data\Microsoft\Installer\{C0333997-7B38-416D-B69B-206CC24A9F7C}\NewShortcut1_C03339977B38416DB69B206CC24A9F7C.exe
2009-09-20 20:43 . 2009-09-20 20:43 17486 ----a-r- c:\documents and settings\David Stevenson\Application Data\Microsoft\Installer\{C0333997-7B38-416D-B69B-206CC24A9F7C}\ARPPRODUCTICON.exe
2009-09-20 20:43 . 2009-09-20 20:43 -------- d-----w- c:\program files\Common Files\KIP
2009-09-20 20:40 . 2009-09-20 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-09-20 20:05 . 2009-09-20 20:05 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-09-20 19:50 . 2009-09-20 19:38 112897 ----a-w- c:\windows\hpoins07.dat
2009-09-20 19:48 . 2009-09-20 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-09-20 19:48 . 2009-09-20 19:40 -------- d-----w- c:\program files\HP
2009-09-20 19:48 . 2009-09-20 19:48 -------- d-----w- c:\program files\Common Files\HP
2009-09-20 19:47 . 2009-09-20 19:47 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-20 19:45 . 2009-09-20 19:45 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-09-20 19:28 . 2009-09-20 19:28 34 ----a-w- c:\windows\system32\BD7020.DAT
2009-09-20 18:17 . 2009-09-20 18:16 -------- d-----w- c:\program files\Autodesk Symbols 2000
2009-09-20 18:11 . 2009-09-20 18:05 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-09-20 18:11 . 2009-09-20 18:07 -------- d-----w- c:\program files\AutoCAD LT 2006
2009-09-20 18:11 . 2009-09-20 18:11 -------- d-----w- c:\program files\AnswerWorks 4.0
2009-09-20 18:07 . 2009-09-20 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-09-20 18:05 . 2009-09-20 18:05 -------- d-----w- c:\program files\Autodesk
2009-09-20 17:21 . 2009-09-20 17:21 -------- d-----w- c:\program files\MSBuild
2009-09-20 17:21 . 2009-09-20 17:21 -------- d-----w- c:\program files\Reference Assemblies
2009-09-20 17:17 . 2009-09-20 17:17 -------- d-----w- c:\program files\MSXML 6.0
2009-09-20 04:34 . 2009-09-20 04:32 -------- d-----w- c:\program files\Topo USA 2.0
2009-09-20 04:19 . 2009-09-20 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN
2009-09-20 04:18 . 2009-09-20 04:18 -------- d-----w- c:\program files\DIFX
2009-09-20 04:18 . 2009-09-20 04:18 -------- d-----w- c:\program files\Garmin
2009-09-20 03:00 . 2009-09-20 03:00 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-20 02:59 . 2009-09-20 02:59 -------- d-----w- c:\program files\Microsoft.NET
2009-09-20 00:12 . 2009-09-20 00:12 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-09-19 23:43 . 2009-09-19 23:43 -------- d-----w- c:\program files\Crypto Systems
2009-09-19 23:31 . 2009-09-19 23:31 -------- d-----w- c:\documents and settings\David Stevenson\Application Data\FarStone
2009-09-19 23:31 . 2009-09-19 23:31 5501 ----a-w- c:\windows\system32\rtclcmg32.dll
2009-09-19 23:26 . 2009-09-19 23:26 -------- d-----w- c:\program files\FarStone
2009-09-19 23:13 . 2009-09-19 23:13 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-09-19 23:00 . 2009-09-19 23:00 29926 ----a-r- c:\documents and settings\David Stevenson\Application Data\Microsoft\Installer\{3DB2148F-0879-4A05-BF75-54E8F0FAE16F}\NewShortcut21_33A0C7209C964BA497397E05E97CC1B1.exe
2009-09-19 23:00 . 2009-09-19 23:00 29926 ----a-r- c:\documents and settings\David Stevenson\Application Data\Microsoft\Installer\{3DB2148F-0879-4A05-BF75-54E8F0FAE16F}\NewShortcut2_C53F028190A442189D8DDF9C0D2A47BD.exe
2009-09-19 23:00 . 2009-09-19 23:00 25214 ----a-r- c:\documents and settings\David Stevenson\Application Data\Microsoft\Installer\{3DB2148F-0879-4A05-BF75-54E8F0FAE16F}\NewShortcut11_AAFDAC9ED31C42C5BF1DC77EB7582707.exe
2009-09-19 23:00 . 2009-09-19 23:00 2002234 ----a-w- c:\documents and settings\David Stevenson\Application Data\InstallShield Installation Information\{3DB2148F-0879-4A05-BF75-54E8F0FAE16F}\ISSetup.dll
2009-09-19 23:00 . 2009-09-19 23:00 -------- d-----w- c:\documents and settings\David Stevenson\Application Data\InstallShield Installation Information
2009-09-19 23:00 . 2009-09-19 23:00 29926 ----a-r- c:\documents and settings\David Stevenson\Application Data\Microsoft\Installer\{3DB2148F-0879-4A05-BF75-54E8F0FAE16F}\ARPPRODUCTICON.exe
2009-09-19 23:00 . 2009-09-19 23:00 25214 ----a-r- c:\documents and settings\David Stevenson\Application Data\Microsoft\Installer\{3DB2148F-0879-4A05-BF75-54E8F0FAE16F}\NewShortcut1_91E1AF594BE44DEDB235372A9D053379.exe
2009-09-19 22:58 . 2009-09-19 23:00 331776 ----a-w- c:\documents and settings\David Stevenson\Application Data\InstallShield Installation Information\{3DB2148F-0879-4A05-BF75-54E8F0FAE16F}\setup.exe
2009-09-19 22:48 . 2006-03-01 08:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-19 22:32 . 2009-09-19 22:32 -------- d-----w- c:\program files\MSXML 4.0
2009-09-19 22:04 . 2006-03-01 07:59 -------- d-----w- c:\program files\Common Files\Intuit
2009-09-19 21:53 . 2006-03-01 07:56 -------- d-----w- c:\program files\Common Files\AOL
2009-09-19 21:53 . 2006-03-01 07:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-09-19 20:58 . 2006-03-01 08:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2009-09-19 20:58 . 2006-03-01 08:03 -------- d-----w- c:\program files\McAfee.com
2009-09-19 18:58 . 2009-09-19 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
.

((((((((((((((((((((((((((((( SnapShot@2009-11-04_18.47.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-05 23:15 . 2009-11-05 23:15 16384 c:\windows\Temp\Perflib_Perfdata_6bc.dat
+ 2004-08-11 23:00 . 2009-11-05 23:20 72460 c:\windows\system32\perfc009.dat
+ 2009-09-19 15:12 . 2009-11-05 18:55 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-09-19 15:12 . 2009-11-04 18:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-11-04 22:44 . 2009-11-05 18:55 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-09-19 15:12 . 2009-11-04 18:23 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-11 23:00 . 2009-11-05 23:20 445062 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2005-05-15 332800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="1 (0x1)" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-19 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-19 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-11-12 1347584]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"VirtualDrive"="c:\program files\FarStone\VirtualDrive\VDTask.exe" [2003-03-29 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"NMSVC"="c:\program files\CE\nmSvc.exe" [2009-09-11 1312256]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-01-07 1496968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-01 98304]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-11-17 397312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-9-24 113664]
AutoCAD LT Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{D468BCE5-D18E-49A4-8EA7-34BD583659D5}"= "c:\progra~1\SpyZooka\spyguard.dll" [2005-05-08 173568]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

R1 cdawdm;CDAWDM;c:\windows\system32\drivers\cdawdm.sys [2/25/2003 10:38 AM 56261]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/19/2009 11:58 AM 210216]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 4:17 AM 1179232]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c83ff03-a56e-11de-97a5-001422f27e7e}]
\Shell\AutoRun\command - E:\AUTORUN.EXE
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:27]

2009-09-19 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-19 19:22]

2009-10-25 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-19 19:22]

2009-10-12 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-01-07 19:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/eol_pre_falcon.asp?src=RegWiz&affid=105&langid=1&cid=54002
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
LSP: CESpy.dll
TCP: {1335FC7D-E008-46C9-A5EB-D1B52648791B} = 192.168.1.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-05 16:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\CESpy.dll

- - - - - - - > 'explorer.exe'(3752)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\bcmwltry.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\CE\nmFlt.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2009-11-05 16:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-05 23:23
ComboFix2.txt 2009-11-04 18:54

Pre-Run: 57,856,897,024 bytes free
Post-Run: 57,862,090,752 bytes free

- - End Of File - - 7E3BB64E2CDF20814094AEF3CF052839

**********************************************

MBAM Log

Malwarebytes' Anti-Malware 1.41
Database version: 3108
Windows 5.1.2600 Service Pack 3

11/5/2009 7:59:20 PM
mbam-log-2009-11-05 (19-59-20).txt

Scan type: Full Scan (C:\|)
Objects scanned: 200079
Time elapsed: 54 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


**********************************************


ESETScan Log

C:\Qoobox\Quarantine\C\jyacth.exe.vir a variant of Win32/Kryptik.AYI trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.OF virus deleted - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP92\A0028884.exe a variant of Win32/Kryptik.AYI trojan cleaned by deleting - quarantined


**********************************************

OTL.text

OTL logfile created on: 11/6/2009 8:03:34 AM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\David Stevenson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.68% Memory free
3.84 Gb Paging File | 3.28 Gb Available in Paging File | 85.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.77 Gb Total Space | 53.80 Gb Free Space | 61.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 585.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 28.87 Gb Total Space | 8.28 Gb Free Space | 28.69% Space Free | Partition Type: NTFS

Computer Name: DAVIDSLAPTOP
Current User Name: David Stevenson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/06 08:01:58 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Stevenson\Desktop\OTL.exe
PRC - [2009/09/29 15:22:15 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/19 16:13:27 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/09/17 14:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/09/16 10:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/15 10:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/11 16:33:06 | 00,269,520 | ---- | M] () -- C:\Program Files\CE\nmFlt.exe
PRC - [2009/09/11 16:32:34 | 01,312,256 | ---- | M] () -- C:\Program Files\CE\nmSvc.exe
PRC - [2009/08/26 22:18:44 | 00,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/27 17:19:10 | 00,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 14:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/02/06 03:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/01/07 12:23:52 | 01,496,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2009/01/07 12:23:50 | 00,440,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
PRC - [2008/04/13 17:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 22:46:20 | 00,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2005/12/06 09:45:26 | 00,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
PRC - [2005/11/29 03:56:30 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/11/19 02:42:26 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/11/19 02:38:28 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/11/19 02:38:20 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2005/11/16 20:35:16 | 00,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/11/12 01:41:48 | 01,347,584 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2005/11/12 01:41:46 | 01,200,128 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2005/05/15 01:04:12 | 00,332,800 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2005/05/11 23:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2004/12/06 00:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2004/09/15 11:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2004/07/27 15:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/06/09 14:27:34 | 00,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe
PRC - [2003/10/31 19:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/03/29 08:53:44 | 00,090,112 | ---- | M] (FarStone Technology Inc.) -- C:\Program Files\FarStone\VirtualDrive\vdtask.exe


========== Modules (SafeList) ==========

MOD - [2009/11/06 08:01:58 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Stevenson\Desktop\OTL.exe
MOD - [2009/02/11 11:06:38 | 00,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/04/13 17:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 17:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll
MOD - [2008/04/13 17:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/28 16:27:34 | 01,179,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/29 15:22:15 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/20 11:11:58 | 00,077,944 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/09/19 16:13:27 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/16 11:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/09/15 10:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 14:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2005/12/06 09:45:26 | 00,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/11/12 01:41:48 | 00,018,944 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/09/15 11:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - File not found -- -- (catchme)
DRV - [2009/09/24 07:02:58 | 00,016,694 | ---- | M] (PalmSource, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2009/09/16 10:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/05/09 01:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/04/13 11:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 09:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/03/08 16:18:00 | 00,008,320 | ---- | M] (GARMIN Corp.) -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb)
DRV - [2006/03/01 00:57:49 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/12/01 06:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 06:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 06:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/29 03:36:56 | 00,191,936 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/11/19 03:06:42 | 01,364,030 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/11/16 20:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/02 18:24:34 | 00,424,320 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/10/05 03:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/08/12 15:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 15:32:16 | 00,045,312 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/14 22:58:14 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 21:28:38 | 00,307,968 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 23:00:30 | 00,051,328 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/03/07 21:43:27 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005/03/07 21:43:26 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/03/07 21:43:25 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/26 01:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/12/06 00:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 00:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 00:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 00:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 00:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 00:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 00:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 00:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 00:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 02:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 01:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 10:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 10:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/06/03 01:50:07 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32)
DRV - [2004/02/13 15:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/02/25 10:38:16 | 00,056,261 | ---- | M] (Far Stone Inc.) -- C:\WINDOWS\system32\drivers\cdawdm.sys -- (cdawdm)
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/09/20 12:18:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/22 06:48:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/02 09:30:08 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NMSVC] C:\Program Files\CE\nmSvc.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [ShowLOMControl] Reg Error: Invalid data type. File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [VirtualDrive] C:\Program Files\FarStone\VirtualDrive\VDTask.exe (FarStone Technology Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nmNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {D468BCE5-D18E-49A4-8EA7-34BD583659D5} - C:\Program Files\SpyZooka\spyguard.dll (BluePenguin Software Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/11/10 11:30:28 | 00,000,038 | R--- | M] () - E:\AutoRun.dat -- [ CDFS ]
O32 - AutoRun File - [1998/12/14 14:31:14 | 00,000,051 | R--- | M] () - E:\AutoRun.inf -- [ CDFS ]
O32 - AutoRun File - [1999/01/27 14:46:14 | 00,118,784 | R--- | M] () - E:\autorun.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/06 08:01:54 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David Stevenson\Desktop\OTL.exe
[2009/11/05 20:27:54 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/11/05 16:38:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Stevenson\Application Data\Malwarebytes
[2009/11/05 16:38:39 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/05 16:38:37 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/05 16:38:37 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/05 16:38:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/05 16:36:39 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\David Stevenson\Desktop\mbam-setup.exe
[2009/11/05 16:07:11 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/11/05 08:21:42 | 00,000,000 | -H-D | C] -- C:\Program Files\ASI_temp
[2009/11/04 11:46:23 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/11/04 11:46:23 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2009/11/04 11:31:23 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/04 11:26:53 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/04 11:26:53 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/04 11:26:53 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/04 11:26:53 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/04 11:23:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/04 11:23:25 | 00,000,000 | ---D | C] -- C:\thcbytes
[2009/11/04 10:37:14 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/28 19:03:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Stevenson\Application Data\Spyzooka
[2009/10/28 16:56:23 | 00,000,000 | ---D | C] -- C:\Program Files\SpyZooka
[2009/10/28 16:28:45 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/10/23 21:00:25 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/23 21:00:04 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/10/23 21:00:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/10/23 20:57:12 | 77,086,488 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\David Stevenson\Desktop\Ad-AwareInstallation.exe
[2009/10/23 20:42:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/10/23 16:44:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Stevenson\Local Settings\Application Data\Threat Expert
[2009/10/23 16:30:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/23 14:08:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/10/23 14:08:15 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/10/19 15:10:09 | 00,000,000 | ---D | C] -- C:\Program Files\VideoReDoPlus
[2009/10/15 15:40:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Stevenson\Local Settings\Application Data\WinZip
[2009/10/15 15:39:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/10/15 15:39:36 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2009/10/15 08:28:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Stevenson\Desktop\For Darryn
[2009/10/12 09:04:45 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2009/10/08 17:08:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Stevenson\Application Data\InstallShield
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/06 08:01:58 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Stevenson\Desktop\OTL.exe
[2009/11/06 06:55:39 | 00,023,219 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/05 16:38:43 | 08,126,464 | ---- | M] () -- C:\Documents and Settings\David Stevenson\ntuser.dat
[2009/11/05 16:38:41 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/05 16:36:39 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\David Stevenson\Desktop\mbam-setup.exe
[2009/11/05 16:20:53 | 00,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/05 16:20:53 | 00,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/05 16:20:52 | 00,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/05 16:16:34 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/05 16:16:18 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/05 16:15:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/05 16:15:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/05 16:15:44 | 21,374,56640 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/05 16:14:30 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\David Stevenson\ntuser.ini
[2009/11/05 16:06:36 | 03,564,988 | R--- | M] () -- C:\Documents and Settings\David Stevenson\Desktop\ComboFix.exe
[2009/11/05 14:34:18 | 00,008,636 | ---- | M] () -- C:\Documents and Settings\David Stevenson\Application Data\wklnhst.dat
[2009/11/05 12:59:36 | 01,921,024 | ---- | M] () -- C:\Documents and Settings\David Stevenson\Local Settings\Application Data\filesync.metadata
[2009/11/05 12:58:35 | 00,002,369 | ---- | M] () -- C:\Documents and Settings\David Stevenson\Desktop\SyncToy 2.0.lnk
[2009/11/04 20:30:36 | 00,267,264 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/04 15:47:57 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\David Stevenson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/04 11:31:35 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/11/04 10:25:15 | 00,262,656 | ---- | M] () -- C:\Documents and Settings\David Stevenson\Desktop\rkill.pif
[2009/11/02 07:27:43 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/01 14:46:33 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/29 07:52:15 | 00,017,404 | ---- | M] () -- C:\Documents and Settings\David Stevenson\Desktop\Cavendish.pdf
[2009/10/28 16:28:40 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/10/28 16:28:35 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/10/27 13:59:16 | 00,022,792 | ---- | M] () -- C:\Documents and Settings\David Stevenson\Desktop\BF Top Track New.JPG
[2009/10/26 15:19:03 | 00,000,285 | ---- | M] () -- C:\Documents and Settings\David Stevenson\Desktop\Local Disk (H).lnk
[2009/10/26 15:18:51 | 00,000,292 | ---- | M] () -- C:\Documents and Settings\David Stevenson\Desktop\Public on 'Vista' (Z).lnk
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/24 23:11:00 | 00,000,342 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/10/23 21:28:34 | 00,334,846 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091023-194525.backup
[2009/10/23 21:00:24 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/23 20:57:12 | 77,086,488 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\David Stevenson\Desktop\Ad-AwareInstallation.exe
[2009/10/23 14:33:33 | 00,000,211 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/10/20 21:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/20 21:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/19 15:10:17 | 00,001,538 | ---- | M] () -- C:\Documents and Settings\David Stevenson\Desktop\VideoReDo Plus.lnk
[2009/10/16 07:41:38 | 08,990,925 | ---- | M] () -- C:\Documents and Settings\David Stevenson\Desktop\Anti_Christ.wmv
[2009/10/14 07:54:33 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/12 12:58:52 | 00,324,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/12 12:39:02 | 00,000,320 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job
[2009/10/12 09:15:52 | 00,099,408 | ---- | M] () -- C:\Documents and Settings\David Stevenson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/12 06:35:02 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\David Stevenson\Desktop\Dear Editor.doc
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/05 16:38:41 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/04 11:31:34 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/11/04 11:31:28 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/04 11:26:53 | 00,267,264 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/04 11:26:53 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/04 11:26:53 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/04 11:26:53 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/04 11:26:53 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/04 10:28:04 | 03,564,988 | R--- | C] () -- C:\Documents and Settings\David Stevenson\Desktop\ComboFix.exe
[2009/11/04 10:25:13 | 00,262,656 | ---- | C] () -- C:\Documents and Settings\David Stevenson\Desktop\rkill.pif
[2009/10/29 07:52:15 | 00,017,404 | ---- | C] () -- C:\Documents and Settings\David Stevenson\Desktop\Cavendish.pdf
[2009/10/27 13:59:15 | 00,022,792 | ---- | C] () -- C:\Documents and Settings\David Stevenson\Desktop\BF Top Track New.JPG
[2009/10/26 15:19:03 | 00,000,285 | ---- | C] () -- C:\Documents and Settings\David Stevenson\Desktop\Local Disk (H).lnk
[2009/10/26 15:18:51 | 00,000,292 | ---- | C] () -- C:\Documents and Settings\David Stevenson\Desktop\Public on 'Vista' (Z).lnk
[2009/10/24 07:57:54 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/10/23 21:03:24 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/23 21:00:24 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/19 15:10:17 | 00,001,538 | ---- | C] () -- C:\Documents and Settings\David Stevenson\Desktop\VideoReDo Plus.lnk
[2009/10/16 07:41:38 | 08,990,925 | ---- | C] () -- C:\Documents and Settings\David Stevenson\Desktop\Anti_Christ.wmv
[2009/10/12 06:35:01 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\David Stevenson\Desktop\Dear Editor.doc
[2009/09/22 13:21:44 | 01,921,024 | ---- | C] () -- C:\Documents and Settings\David Stevenson\Local Settings\Application Data\filesync.metadata
[2009/09/20 21:42:59 | 00,000,138 | ---- | C] () -- C:\Documents and Settings\David Stevenson\Local Settings\Application Data\fusioncache.dat
[2009/09/20 15:35:55 | 00,214,224 | ---- | C] () -- C:\WINDOWS\System32\nmNsp.dll
[2009/09/20 15:35:55 | 00,164,048 | ---- | C] () -- C:\WINDOWS\System32\CESpy.dll
[2009/09/20 12:38:47 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/09/20 12:28:23 | 00,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/09/19 21:33:59 | 00,000,070 | ---- | C] () -- C:\WINDOWS\dmcFindX.INI
[2009/09/19 21:33:59 | 00,000,041 | ---- | C] () -- C:\WINDOWS\loc2.INI
[2009/09/19 21:33:59 | 00,000,041 | ---- | C] () -- C:\WINDOWS\dmcPrefX.INI
[2009/09/19 21:33:15 | 00,000,040 | ---- | C] () -- C:\WINDOWS\topo2.ini
[2009/09/19 16:48:26 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\David Stevenson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/19 16:31:07 | 00,005,501 | ---- | C] () -- C:\WINDOWS\System32\rtclcmg32.dll
[2009/09/19 16:00:57 | 00,099,408 | ---- | C] () -- C:\Documents and Settings\David Stevenson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/19 15:19:18 | 00,008,636 | ---- | C] () -- C:\Documents and Settings\David Stevenson\Application Data\wklnhst.dat
[2009/09/19 14:52:41 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/09/19 09:58:13 | 06,612,854 | -H-- | C] () -- C:\Documents and Settings\David Stevenson\Local Settings\Application Data\IconCache.db
[2009/09/19 09:58:13 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\David Stevenson\Application Data\desktop.ini
[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/03/01 01:08:46 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/01 01:02:24 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/01 00:59:55 | 00,000,211 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/01 00:52:59 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/03/01 00:27:08 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/03/01 00:26:54 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/03/01 00:26:50 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/03/01 00:26:44 | 00,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 07:08:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 16:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 16:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 16:07:11 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/11 16:00:37 | 00,000,628 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 16:00:35 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/21 10:11:42 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\FsLoadLibrary.dll
[2002/06/20 17:35:50 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\Chkmes.dll
[2002/01/19 18:00:00 | 00,006,356 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartCd.sys
[2001/07/06 15:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/09/20 11:07:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/09/20 13:40:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/09/19 21:19:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2009/09/24 07:09:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/10/25 14:09:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/03/01 00:58:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/15 15:40:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/10/23 21:00:26 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/09/20 16:53:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David Stevenson\Application Data\Autodesk
[2009/11/05 20:09:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David Stevenson\Application Data\CE
[2009/09/19 16:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David Stevenson\Application Data\FarStone
[2009/10/22 10:57:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David Stevenson\Application Data\GARMIN
[2009/09/24 07:03:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David Stevenson\Application Data\HotSync
[2009/09/22 15:54:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David Stevenson\Application Data\Image Zone Express
[2009/09/20 21:34:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David Stevenson\Application Data\Leadertech
[2009/10/28 19:03:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David Stevenson\Application Data\Spyzooka
[2009/11/02 07:27:43 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2004/08/04 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/19 11:54:29 | 00,000,360 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/10/24 23:11:00 | 00,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/11/05 16:15:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >


**********************************************


OTL Extras Log


OTL Extras logfile created on: 11/6/2009 8:03:34 AM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\David Stevenson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.68% Memory free
3.84 Gb Paging File | 3.28 Gb Available in Paging File | 85.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.77 Gb Total Space | 53.80 Gb Free Space | 61.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 585.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 28.87 Gb Total Space | 8.28 Gb Free Space | 28.69% Space Free | Partition Type: NTFS

Computer Name: DAVIDSLAPTOP
Current User Name: David Stevenson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{06040048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta Encyclopedia Standard 2006
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{32EF6F81-583E-4127-918D-D3768A8957C4}" = Palm
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DB2148F-0879-4A05-BF75-54E8F0FAE16F}" = EagleVision
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5783F2D7-4009-0409-0002-0060B0CE6BBA}" = AutoCAD LT 2006 - English
"{5AC5ED2E-2936-4B54-A429-703F9034938E}" = Covenant Eyes
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor
"{64658686-0CD4-4CF6-983D-0A6BE32007DB}" = Business Complete Care Services Agreement
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FE4AA77-DF4C-48E9-A3E8-494926D163A4}" = SpyZooka
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8E49C988-C8F1-4197-AA6B-94E49751F5D7}" = Microsoft IntelliType Pro 6.3
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AD4203ED-7683-435E-B436-C299773A9936}" = MapSource - US Topo v3.02
"{AFDFC350-C142-4790-BE12-8357AECD028F}" = SyncToy 2.0 (x86)
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C0333997-7B38-416D-B69B-206CC24A9F7C}" = KIP Request 6
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D5BB0907-4BB0-46A3-AA68-0173D111058D}" = VirtualDrive
"{D676C71A-4CDB-459F-9E70-FED438851C95}" = FineCrypt
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Google
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EA6EB7D0-C920-4434-B43D-0DDD0AF8F497}" = Garmin MapSource
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.0 Standard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Autodesk Symbols 2000" = Autodesk Symbols 2000
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"ESET Online Scanner" = ESET Online Scanner v3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"McAfee Uninstall Utility" = McAfee Uninstaller
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItPrem_v11" = Microsoft Digital Image Standard 2006
"QuickTime" = QuickTime
"QuickVerse Library" = QuickVerse Library
"RealPlayer 6.0" = RealPlayer Basic
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Topo USA 2.0" = Topo USA 2.0
"VideoReDo-Plus_is1" = VideoReDo/Plus Version 2-2-1-445
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"Xilisoft Video Converter" = Xilisoft Video Converter 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366
"InstallShield_{3DB2148F-0879-4A05-BF75-54E8F0FAE16F}" = EagleVision

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/25/2009 7:50:28 PM | Computer Name = DAVIDSLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/25/2009 7:50:28 PM | Computer Name = DAVIDSLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/25/2009 7:50:30 PM | Computer Name = DAVIDSLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/25/2009 7:50:30 PM | Computer Name = DAVIDSLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/25/2009 8:53:18 PM | Computer Name = DAVIDSLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/25/2009 8:53:18 PM | Computer Name = DAVIDSLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 11/1/2009 9:02:43 PM | Computer Name = DAVIDSLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16915, faulting
module nmsvc.dll, version 0.0.0.0, fault address 0x0000de03.

Error - 11/2/2009 1:09:12 PM | Computer Name = DAVIDSLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x06044028.

Error - 11/2/2009 8:00:21 PM | Computer Name = DAVIDSLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16915, faulting
module msvcr80.dll, version 8.0.50727.3053, fault address 0x00008aa0.

Error - 11/3/2009 4:13:46 PM | Computer Name = DAVIDSLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application mcuicnt.exe, version 2.11.103.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/6/2009 9:35:47 AM | Computer Name = DAVIDSLAPTOP | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Crypto Systems\FineCrypt\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 11/6/2009 9:35:47 AM | Computer Name = DAVIDSLAPTOP | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 11/6/2009 9:35:47 AM | Computer Name = DAVIDSLAPTOP | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 11/6/2009 9:35:47 AM | Computer Name = DAVIDSLAPTOP | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Crypto Systems\FineCrypt\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 11/6/2009 9:35:47 AM | Computer Name = DAVIDSLAPTOP | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 11/6/2009 9:35:47 AM | Computer Name = DAVIDSLAPTOP | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 11/6/2009 9:35:47 AM | Computer Name = DAVIDSLAPTOP | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 11/6/2009 9:35:47 AM | Computer Name = DAVIDSLAPTOP | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 11/6/2009 9:35:47 AM | Computer Name = DAVIDSLAPTOP | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 11/6/2009 9:35:47 AM | Computer Name = DAVIDSLAPTOP | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
Reference
error message: The operation completed successfully. .


< End of report >



***********************************************

My computer seems to be more stable, I'm not seeing the flashing or blinking of the screen. To be honest, I haven't tried to do too much pending further direction from you. I did notice that System Hibernate is once again functioning; don't know about Booting in Safe Mode; I haven't tried that.

Thank you

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 AM

Posted 06 November 2009 - 04:15 PM

Hello,

Congratulations! You now appear clean!

You better boot up into safe mode and make sure it doesn't need repair.

Otherwise............


Please pay particularly close attention to the instructions that follow. To neglect these steps risk needless reinfection!!

**********

Are things running okay? Do you have any more questions?

**********

Uninstall Combofix
  • Press the Windows Key + R on your keyboard.
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    <Notice the space between the "x" and "/".>

    Posted Image

  • The following will implement some very important cleanup procedures as well as reset System Restore points.
**********

Run OTL again

We will now remove the tools we used during this fix using OTL.
  • Double click the OTL icon to start the program.
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
**********

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install an Anti-Spyware program, and update it regularly
    Malwarebytes' Anti-Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Prevention article : To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    Windows XP
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
**********

System Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

**********

Good luck & safe surfing,
Regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 thumper58

thumper58
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 07 November 2009 - 09:42 PM

Thank you again thcbytes. Safe Mode is again working and as far as I can tell, everything is functioning normally.

I will follow your recommendations.

B Rgds,
thumper58

#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 AM

Posted 08 November 2009 - 08:44 AM

Your welcome.
My pleasure. :(

Since this topic appears to be resolved, I will now close it.
If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users