Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help - Malware / Virus problems


  • This topic is locked This topic is locked
12 replies to this topic

#1 aharmon1976

aharmon1976

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 23 November 2009 - 11:18 PM

Hello,

Recently my computer has been infected and is running very slow. I ran a Spybot S & D with the following issues found:

Fraud.WindowsProtectionSuite
Microsoft.Windows.RedirectedHosts
Win32.Delf.uv

When I try to quarantine them I get some error indicating denied access to host file and when I try to go to google I am redirected to google.nl?

I have read the preparation directions and tried to Run DDS multiple times but each time it completes it just disappears without displaying a log file.

I was able to successfully run a Root Repeal log which I have attached. Please help!!!

Attached Files

  • Attached File  ark.txt   9.84KB   1 downloads


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:57 PM

Posted 24 November 2009 - 08:26 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5
    %SYSTEMDRIVE%\nvatabus.sys /s /md5
    %SYSTEMDRIVE%\viamraid.sys /s /md5
    %SYSTEMDRIVE%\nvata.sys /s /md5
    CREATERESTOREPOINT



  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 aharmon1976

aharmon1976
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 24 November 2009 - 11:09 PM

Hi Sam. Appreciate your help. I have ran the two programs you requested and posted the logs below. Still running pretty slow and the Malwarebytes scan identified over 500 items. Hope we can get this resolved!

OTL logfile created on: 11/24/2009 7:30:07 PM - Run 1
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Documents and Settings\Tony Harmon\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 390.82 Mb Available Physical Memory | 38.24% Memory free
2.40 Gb Paging File | 1.93 Gb Available in Paging File | 80.50% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 77.53 Gb Free Space | 53.72% Space Free | Partition Type: NTFS
Drive D: | 41.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-67A24164E7
Current User Name: Tony Harmon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/24 19:29:08 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony Harmon\Desktop\OTL.exe
PRC - [2009/11/20 14:51:21 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2009/11/20 14:51:21 | 00,181,488 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
PRC - [2009/11/20 14:51:21 | 00,177,392 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
PRC - [2009/11/20 14:51:21 | 00,173,296 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
PRC - [2009/11/20 14:51:20 | 00,233,472 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
PRC - [2009/11/20 14:51:20 | 00,230,664 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
PRC - [2009/11/20 14:49:40 | 00,014,088 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/31 12:54:20 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/27 16:19:26 | 01,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/08 09:35:50 | 02,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/05/08 09:34:08 | 00,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/04/30 15:01:10 | 00,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/06/24 19:10:30 | 00,281,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/18 10:24:46 | 01,010,192 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
PRC - [2007/10/18 10:24:46 | 00,801,296 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
PRC - [2007/10/18 10:24:44 | 00,145,936 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
PRC - [2007/08/20 13:27:26 | 00,144,960 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
PRC - [2007/08/16 21:10:16 | 00,189,704 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
PRC - [2007/08/16 21:10:14 | 00,218,376 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
PRC - [2007/03/15 18:16:42 | 00,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2007/01/04 12:10:22 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
PRC - [2006/10/12 12:48:48 | 00,921,707 | R--- | M] (Dell Inc.) -- C:\Program Files\Dell Wireless\PRISMCFG.exe
PRC - [2006/10/12 09:45:58 | 00,061,529 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe
PRC - [2006/10/12 09:44:48 | 00,385,113 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe
PRC - [2006/06/19 01:40:15 | 00,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/04/10 06:24:28 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
PRC - [2006/02/09 20:51:48 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2004/05/28 23:08:52 | 00,520,192 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
PRC - [2004/05/28 22:31:38 | 00,241,664 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2004/05/12 15:18:56 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe


========== Modules (SafeList) ==========

MOD - [2009/11/24 19:29:08 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony Harmon\Desktop\OTL.exe
MOD - [2009/11/20 14:49:40 | 00,083,208 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOEHook.dll
MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/20 14:51:21 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2009/11/20 14:51:20 | 00,233,472 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/27 16:19:26 | 01,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/08/25 14:34:35 | 00,194,032 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/30 15:01:10 | 00,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/04/20 13:09:46 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9c1e33f58b588) Google Update Service (gupdate1c9c1e33f58b588)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/06/26 12:23:06 | 00,313,840 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2008/06/26 12:23:02 | 00,170,480 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2008/06/26 12:22:44 | 01,108,464 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2008/06/24 19:10:30 | 00,281,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/12/06 23:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/10/18 10:24:46 | 01,010,192 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)
SRV - [2007/10/18 10:24:46 | 00,801,296 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2007/10/18 10:24:44 | 00,145,936 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp)
SRV - [2007/08/20 13:27:26 | 00,144,960 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe)
SRV - [2007/08/16 21:10:16 | 00,189,704 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv)
SRV - [2007/01/04 12:10:22 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2006/10/12 09:45:58 | 00,061,529 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC)
SRV - [2006/06/19 01:40:15 | 00,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2006/04/10 06:24:28 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2006/02/09 21:05:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2006/02/09 20:51:48 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2005/08/05 22:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/03/18 16:55:48 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1771452636-1263053414-3206483462-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1771452636-1263053414-3206483462-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1771452636-1263053414-3206483462-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1771452636-1263053414-3206483462-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\S-1-5-21-1771452636-1263053414-3206483462-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1771452636-1263053414-3206483462-1006\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1771452636-1263053414-3206483462-1006\S-1-5-21-1771452636-1263053414-3206483462-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1771452636-1263053414-3206483462-1006\S-1-5-21-1771452636-1263053414-3206483462-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=374563"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}:4.0
FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.4
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {e2337727-f9c9-411b-929e-287584341d1a}:3.1.2
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.12
FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:0.9947
FF - prefs.js..extensions.enabledItems: search@searchsettings.com:1.2.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.29
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=374563&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 02:00:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/22 10:04:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/20 11:46:25 | 00,000,000 | ---D | M]

[2008/11/30 09:35:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Mozilla\Extensions
[2008/11/30 09:35:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/22 14:27:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Mozilla\Firefox\Profiles\4rccglus.default\extensions
[2009/07/09 17:38:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Mozilla\Firefox\Profiles\4rccglus.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/09/02 20:35:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Mozilla\Firefox\Profiles\4rccglus.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/09 17:38:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Mozilla\Firefox\Profiles\4rccglus.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2009/07/09 17:38:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Mozilla\Firefox\Profiles\4rccglus.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2008/11/30 09:41:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Mozilla\Firefox\Profiles\4rccglus.default\extensions\{e2337727-f9c9-411b-929e-287584341d1a}
[2009/11/20 15:49:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Mozilla\Firefox\Profiles\4rccglus.default\extensions\{e4878b45-e2c0-4307-b6e8-734922f92f5b}
[2009/07/09 17:38:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Mozilla\Firefox\Profiles\4rccglus.default\extensions\firefox@facebook.com
[2009/07/09 17:38:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Mozilla\Firefox\Profiles\4rccglus.default\extensions\isreaditlater@ideashower.com
[2009/07/09 17:38:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Mozilla\Firefox\Profiles\4rccglus.default\extensions\morningCoffee@shaneliesegang
[2009/11/22 14:27:30 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/28 08:52:36 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
[2009/10/31 12:54:22 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/23 13:05:39 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2009/07/28 08:52:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
[2009/10/31 12:54:20 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/31 12:54:20 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/10/31 12:54:21 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/11/20 11:46:24 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/11/20 11:46:25 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/11/20 11:46:25 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/11/20 11:46:25 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/11/20 11:46:25 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/11/20 11:46:25 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/11/20 11:46:25 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/03/30 16:13:54 | 00,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
[2009/03/03 09:51:42 | 00,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2009/07/25 10:15:52 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/07/25 10:15:53 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/07/25 10:15:53 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/07/25 10:15:53 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/07/25 10:15:53 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/07/25 10:15:53 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/01 10:18:26 | 00,000,808 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (336163 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11516 more lines...
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (eGames Toolbar) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\Program Files\egamestoolbar\egamestoolbar.dll ( )
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (eGames Toolbar) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\Program Files\egamestoolbar\egamestoolbar.dll ( )
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1771452636-1263053414-3206483462-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1771452636-1263053414-3206483462-1006\..\Toolbar\WebBrowser: (eGames Toolbar) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\Program Files\egamestoolbar\egamestoolbar.dll ( )
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe (CA, Inc.)
O4 - HKLM..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QOELOADER] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe (CA)
O4 - HKU\S-1-5-21-1771452636-1263053414-3206483462-1006..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
O4 - Startup: C:\Documents and Settings\Melissa Harmon\Start Menu\Programs\Startup\Logitech . Product Registration.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Tony Harmon\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Tony Harmon\Start Menu\Programs\Startup\YPOPs.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1771452636-1263053414-3206483462-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1771452636-1263053414-3206483462-1006\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O20 - Winlogon\Notify\PRISMAPI.DLL: DllName - PRISMAPI.DLL - C:\WINDOWS\System32\PRISMAPI.dll (Conexant Systems, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\brastk.exe: Debugger - svchost.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 04:41:16 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/11/22 14:21:01 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16892059130527744)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/24 19:29:04 | 00,529,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tony Harmon\Desktop\OTL.exe
[2009/11/24 18:45:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tony Harmon\Application Data\Malwarebytes
[2009/11/24 18:45:43 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/24 18:45:41 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/24 18:45:41 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/24 18:45:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/24 18:45:04 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tony Harmon\Desktop\mbam-setup.exe
[2009/11/23 23:06:29 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/11/23 22:48:03 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Tony Harmon\Desktop\RootRepeal.exe
[2009/11/20 18:39:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tony Harmon\Application Data\alot
[2009/11/20 14:51:22 | 00,739,696 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys
[2009/11/20 14:51:22 | 00,133,520 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys
[2009/11/20 14:49:49 | 00,099,592 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\isafeif.dll
[2009/11/20 14:49:49 | 00,079,424 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\vetredir.dll
[2009/11/20 14:49:49 | 00,075,016 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\isafprod.dll
[2009/11/20 14:49:49 | 00,032,264 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys
[2009/11/20 14:49:49 | 00,026,376 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys
[2009/11/20 14:49:49 | 00,021,512 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys
[2009/11/20 14:49:49 | 00,021,128 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys
[2009/11/20 14:49:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2009/11/20 14:49:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA
[2009/11/20 14:49:13 | 00,000,000 | ---D | C] -- C:\Program Files\CA
[2009/11/20 14:41:29 | 45,145,784 | ---- | C] (CA) -- C:\Documents and Settings\Tony Harmon\Desktop\iss_en_32.exe
[2009/11/20 12:49:32 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\2765f1e
[2009/11/20 11:48:11 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/11/20 11:48:01 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/11/20 11:48:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/11/10 23:08:24 | 00,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/11/10 23:08:24 | 00,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/24 19:41:03 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/24 19:29:08 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony Harmon\Desktop\OTL.exe
[2009/11/24 19:25:58 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/24 19:25:48 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/11/24 19:25:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/24 19:25:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/24 19:24:24 | 00,101,378 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2009/11/24 19:24:24 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2009/11/24 19:24:24 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2009/11/24 19:24:24 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2009/11/24 19:24:24 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2009/11/24 19:24:24 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2009/11/24 19:24:24 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2009/11/24 19:24:24 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2009/11/24 19:23:48 | 07,602,176 | -H-- | M] () -- C:\Documents and Settings\Tony Harmon\NTUSER.DAT
[2009/11/24 19:23:48 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Tony Harmon\ntuser.ini
[2009/11/24 18:45:47 | 00,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/24 18:45:19 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tony Harmon\Desktop\mbam-setup.exe
[2009/11/24 10:32:14 | 00,000,404 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A6EFFC9C-AE66-4E81-B94C-EB28AD301C70}.job
[2009/11/23 23:25:50 | 00,005,642 | ---- | M] () -- C:\Documents and Settings\Tony Harmon\Desktop\DDS02
[2009/11/23 23:25:50 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Tony Harmon\Desktop\DbPath
[2009/11/23 23:25:49 | 00,128,847 | ---- | M] () -- C:\Documents and Settings\Tony Harmon\Desktop\temp00
[2009/11/23 23:25:49 | 00,018,987 | ---- | M] () -- C:\Documents and Settings\Tony Harmon\Desktop\temp01
[2009/11/23 23:25:49 | 00,015,248 | ---- | M] () -- C:\Documents and Settings\Tony Harmon\Desktop\IFEO
[2009/11/23 23:25:48 | 00,001,121 | ---- | M] () -- C:\Documents and Settings\Tony Harmon\Desktop\active_setup.dat
[2009/11/23 23:25:00 | 00,002,845 | ---- | M] () -- C:\Documents and Settings\Tony Harmon\Desktop\FILES00
[2009/11/23 23:24:48 | 00,031,965 | ---- | M] () -- C:\Documents and Settings\Tony Harmon\Desktop\svclist.dat
[2009/11/23 23:24:42 | 00,000,041 | ---- | M] () -- C:\Documents and Settings\Tony Harmon\Desktop\XP.mac
[2009/11/23 23:06:31 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Tony Harmon\Desktop\dds.pif
[2009/11/23 22:48:03 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Tony Harmon\Desktop\RootRepeal.exe
[2009/11/23 22:38:31 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Tony Harmon\Desktop\dds(2).scr
[2009/11/23 22:33:36 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Tony Harmon\Desktop\dds.scr
[2009/11/23 12:46:11 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/22 09:12:56 | 00,041,848 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/22 09:12:01 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/11/21 19:35:07 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/20 15:56:51 | 00,000,526 | ---- | M] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Tony Harmon at 2 49 PM.job
[2009/11/20 14:59:57 | 00,739,696 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys
[2009/11/20 14:59:57 | 00,133,520 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys
[2009/11/20 14:57:54 | 00,336,163 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\host_new
[2009/11/20 14:42:27 | 45,145,784 | ---- | M] (CA) -- C:\Documents and Settings\Tony Harmon\Desktop\iss_en_32.exe
[2009/11/20 12:50:51 | 00,336,163 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091123-221932.backup
[2009/11/20 12:50:51 | 00,336,163 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091123-221952.backup
[2009/11/20 12:50:51 | 00,336,163 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091123-221951.backup
[2009/11/20 12:50:51 | 00,336,163 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091123-221950.backup
[2009/11/20 12:50:51 | 00,336,163 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091123-221949.backup
[2009/11/20 12:50:51 | 00,336,163 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091123-221946.backup
[2009/11/20 12:50:51 | 00,336,163 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091123-221944.backup
[2009/11/20 12:50:51 | 00,336,163 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091123-221943.backup
[2009/11/20 12:50:51 | 00,336,163 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091123-221941.backup
[2009/11/20 12:50:51 | 00,336,163 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/20 11:49:04 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/20 11:46:10 | 00,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/11/18 19:51:46 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/11/18 19:51:42 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/11/18 19:51:17 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/11/16 19:42:08 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/11/12 03:19:14 | 00,223,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/10 23:08:24 | 00,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/11/10 23:08:24 | 00,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/24 18:45:47 | 00,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/23 23:25:50 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Tony Harmon\Desktop\DbPath
[2009/11/23 23:25:49 | 00,015,248 | ---- | C] () -- C:\Documents and Settings\Tony Harmon\Desktop\IFEO
[2009/11/23 23:25:48 | 00,001,121 | ---- | C] () -- C:\Documents and Settings\Tony Harmon\Desktop\active_setup.dat
[2009/11/23 23:25:31 | 00,018,987 | ---- | C] () -- C:\Documents and Settings\Tony Harmon\Desktop\temp01
[2009/11/23 23:25:01 | 00,005,642 | ---- | C] () -- C:\Documents and Settings\Tony Harmon\Desktop\DDS02
[2009/11/23 23:24:48 | 00,002,845 | ---- | C] () -- C:\Documents and Settings\Tony Harmon\Desktop\FILES00
[2009/11/23 23:24:46 | 00,031,965 | ---- | C] () -- C:\Documents and Settings\Tony Harmon\Desktop\svclist.dat
[2009/11/23 23:24:42 | 00,128,847 | ---- | C] () -- C:\Documents and Settings\Tony Harmon\Desktop\temp00
[2009/11/23 23:24:41 | 00,000,041 | ---- | C] () -- C:\Documents and Settings\Tony Harmon\Desktop\XP.mac
[2009/11/23 23:06:31 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Tony Harmon\Desktop\dds.pif
[2009/11/23 22:38:31 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Tony Harmon\Desktop\dds(2).scr
[2009/11/23 22:33:33 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Tony Harmon\Desktop\dds.scr
[2009/11/22 09:12:56 | 00,041,848 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/20 15:57:44 | 00,101,378 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2009/11/20 15:57:44 | 00,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2009/11/20 15:57:44 | 00,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2009/11/20 15:57:44 | 00,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2009/11/20 15:57:44 | 00,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2009/11/20 15:57:44 | 00,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2009/11/20 15:57:44 | 00,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2009/11/20 15:57:44 | 00,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2009/11/20 14:49:35 | 00,000,526 | ---- | C] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Tony Harmon at 2 49 PM.job
[2009/11/20 11:49:04 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/20 11:46:10 | 00,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/09/06 09:47:52 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{0A0D52EF-D7FE-495E-AFD0-BC34E832A6A5}_WiseFW.ini
[2009/07/23 09:09:21 | 00,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/05/08 09:13:04 | 00,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 15:00:12 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/02/20 15:36:34 | 00,053,368 | ---- | C] () -- C:\Documents and Settings\Tony Harmon\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/07 18:19:23 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/07 18:19:23 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/11/25 09:35:13 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Tony Harmon\Local Settings\Application Data\fusioncache.dat
[2008/11/24 16:24:10 | 00,002,323 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/11/22 22:38:38 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\Tony Harmon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/22 21:52:35 | 00,000,088 | ---- | C] () -- C:\Documents and Settings\Tony Harmon\Local Settings\Application Data\FASTWiz.log
[2008/11/22 21:16:50 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/22 14:49:27 | 05,883,520 | -H-- | C] () -- C:\Documents and Settings\Tony Harmon\Local Settings\Application Data\IconCache.db
[2008/11/22 14:49:27 | 00,013,104 | ---- | C] () -- C:\Documents and Settings\Tony Harmon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/11/22 14:49:27 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Tony Harmon\Application Data\desktop.ini
[2008/11/22 14:27:50 | 00,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2008/11/22 14:21:33 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[2008/11/22 14:18:04 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2008/11/22 14:17:45 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2008/11/22 14:17:45 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2008/11/22 14:17:37 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2008/11/22 14:17:05 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2008/11/22 14:16:58 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2008/11/22 14:16:51 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2008/11/22 14:16:47 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2008/11/22 14:16:47 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2008/11/22 14:16:47 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2008/11/22 14:16:46 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2008/11/22 14:16:46 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2008/11/22 14:16:32 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2008/11/22 14:16:29 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2008/11/22 14:16:29 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2008/11/22 14:16:28 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2008/11/22 14:15:58 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2008/11/22 14:15:58 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2008/11/22 14:15:58 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2008/11/22 14:15:58 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2008/11/22 14:15:58 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2008/11/22 14:15:55 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2008/11/22 14:15:55 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2008/11/22 14:15:55 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2008/11/22 14:15:55 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2008/11/22 14:15:55 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2008/11/22 14:15:44 | 00,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2008/11/22 14:15:02 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2008/11/22 14:14:55 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2008/11/22 14:14:55 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2008/11/22 14:14:54 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2008/11/22 14:14:54 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2008/11/22 14:14:54 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2008/11/22 14:14:49 | 00,010,110 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2008/11/22 14:14:20 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2008/11/22 14:12:30 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2008/11/22 14:12:30 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2008/11/22 14:12:23 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2008/11/22 14:11:58 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2008/11/22 14:11:33 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2008/11/22 14:11:28 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2008/11/22 14:09:35 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2008/11/22 14:08:58 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2008/11/22 14:08:42 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2008/11/22 14:07:30 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2008/11/22 14:07:29 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2007/05/13 19:58:44 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/21 04:48:15 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/17 04:41:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2006/06/17 04:37:02 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2006/06/17 04:37:02 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2006/06/17 04:24:58 | 00,000,376 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 04:24:57 | 00,000,445 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 04:23:30 | 00,000,628 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/06/17 04:23:29 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/06/17 04:23:24 | 00,291,840 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2006/06/17 04:23:22 | 01,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2006/06/17 04:23:22 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2006/06/17 04:23:16 | 00,456,192 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2006/06/16 21:31:46 | 00,521,766 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2006/06/16 21:31:45 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/16 21:31:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/08/05 23:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/26 13:56:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\hpzjrd01.dll

========== LOP Check ==========

[2006/06/16 21:31:24 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2008/11/22 15:13:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gtek
[2008/11/22 14:06:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2008/11/22 14:06:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2009/11/20 12:49:58 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\2765f1e
[2009/03/24 19:34:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/03/09 10:09:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2009/07/25 12:13:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/11/23 14:41:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/11/20 14:57:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2006/06/16 21:31:24 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/03/08 10:46:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/08/25 14:34:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2008/11/22 15:19:03 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2008/11/24 17:00:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2009/04/20 09:06:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2008/12/24 12:18:30 | 00,002,323 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/11/30 11:18:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2008/12/26 15:27:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2009/10/13 20:22:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2009/11/24 18:45:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/14 19:57:58 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/05/19 13:01:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/03/02 13:21:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2008/11/22 15:47:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2008/11/22 14:06:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism Deploy
[2009/04/20 13:10:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RealArcade
[2009/01/25 16:32:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2009/07/23 09:12:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2008/11/30 11:18:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2009/09/13 21:27:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/05/19 13:11:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/19 09:23:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2008/11/22 15:21:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/07/28 08:57:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/04/20 13:10:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/11/20 11:48:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/21 13:23:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/06/16 21:31:24 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Default User\Application Data\desktop.ini
[2008/11/22 15:13:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Gtek
[2008/11/22 14:06:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Identities
[2008/11/22 14:06:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft
[2009/01/25 16:32:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008/11/22 14:06:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/12/31 20:21:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/10/09 09:21:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\Adobe
[2009/10/28 12:25:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\alot
[2009/09/09 14:59:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\Apple Computer
[2009/07/28 08:57:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\Dealio
[2006/06/16 21:31:24 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Melissa Harmon\Application Data\desktop.ini
[2009/08/05 20:23:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\egamestoolbar
[2009/08/06 20:20:22 | 00,054,144 | ---- | M] () -- C:\Documents and Settings\Melissa Harmon\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/26 19:17:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\Google
[2008/11/22 22:17:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\Gtek
[2008/12/24 12:13:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\HP
[2008/11/22 14:06:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\Identities
[2009/05/12 09:36:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\iWin
[2009/10/13 20:25:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\Leadertech
[2009/10/09 09:21:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\Macromedia
[2009/10/13 20:18:48 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\Microsoft
[2008/12/23 00:12:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\Mozilla
[2009/01/02 21:44:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\MyPublisher
[2009/04/28 13:04:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\PlayFirst
[2009/07/28 08:57:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\Search Settings
[2009/09/04 09:57:10 | 00,000,180 | ---- | M] () -- C:\Documents and Settings\Melissa Harmon\Application Data\setup.log
[2009/09/04 09:56:51 | 00,000,760 | ---- | M] () -- C:\Documents and Settings\Melissa Harmon\Application Data\setup_ldm.iss
[2009/04/14 13:01:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\Skunk Studios
[2009/11/24 19:11:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\Skype
[2009/11/23 16:09:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\skypePM
[2009/04/13 20:57:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\Snapfish
[2009/01/05 20:24:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\Sun
[2009/03/11 20:01:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\vlc
[2009/05/26 17:55:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\W Photo Studio Viewer
[2009/07/28 08:57:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Harmon\Application Data\Yahoo!
[2008/11/22 14:06:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/19 11:40:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Adobe
[2009/11/20 18:39:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\alot
[2009/11/22 09:17:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Apple Computer
[2009/07/28 21:17:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Dealio
[2006/06/16 21:31:24 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Tony Harmon\Application Data\desktop.ini
[2009/11/20 18:40:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\EGAMESTOOLBAR
[2009/02/20 15:36:34 | 00,053,368 | ---- | M] () -- C:\Documents and Settings\Tony Harmon\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/13 16:26:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Google
[2008/11/22 15:13:27 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\GTek
[2008/11/22 14:06:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Identities
[2008/11/22 14:27:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\InstallShield
[2008/11/23 12:37:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Macromedia
[2009/11/24 18:45:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Malwarebytes
[2009/02/28 00:02:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Microsoft
[2008/11/30 09:35:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Mozilla
[2009/11/23 21:03:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\OpenOffice.org2
[2009/09/15 22:21:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Passware
[2009/01/25 16:30:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Research In Motion
[2008/12/31 20:22:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Roxio
[2009/07/28 21:17:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Search Settings
[2008/12/23 13:06:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Sun
[2009/07/18 11:14:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\uniblue
[2009/02/28 00:18:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\vlc
[2009/07/28 21:17:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tony Harmon\Application Data\Yahoo!
[2009/11/21 19:35:07 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/11/20 15:56:51 | 00,000,526 | ---- | M] () -- C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Tony Harmon at 2 49 PM.job
[2004/08/10 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/24 19:25:48 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/11/24 19:25:58 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/11/24 19:41:03 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/11/24 19:25:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/11/24 10:32:14 | 00,000,404 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A6EFFC9C-AE66-4E81-B94C-EB28AD301C70}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/10 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\My Backup -- 08-11-22 1146AM\i386\eventlog.dll
[1 C:\My Backup -- 08-11-22 1146AM\i386\*.tmp files -> C:\My Backup -- 08-11-22 1146AM\i386\*.tmp -> ]
[2004/08/10 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\My Backup -- 08-11-22 1146AM\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\My Backup -- 08-11-22 1146AM\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\My Backup -- 08-11-22 1146AM\WINDOWS\system32\eventlog.dll
[1 C:\My Backup -- 08-11-22 1146AM\WINDOWS\system32\*.tmp files -> C:\My Backup -- 08-11-22 1146AM\WINDOWS\system32\*.tmp -> ]
[2004/08/10 14:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/10 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\My Backup -- 08-11-22 1146AM\i386\scecli.dll
[1 C:\My Backup -- 08-11-22 1146AM\i386\*.tmp files -> C:\My Backup -- 08-11-22 1146AM\i386\*.tmp -> ]
[2004/08/10 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\My Backup -- 08-11-22 1146AM\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\My Backup -- 08-11-22 1146AM\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\My Backup -- 08-11-22 1146AM\WINDOWS\system32\scecli.dll
[1 C:\My Backup -- 08-11-22 1146AM\WINDOWS\system32\*.tmp files -> C:\My Backup -- 08-11-22 1146AM\WINDOWS\system32\*.tmp -> ]
[2004/08/10 14:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/10 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\My Backup -- 08-11-22 1146AM\i386\netlogon.dll
[1 C:\My Backup -- 08-11-22 1146AM\i386\*.tmp files -> C:\My Backup -- 08-11-22 1146AM\i386\*.tmp -> ]
[2004/08/10 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\My Backup -- 08-11-22 1146AM\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\My Backup -- 08-11-22 1146AM\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\My Backup -- 08-11-22 1146AM\WINDOWS\system32\netlogon.dll
[1 C:\My Backup -- 08-11-22 1146AM\WINDOWS\system32\*.tmp files -> C:\My Backup -- 08-11-22 1146AM\WINDOWS\system32\*.tmp -> ]
[2004/08/10 14:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2006/07/06 08:59:42 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\WINDOWS\I386\DRV\SCS\iastor.sys
[2006/07/06 08:59:42 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\WINDOWS\system32\drivers\iastor.sys

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\My Backup -- 08-11-22 1146AM\i386\atapi.sys
[1 C:\My Backup -- 08-11-22 1146AM\i386\*.tmp files -> C:\My Backup -- 08-11-22 1146AM\i386\*.tmp -> ]
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\My Backup -- 08-11-22 1146AM\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\My Backup -- 08-11-22 1146AM\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\My Backup -- 08-11-22 1146AM\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\My Backup -- 08-11-22 1146AM\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\My Backup -- 08-11-22 1146AM\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/10 14:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/04 00:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\My Backup -- 08-11-22 1146AM\i386\AGP440.SYS
[1 C:\My Backup -- 08-11-22 1146AM\i386\*.tmp files -> C:\My Backup -- 08-11-22 1146AM\i386\*.tmp -> ]
[2004/08/04 00:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\My Backup -- 08-11-22 1146AM\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\My Backup -- 08-11-22 1146AM\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\My Backup -- 08-11-22 1146AM\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 18:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA05E0C4
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\xmas gift.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\WirelessSettings.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\What%20We%20Have%20Learned.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\warrant031606.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Walkthrough the Underwriting process.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Voluntary Self-ID Sheet.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\US Effective Tax Rates.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\U of M Salaries.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Tony Harmon Resume.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Tony Harmon Resume.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Tony Harmon Resume.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Tony Harmon Resume - GM.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Tony Harmon Resume - 3-2-08.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Tony Harmon Offer Letter - 5 9 08.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Tony Harmon Business Plan--Final.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Target Interview Process.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\SustainingSOXcomplianceFINAL.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\SuccessFactorsEZGuide_eGuide_SMB.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\SOX Testing Rates.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\ShouldIShortSaleMyHomebyDiane.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\SHORT%20SALE%20SELLER%20DOCS.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Sarbanes-Oxley_Section_404_--_A_Guide_for_Management_2nd_edition_1_08[1].pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Resume.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Resume (text).txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\REG Study.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Promo Chip Strategy.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Project Accounting Audit Report - 3-27-07.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Michigan Public Media Underwriting Policy.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Michigan Public Companies.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Michigan Companies.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\mfg IRS Guide.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\MasterVendorFile_Final[1].pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Map_Renaissance Center.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Mailing Address File.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Job Search File.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Job Prospect Contacts.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\IRS Letter.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\inventory ACL tests.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\interview questions.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Internalaudit.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Internal Audit Director Salary Report.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\icguidebookfinal.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\IA%20Around%20the%20World-Volume%20II.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\IA Department Profile.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\hsbc-short-sale-shames.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\holdem tourney rules.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Holdem Schedule.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Holdem Player List.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Harmon, A. - Finance 03-22 PM.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\guide_downtown.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\gmsustain01_ch4.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\gm05ar.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\GM Interview Questions.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\GM Benefits.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\global-util-cap-stat-final.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\FCRA Form rev 2-06.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\FARE Testing.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\expensereportguidelines-2.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Expense Report-Updated.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Everglads constructionprocurementprocess ar.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Duodenal Atresia.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Dump Cart Picture.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\DAL22-30406_EHMM0421.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\DAL22-30355_EHMM0421.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\d05225g.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Copy of Mailing Address File.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\CIA 1.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Christmas labels.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\chicago suburbs.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Chart Interview Preparation.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\ch18-inventory audit.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\cape cod.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\budget.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Bid Process Audit Report.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\behavorial interveiw responses.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Audit_Overview.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\applicationforemp.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\Acceptance Letter.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\2nd Round Audit Questions.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\2009 Budget.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\2008 Poker List.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\2007Holdem Player List.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\2007_SAMPLE_REPORT[1] GAIN.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\2007 Harmon TaxReturn.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\2007 Harmon Federal TaxReturn.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\2007 Cleveland Suburb Rankings.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\2007 City Tax Worklog.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\2006 Poker List.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\2005-2006 IIA Directory.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\07-00 AAM.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tony Harmon\My Documents\07_IAState_Profession_Study.pdf:Roxio EMC Stream
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:177313FB
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78ADFF54
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61AF2B29
< End of report >

Attached Files


Edited by Buckeye_Sam, 25 November 2009 - 08:55 AM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:57 PM

Posted 25 November 2009 - 09:07 AM

Please do not attach log files unless specifically requested to do. Just copy the text in the log and then paste it directly into your reply.
It makes it much easier for me to review the information if I can see it all in one place.



Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
    O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
    [2009/11/20 18:39:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tony Harmon\Application Data\alot
    [2009/11/20 12:49:32 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\2765f1e
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

=====================


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 aharmon1976

aharmon1976
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 29 November 2009 - 08:35 PM

Hi Sam! Sorry for the delay but we were out of town for the holiday. I have completed the steps indicated above and posted the two logs below:

OTL Fix log

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ deleted successfully.
C:\Program Files\alot\bin\BHO\alotBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}\ deleted successfully.
C:\Program Files\alot\bin\alot.dll moved successfully.
C:\Documents and Settings\Tony Harmon\Application Data\alot folder moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\2765f1e\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 10075796 bytes

User: Melissa Harmon
->Temp folder emptied: 40323333 bytes
->Temporary Internet Files folder emptied: 407384633 bytes
->Java cache emptied: 2207099 bytes
->FireFox cache emptied: 56056420 bytes
->Google Chrome cache emptied: 6099312 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2670207 bytes

User: Tony Harmon
->Temp folder emptied: 15646711 bytes
->Temporary Internet Files folder emptied: 29152367 bytes
->Java cache emptied: 7040408 bytes
->FireFox cache emptied: 68471661 bytes
->Google Chrome cache emptied: 6917156 bytes
->Apple Safari cache emptied: 7672082 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3019793 bytes
Windows Temp folder emptied: 1243086 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 25235122 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 335005796 bytes

Total Files Cleaned = 976.95 mb


OTL by OldTimer - Version 3.1.8.0 log created on 11292009_185607

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


ESET Log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=509bfe3e66c2344e9a7d20963006da4e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2009-11-30 01:29:30
# local_time=2009-11-29 08:29:30 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=4865 16777173 100 100 0 70984290 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=177461
# found=5
# cleaned=5
# scan_time=4235
C:\My Backup -- 08-11-22 1146AM\WINDOWS\system32\ConTest.dll Win32/Adware.Ascentive application (cleaned by deleting - quarantined) FA51BE2BD376F4B73D50AE883255E462 C
C:\My Backup -- 08-11-22 1146AM\WINDOWS\system32\f3PSSavr.scr Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 4CD346697529EFC743A608B2F5D0CC94 C
C:\My Backup -- 08-11-22 1146AM\WINDOWS\system32\gbscmvaa.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 396A78B7F56697ED0D4A42FEC57F4360 C
C:\My Backup -- 08-11-22 1146AM\WINDOWS\system32\tufnymcr.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) D7DC6836CA2BFE982E6F4D1D3FA95ACD C
C:\My Backup -- 08-11-22 1146AM\WINDOWS\system32\__c00F86D5.dat probably a variant of Win32/Obfuscated trojan (cleaned by deleting - quarantined) 7249699391CBD46190A0A8065D9844A6 C

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:57 PM

Posted 29 November 2009 - 09:14 PM

No worries. I expected that during the holiday weekend. :(

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 aharmon1976

aharmon1976
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 29 November 2009 - 10:42 PM

Not letting me run this program. It indicates that I have "Enterprise Suite" antivirus running and that I must disable this before running. I believe this is actually a virus itself and I'm not sure how to disable it. When I attempt to proceed anyway it fails. Any thoughts?

#8 aharmon1976

aharmon1976
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 30 November 2009 - 12:42 AM

Scratch my previous post....I was able to get it to run. Log is below:

ComboFix 09-11-29.03 - Tony Harmon 11/30/2009 0:13.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.226 [GMT -5:00]
Running from: c:\documents and settings\Tony Harmon\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: Enterprise Suite *On-access scanning enabled* (Updated) {3C58A1DD-59E4-4CE2-83DD-3D343AFDCCBC}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
FW: Enterprise Suite *enabled* {F6651AB0-8761-4F4E-BEA5-6319B3B8D973}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Melissa Harmon\Application Data\alot
c:\documents and settings\Melissa Harmon\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Melissa Harmon\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Melissa Harmon\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\Melissa Harmon\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\Melissa Harmon\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\Melissa Harmon\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\Melissa Harmon\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\Melissa Harmon\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\Melissa Harmon\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\Melissa Harmon\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\Melissa Harmon\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\Melissa Harmon\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\Melissa Harmon\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\Melissa Harmon\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\Melissa Harmon\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\Melissa Harmon\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\Melissa Harmon\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\Melissa Harmon\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\Melissa Harmon\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\Melissa Harmon\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\Melissa Harmon\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\Melissa Harmon\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\Melissa Harmon\Application Data\alot\configurator\configurator.xml
c:\documents and settings\Melissa Harmon\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\Melissa Harmon\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\Melissa Harmon\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\Melissa Harmon\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\Melissa Harmon\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\Melissa Harmon\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\Melissa Harmon\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\Melissa Harmon\Application Data\alot\preferencesLayout\preferencesLayout.xml
c:\documents and settings\Melissa Harmon\Application Data\alot\preferencesLayout\preferencesLayout.xml.backup
c:\documents and settings\Melissa Harmon\Application Data\alot\products\products.xml
c:\documents and settings\Melissa Harmon\Application Data\alot\products\products.xml.backup
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_1\images\alot_image_search.png
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_1\images\alot_news_search.png
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_1\images\alot_shop_search.png
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_1\images\alot_videos_search.png
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_1\images\alot_web_search.png
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_2\images\alot_configure.bmp
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_2\images\alot_configure.png
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_3\images\default_1467_alot_crafts_search.bmp
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_3\images\default_1467_alot_crafts_search.png
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_4\images\default_1464_alot_crafts_ideas.bmp
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_4\images\default_1464_alot_crafts_ideas.png
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_5\images\2904_icon.png
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_6\images\default_1466_alot_crafts_shopping.bmp
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_6\images\default_1466_alot_crafts_shopping.png
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_7\images\default_1668_www.amazon.com_button.bmp
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_7\images\default_1668_www.amazon.com_button.png
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_8\images\2808_icon.png
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Button_9\images\2735_icon.png
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\contextMenu\images\alot_icon.png
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Shared\images\discover.png
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Shared\images\intro_popup.png
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\Melissa Harmon\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\Melissa Harmon\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\Melissa Harmon\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\Melissa Harmon\Application Data\alot\toolbar.xml
c:\documents and settings\Melissa Harmon\Application Data\alot\toolbar.xml.backup
c:\documents and settings\Melissa Harmon\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
c:\documents and settings\Melissa Harmon\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
c:\documents and settings\Melissa Harmon\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\Melissa Harmon\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\Melissa Harmon\Application Data\alot\Updater\Updater.xml
c:\documents and settings\Melissa Harmon\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\Melissa Harmon\Start Menu\Programs\Startup\Logitech . Product Registration.lnk.disabled
c:\documents and settings\Tony Harmon\My Documents\restore 12-2-07.reg
c:\program files\alot
c:\program files\alot\alotUninst.exe
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\config.ini
c:\program files\Dealio Toolbar\DealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\separator.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\SearchSettings.exe
c:\program files\Dealio Toolbar\SearchSettingsRes409.dll
c:\program files\Dealio Toolbar\sscfg.ini
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\recycler\S-1-5-21-3231969943-3545894624-62526411-500
c:\windows\kb913800.exe
c:\windows\system32\drivers\1028_DELL_XPS_Dell DM051 .MRK
c:\windows\system32\drivers\DELL_XPS_Dell DM051 .MRK
c:\windows\system32\hpzjrd01.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-30 )))))))))))))))))))))))))))))))
.

2009-11-30 00:10 . 2009-11-30 00:10 -------- d-----w- c:\program files\ESET
2009-11-25 15:34 . 2009-11-25 15:34 -------- d-----w- C:\_OTL
2009-11-25 14:31 . 2009-11-25 14:31 -------- d-----w- c:\documents and settings\Melissa Harmon\Application Data\Malwarebytes
2009-11-24 23:59 . 2009-11-20 19:59 1541416 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vete_tmp.dll
2009-11-24 23:45 . 2009-11-24 23:45 -------- d-----w- c:\documents and settings\Tony Harmon\Application Data\Malwarebytes
2009-11-24 23:45 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-24 23:45 . 2009-11-24 23:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-24 23:45 . 2009-11-24 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-24 23:45 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-24 04:06 . 2009-11-24 04:06 -------- d--h--w- c:\windows\PIF
2009-11-22 14:12 . 2009-11-22 14:12 41848 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-20 20:49 . 2009-11-12 14:47 52224 ----a-w- c:\documents and settings\Tony Harmon\Application Data\Mozilla\Firefox\Profiles\4rccglus.default\extensions\{e4878b45-e2c0-4307-b6e8-734922f92f5b}\components\FFExternalAlert.dll
2009-11-20 20:49 . 2009-11-12 14:47 114688 ----a-w- c:\documents and settings\Tony Harmon\Application Data\Mozilla\Firefox\Profiles\4rccglus.default\extensions\{e4878b45-e2c0-4307-b6e8-734922f92f5b}\components\npmozax.dll
2009-11-20 19:51 . 2009-11-20 19:59 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-11-20 19:51 . 2009-11-20 19:59 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-11-20 19:49 . 2007-08-20 18:38 32264 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2009-11-20 19:49 . 2007-08-20 18:38 21512 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2009-11-20 19:49 . 2007-08-20 18:38 26376 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2009-11-20 19:49 . 2007-08-20 18:38 21128 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2009-11-20 19:49 . 2007-08-20 18:37 75016 ----a-w- c:\windows\system32\isafprod.dll
2009-11-20 19:49 . 2007-08-20 18:37 99592 ----a-w- c:\windows\system32\isafeif.dll
2009-11-20 19:49 . 2007-08-20 18:26 79424 ----a-w- c:\windows\system32\vetredir.dll
2009-11-20 19:49 . 2009-11-20 19:49 -------- d-----w- c:\program files\Common Files\Scanner
2009-11-20 19:49 . 2009-11-20 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2009-11-20 19:49 . 2009-11-20 19:49 -------- d-----w- c:\program files\CA
2009-11-20 16:48 . 2009-11-20 16:48 -------- d-----w- c:\program files\iPod
2009-11-20 16:48 . 2009-11-20 16:48 -------- d-----w- c:\program files\iTunes
2009-11-20 16:48 . 2009-11-20 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-20 16:41 . 2009-11-20 16:41 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-20 16:38 . 2009-11-20 16:38 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-30 05:27 . 2009-11-20 20:57 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2009-11-30 05:27 . 2009-11-20 20:57 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2009-11-30 05:27 . 2009-11-20 20:57 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2009-11-30 05:27 . 2009-11-20 20:57 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2009-11-30 05:27 . 2009-11-20 20:57 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2009-11-30 05:27 . 2009-11-20 20:57 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2009-11-30 05:27 . 2009-11-20 20:57 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2009-11-30 05:27 . 2009-11-20 20:57 101378 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2009-11-30 03:34 . 2009-05-24 20:26 -------- d-----w- c:\documents and settings\Tony Harmon\Application Data\EGAMESTOOLBAR
2009-11-25 19:16 . 2009-07-23 14:12 -------- d-----w- c:\documents and settings\Melissa Harmon\Application Data\Skype
2009-11-25 14:33 . 2009-07-23 14:15 -------- d-----w- c:\documents and settings\Melissa Harmon\Application Data\skypePM
2009-11-24 02:24 . 2009-09-13 16:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-24 02:18 . 2009-09-15 23:05 -------- d-----w- c:\program files\OpenOffice.org 2.4
2009-11-24 02:03 . 2009-09-15 23:12 -------- d-----w- c:\documents and settings\Tony Harmon\Application Data\OpenOffice.org2
2009-11-22 14:17 . 2008-11-23 19:42 -------- d-----w- c:\documents and settings\Tony Harmon\Application Data\Apple Computer
2009-11-20 19:53 . 2009-08-10 07:09 3872 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-20 19:18 . 2009-09-15 23:27 -------- d-----w- c:\program files\Accent EXCEL Password Recovery
2009-11-20 18:17 . 2009-03-02 18:15 -------- d-----w- c:\program files\RealArcade
2009-11-20 16:48 . 2008-11-23 19:39 -------- d-----w- c:\program files\Common Files\Apple
2009-11-20 16:46 . 2008-11-23 19:40 -------- d-----w- c:\program files\QuickTime
2009-11-20 16:40 . 2009-07-21 18:25 -------- d-----w- c:\program files\Safari
2009-11-19 00:51 . 2009-10-15 00:10 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-19 00:51 . 2009-10-14 01:25 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-10-23 21:08 . 2008-11-23 19:44 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-15 00:13 . 2009-07-23 14:01 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-10-14 01:25 . 2009-10-14 01:25 -------- d-----w- c:\documents and settings\Melissa Harmon\Application Data\Leadertech
2009-10-14 01:22 . 2009-07-23 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-10-14 01:22 . 2009-10-14 01:22 -------- d-----w- c:\program files\Logitech
2009-09-26 21:09 . 2006-06-19 04:25 58320 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-16 03:51 . 2009-09-16 03:51 367686 -c--a-r- c:\documents and settings\Tony Harmon\Application Data\Microsoft\Installer\{D7331729-DD42-4FE2-B5F3-D2E2C89EC5E4}\icon.exe
2009-09-16 03:21 . 2009-09-16 03:21 367686 -c--a-r- c:\documents and settings\Tony Harmon\Application Data\Microsoft\Installer\{6BD7250C-FCC9-486F-81A8-57FB6031F627}\icon.exe
2009-09-15 23:12 . 2009-09-15 23:12 1 -c--a-w- c:\documents and settings\Tony Harmon\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-09-11 14:18 . 2008-11-22 19:15 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-06 14:47 . 2009-09-06 14:47 27998048 -c--a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe
2009-09-06 14:47 . 2009-09-06 14:47 4912976 -c--a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\TagPlugin.exe
2009-09-04 21:03 . 2008-11-22 19:14 58880 ----a-w- c:\windows\system32\msasn1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-08 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-11-20 177392]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2009-11-20 14088]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-11-20 230664]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2009-11-20 1193200]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-11-20 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-11-20 259312]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\documents and settings\Tony Harmon\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk.disabled [2009-9-15 886]
YPOPs.lnk.disabled [2009-8-12 611]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2008-11-22 921707]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 18:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2006-10-12 14:42 450649 ----a-r- c:\windows\system32\PRISMAPI.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ehTray"=c:\windows\ehome\ehtray.exe
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"SearchSettings"=c:\program files\Dealio Toolbar\SearchSettings.exe
"SigmatelSysTrayApp"=stsystra.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe"
"UIUCU"=c:\docume~1\TONYHA~1\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 7:08 PM 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 7:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 7:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 7:08 PM 66576]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [11/22/2008 3:47 PM 61529]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 10:24 AM 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 10:24 AM 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 7:10 PM 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 7:08 PM 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 9:10 PM 189704]
S2 gupdate1c9c1e33f58b588;Google Update Service (gupdate1c9c1e33f58b588);c:\program files\Google\Update\GoogleUpdate.exe [4/20/2009 1:10 PM 133104]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/26/2008 3:28 PM 18560]
.
Contents of the 'Scheduled Tasks' folder

2009-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-11-20 c:\windows\Tasks\CAAntiSpywareScan_Daily as Tony Harmon at 2 49 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]

2009-11-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-02 19:34]

2009-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 18:09]

2009-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 18:09]

2009-11-30 c:\windows\Tasks\User_Feed_Synchronization-{A6EFFC9C-AE66-4E81-B94C-EB28AD301C70}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath - c:\documents and settings\Tony Harmon\Application Data\Mozilla\Firefox\Profiles\4rccglus.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=374563&p=
FF - component: c:\documents and settings\Tony Harmon\Application Data\Mozilla\Firefox\Profiles\4rccglus.default\extensions\{e4878b45-e2c0-4307-b6e8-734922f92f5b}\components\FFExternalAlert.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\components\DealioToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1691.8062\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
AddRemove-adventurechronicles - c:\program files\RealArcade\Installer\bin\gameinstaller.exe c:\program files\RealArcade\Installer\installerMain.clf
AddRemove-alotToolbar - c:\program files\alot\alotUninst.exe
AddRemove-flipwords - c:\program files\RealArcade\Installer\bin\gameinstaller.exe c:\program files\RealArcade\Installer\installerMain.clf
AddRemove-mysterylegendstmsleepyhollow - c:\program files\RealArcade\Installer\bin\gameinstaller.exe c:\program files\RealArcade\Installer\installerMain.clf
AddRemove-RealArcade - c:\program files\RealArcade\Installer\bin\gameinstaller.exe c:\program files\RealArcade\Installer\installerMain.clf
AddRemove-{33D6CC28-9F75-4d1b-A11D-98895B3A3729} - c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-30 00:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\documents and settings\Tony Harmon\Application Data\GTek\GTUpdate\AUpdate\EasyLinkAdvisor\DB\{EFC9EC97-1565-40BC-A62E-1C715150FF34}.xml 291 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\UmxWnp.Dll
c:\windows\system32\PRISMAPI.DLL
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'explorer.exe'(4012)
c:\windows\system32\WININET.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\PRISMSVR.EXE
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\dllhost.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2009-11-30 00:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-30 05:37

Pre-Run: 83,909,693,440 bytes free
Post-Run: 85,328,166,912 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 83FC80A9F25F72018CA95F085F1D39F3

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:57 PM

Posted 30 November 2009 - 08:11 AM

Well done! :(

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 aharmon1976

aharmon1976
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 30 November 2009 - 01:57 PM

Seems good so far....and Google is no longer redirecting to the wrong page. Think we got it all???

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:57 PM

Posted 30 November 2009 - 06:10 PM

Indications are that you should be good to go! :(
Watch it closely for next few days, but if all continues to work as it should here are some final steps and recommendations for you.


We need to remove Combofix now that we're done with it.
  • Click START->RUN
  • Now type Combofix /uninstall in the runbox and click OK

==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 aharmon1976

aharmon1976
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 01 December 2009 - 11:27 PM

Not sure this thing is gone just yet. Web pages seem to be loading much quicker and Google is no longer redirecting to google.nl. but all programs are still taking a long time to load and the CPU sounds like it is constantly churning. I ran a Spybot S&D and only had one small issue pop up. No need to Defrag. CHKDSK ran without issue. Any thoughts on what may still be slowing it down?

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:57 PM

Posted 02 December 2009 - 09:01 AM

I've run across this before. Take a look at your CA Security Suite. I don't know if it's from a recent update of the program, but I've had a few people recently complain that it's really bogging down their system.

Play around with the settings and see if there's anything you can disable and then see if your computer responds better. I'm sorry I can't be more help, but I'm not familiar with the program itself.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users