Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Google Redirect Virus


  • This topic is locked This topic is locked
12 replies to this topic

#1 bayareaguy

bayareaguy

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 07 December 2009 - 10:56 PM

When I visit certain sites, I get redirected to bizarre sites that try to sell me stuff and/or provide unrelated, unwanted information or links. It happens when I click on links obtained through a Google search, or even just by clicking on links in emails...it's very random, but consistent...and getting worse and worse.

DDS.txt:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Sheldon at 19:30:47.04 on Mon 12/07/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.125 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Sheldon\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://m.www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Auto Run Software for Photo Frame] "c:\program files\philips\philips photoframe\PhotoManager.exe" /autorun
uRun: [Google Update] "c:\documents and settings\sheldon\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [wefi] c:\program files\wefi\WeFi.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: ohlone.edu\mail
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/Oneclickfix/tgctlsr.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183918618500
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sheldon\applic~1\mozilla\firefox\profiles\w857tg6r.default\
FF - plugin: c:\documents and settings\sheldon\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-10-18 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-10-18 234888]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2008-8-16 200192]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2006-8-16 16512]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]

=============== Created Last 30 ================

2009-12-07 03:58:24 0 d-----w- c:\windows\CC33E708A7954AB3908A8F45919BC097.TMP
2009-12-07 03:57:53 110 ----a-w- c:\windows\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
2009-12-07 03:57:30 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-12-07 03:56:08 0 d-----w- c:\program files\LeapFrog
2009-12-07 03:56:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Leapfrog
2009-11-28 20:32:56 0 d-----w- c:\windows\system32\custom matrices
2009-11-28 20:30:01 0 d-----w- c:\windows\system32\QuickTime
2009-11-28 20:29:58 0 d-----w- c:\windows\system32\C2MP
2009-11-28 19:26:28 0 d-----w- c:\program files\Veoh Networks
2009-11-24 16:35:34 0 d-----w- c:\docume~1\alluse~1\applic~1\AIM
2009-11-24 16:35:24 0 d-----w- c:\program files\AIM
2009-11-24 16:35:11 0 d-----w- c:\program files\common files\Software Update Utility
2009-11-24 16:35:10 0 d-----w- c:\program files\common files\AOL
2009-11-24 04:34:35 1669 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_Pavilion ZV6100 (EC356UA#ABA)_YN_0Pavi_QCND6111PGZ_E393291001_46_I3085_SHP_V42.3B_BF.1B_T051011_WXH2_L409_M511_J80_7AMD_8Athlon 64_91_#050511_N10EC8139_(EC356UA#ABA)_XMOBILE_CN10_Z10024378_2F.1B.MRK
2009-11-24 04:10:33 0 d-----w- c:\program files\CONEXANT
2009-11-08 16:17:05 0 d-----w- c:\program files\Trend Micro
2009-11-08 05:14:26 0 d-----w- c:\docume~1\sheldon\applic~1\Malwarebytes
2009-11-08 05:14:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-08 05:14:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-08 05:14:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-08 05:14:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2009-11-06 18:53:52 267264 ----a-w- c:\windows\PEV.exe
2009-10-27 23:22:08 4835652 ----a-w- c:\windows\system32\libavcodec.dll
2009-10-27 23:16:44 1632375 ----a-w- c:\windows\system32\ffmpegmt.dll
2009-10-27 23:16:12 611638 ----a-w- c:\windows\system32\libmplayer.dll
2009-10-27 23:10:02 143872 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2009-10-27 22:46:26 248320 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2009-10-27 22:28:08 324096 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2009-10-25 14:11:34 77312 ----a-w- c:\windows\MBR.exe
2009-10-16 23:58:06 183296 ----a-w- c:\windows\system32\ff_samplerate.dll
2009-10-16 23:57:06 146944 ----a-w- c:\windows\system32\ff_tremor.dll
2009-10-16 23:04:24 178688 ----a-w- c:\windows\system32\ff_libmad.dll
2009-10-16 23:04:08 113152 ----a-w- c:\windows\system32\ff_unrar.dll
2009-10-16 23:03:48 257024 ----a-w- c:\windows\system32\ff_libdts.dll
2009-10-16 23:03:44 142848 ----a-w- c:\windows\system32\ff_liba52.dll
2009-10-16 23:03:40 484864 ----a-w- c:\windows\system32\ff_libfaad2.dll
2009-10-16 20:53:32 100864 ----a-w- c:\windows\system32\ff_wmv9.dll
2009-10-16 20:53:20 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-16 19:40:42 957047 ----a-w- c:\windows\system32\ff_x264.dll
2009-10-16 19:38:20 914464 ----a-w- c:\windows\system32\xvidcore.dll

============= FINISH: 19:31:26.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:11 AM

Posted 20 December 2009 - 03:42 PM

Hi,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.


We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT

  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Then please post back here with the following logs:
  • OTL.txt
  • Extra.txt
Thanks

unite.jpg


#3 bayareaguy

bayareaguy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 21 December 2009 - 03:08 AM

Thanks for the help!


OTL logfile created on: 12/20/2009 11:46:50 PM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\Sheldon\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 141.00 Mb Available Physical Memory | 28.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 28.85 Gb Free Space | 38.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4105E587B6
Current User Name: Sheldon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/20 23:45:37 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sheldon\Desktop\OTL.exe
PRC - [2009/12/18 19:46:12 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/20 10:57:00 | 02,590,456 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009/11/10 10:14:38 | 00,443,728 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2009/11/10 09:28:06 | 01,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/10 13:32:18 | 00,305,664 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2009/10/10 13:32:18 | 00,203,264 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2009/09/28 09:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/05 00:54:42 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/02 11:47:04 | 00,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2009/04/02 11:47:02 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/06/10 03:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
PRC - [2008/05/12 00:37:58 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/21 23:40:18 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2005/04/11 14:21:02 | 00,794,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005/04/01 02:02:36 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/03/22 21:05:00 | 00,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/03/04 11:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\Shared\hpqwmi.exe
PRC - [2005/02/22 15:32:14 | 00,038,912 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/02/16 22:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
PRC - [2005/02/02 04:12:22 | 00,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/02/02 04:11:12 | 00,692,316 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/12/03 13:24:20 | 00,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004/08/04 00:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 00:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2003/12/22 08:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hp\hpcoretech\hpcmpmgr.exe
PRC - [2003/09/16 04:19:24 | 00,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
PRC - [1997/07/10 23:00:00 | 00,061,440 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/20 23:45:37 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sheldon\Desktop\OTL.exe
MOD - [2006/08/25 07:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/02/02 04:12:14 | 00,069,724 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/10 09:28:06 | 01,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/28 09:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/02 11:47:04 | 00,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 11:47:02 | 00,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/08/02 13:18:49 | 00,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2005/04/01 02:02:36 | 00,360,448 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/03/04 11:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\HPQ\Shared\hpqwmi.exe -- (hpqwmi)
SRV - [2005/02/22 15:32:14 | 00,038,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2004/01/04 23:27:32 | 00,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/03/26 23:55:31 | 00,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/08/02 13:10:13 | 00,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/04/04 08:25:36 | 00,160,768 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/04/01 02:02:36 | 01,034,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/22 06:39:54 | 00,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/03/22 06:39:44 | 00,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/03/22 06:39:42 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/03/22 06:39:40 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/15 08:14:52 | 00,346,496 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/03/15 08:14:52 | 00,037,760 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/03/10 01:41:52 | 00,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/02/02 03:58:58 | 00,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/10/07 17:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/11 15:30:00 | 00,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 00:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/04 00:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 22:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/06/28 02:35:24 | 00,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/04/14 07:36:50 | 00,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/01/04 23:27:34 | 00,021,488 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2004/01/04 23:27:34 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2004/01/04 23:27:32 | 00,051,056 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2003/06/06 11:46:16 | 00,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2002/07/17 08:05:10 | 00,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002/07/17 08:05:10 | 00,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2002/03/19 10:29:16 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2001/08/17 11:10:28 | 00,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 07:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/18 19:46:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/18 19:46:23 | 00,000,000 | ---D | M]

[2008/07/31 00:20:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sheldon\Application Data\Mozilla\Extensions
[2009/12/18 13:35:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sheldon\Application Data\Mozilla\Firefox\Profiles\w857tg6r.default\extensions
[2007/07/25 23:30:01 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Sheldon\Application Data\Mozilla\Firefox\Profiles\w857tg6r.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/18 10:06:09 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sheldon\Application Data\Mozilla\Firefox\Profiles\w857tg6r.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2006/12/01 08:27:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sheldon\Application Data\Mozilla\Firefox\Profiles\w857tg6r.default\extensions\videodowloader@videodownloader.net
[2008/07/31 00:21:04 | 00,000,892 | ---- | M] () -- C:\Documents and Settings\Sheldon\Application Data\Mozilla\Firefox\Profiles\w857tg6r.default\searchplugins\webster.xml
[2008/07/31 00:21:04 | 00,001,312 | ---- | M] () -- C:\Documents and Settings\Sheldon\Application Data\Mozilla\Firefox\Profiles\w857tg6r.default\searchplugins\wikipedia.xml
[2009/12/18 13:35:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/05/06 23:53:04 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Auto Run Software for Photo Frame] C:\Program Files\Philips\Philips PhotoFrame\PhotoManager.exe File not found
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Sheldon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ohlone.edu ([mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/Oneclickfix/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.evite.com/html/imageUpload/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1183918618500 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.255.115.2 85.255.112.209
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\Hp\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16892003295952896)

========== Files/Folders - Created Within 30 Days ==========

[2009/12/20 23:45:37 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sheldon\Desktop\OTL.exe
[2009/12/18 11:55:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sheldon\Desktop\Grades F09
[2009/12/14 20:45:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sheldon\Desktop\Birthday
[2009/12/07 19:57:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sheldon\Desktop\BleepingComputer dot com
[2009/12/06 19:58:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\CC33E708A7954AB3908A8F45919BC097.TMP
[2009/12/06 19:57:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/12/06 19:56:08 | 00,000,000 | ---D | C] -- C:\Program Files\LeapFrog
[2009/12/06 19:56:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2009/11/28 12:32:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\custom matrices
[2009/11/28 12:30:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2009/11/28 12:29:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\C2MP
[2009/11/28 11:26:28 | 00,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2009/11/24 08:35:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sheldon\Local Settings\Application Data\AOL
[2009/11/24 08:35:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2009/11/24 08:35:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2009/11/23 20:10:33 | 00,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2009/10/16 19:10:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/12/28 10:23:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\WTablet
[2007/07/17 10:32:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/07/17 09:24:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/05/11 19:31:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/05/11 19:31:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[141 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[14 C:\Documents and Settings\Sheldon\Desktop\*.tmp files -> C:\Documents and Settings\Sheldon\Desktop\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/20 23:45:37 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sheldon\Desktop\OTL.exe
[2009/12/20 12:15:01 | 00,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3791578662-2090678905-3491001564-1006UA.job
[2009/12/20 11:35:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/20 11:35:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/20 11:35:15 | 53,535,1296 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/20 11:34:34 | 07,340,032 | ---- | M] () -- C:\Documents and Settings\Sheldon\ntuser.dat
[2009/12/20 11:34:18 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Sheldon\ntuser.ini
[2009/12/18 23:49:19 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Sheldon\Desktop\~$lms---syllabus_psych_101_tth_1225---revised.doc
[2009/12/18 14:26:10 | 00,001,472 | ---- | M] () -- C:\WINDOWS\ULEAD.INI
[2009/12/18 11:15:08 | 00,199,680 | ---- | M] () -- C:\Documents and Settings\Sheldon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/17 23:15:00 | 00,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3791578662-2090678905-3491001564-1006Core.job
[2009/12/11 15:09:16 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\Sheldon\Desktop\Microsoft Office Word 2007.lnk
[2009/12/06 19:58:23 | 00,000,651 | ---- | M] () -- C:\Documents and Settings\Sheldon\Desktop\LeapFrog Connect.lnk
[2009/12/06 19:58:11 | 00,000,110 | ---- | M] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/12/05 14:11:29 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/05 14:05:23 | 00,000,791 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/04 20:10:26 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/24 08:35:42 | 00,001,463 | -H-- | M] () -- C:\IPH.PH
[2009/11/23 20:34:38 | 00,001,669 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_NTBK_Pavilion ZV6100 (EC356UA#ABA)_YN_0Pavi_QCND6111PGZ_E393291001_46_I3085_SHP_V42.3B_BF.1B_T051011_WXH2_L409_M511_J80_7AMD_8Athlon 64_91_#050511_N10EC8139_(EC356UA#ABA)_XMOBILE_CN10_Z10024378_2F.1B.MRK
[2009/11/23 20:15:22 | 00,466,810 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/23 20:15:22 | 00,406,896 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/23 20:15:22 | 00,063,930 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[141 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[14 C:\Documents and Settings\Sheldon\Desktop\*.tmp files -> C:\Documents and Settings\Sheldon\Desktop\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/18 23:49:19 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Sheldon\Desktop\~$lms---syllabus_psych_101_tth_1225---revised.doc
[2009/12/18 11:15:16 | 10,097,2123 | ---- | C] () -- C:\Documents and Settings\Sheldon\Desktop\Adven Prostitution - with text.wmv
[2009/12/18 11:15:13 | 28,724,867 | ---- | C] () -- C:\Documents and Settings\Sheldon\Desktop\Adven Mission - with text.wmv
[2009/12/06 19:58:23 | 00,000,651 | ---- | C] () -- C:\Documents and Settings\Sheldon\Desktop\LeapFrog Connect.lnk
[2009/12/06 19:57:53 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/12/05 14:11:29 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/23 20:34:35 | 00,001,669 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_NTBK_Pavilion ZV6100 (EC356UA#ABA)_YN_0Pavi_QCND6111PGZ_E393291001_46_I3085_SHP_V42.3B_BF.1B_T051011_WXH2_L409_M511_J80_7AMD_8Athlon 64_91_#050511_N10EC8139_(EC356UA#ABA)_XMOBILE_CN10_Z10024378_2F.1B.MRK
[2009/10/28 22:49:42 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2009/10/27 15:22:08 | 04,835,652 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/10/27 15:16:44 | 01,632,375 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2009/10/27 15:16:12 | 00,611,638 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/10/27 15:10:02 | 00,143,872 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/10/27 14:46:26 | 00,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/10/27 14:28:08 | 00,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/10/16 15:58:06 | 00,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/10/16 15:57:06 | 00,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/10/16 15:04:24 | 00,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/10/16 15:04:08 | 00,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/10/16 15:03:48 | 00,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/10/16 15:03:44 | 00,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/10/16 15:03:40 | 00,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/10/16 12:53:32 | 00,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/10/16 12:53:20 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/16 11:40:42 | 00,957,047 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/10/16 11:38:20 | 00,914,464 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/10 14:17:32 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/10 14:16:56 | 00,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/10 14:16:50 | 00,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/10 14:16:14 | 00,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/10 14:15:54 | 00,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/10 14:15:44 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/10 14:15:32 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/10 14:15:28 | 00,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/10 14:15:12 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/10 14:14:08 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/10 14:14:06 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/12/03 14:11:50 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 08:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 08:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/04/04 14:07:06 | 00,000,268 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/03/05 18:28:48 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2007/12/13 09:50:10 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\Sheldon\Application Data\LecShare Pro.rdb
[2007/12/10 21:32:18 | 00,565,248 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2007/12/08 18:28:58 | 00,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2007/12/08 18:28:55 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\IC32.INI
[2007/12/08 18:26:16 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMAdvDVD.ini
[2007/10/13 01:30:20 | 00,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/10/08 16:41:41 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007/10/08 16:41:41 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007/09/23 12:42:14 | 00,004,958 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xnwfyhdk.mld
[2007/09/10 15:42:06 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007/09/10 15:42:06 | 00,000,341 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007/07/18 11:24:49 | 00,000,581 | ---- | C] () -- C:\Documents and Settings\Sheldon\Application Data\AutoGK.ini
[2007/07/10 09:10:12 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/04/07 15:53:26 | 01,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2007/03/10 17:47:51 | 00,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9869p2now.sys
[2006/12/12 08:24:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/11/20 22:18:15 | 00,001,472 | ---- | C] () -- C:\WINDOWS\ULEAD.INI
[2006/11/17 08:26:24 | 00,004,492 | ---- | C] () -- C:\Documents and Settings\Sheldon\Application Data\wklnhst.dat
[2006/09/08 11:44:53 | 00,000,157 | ---- | C] () -- C:\WINDOWS\WISE.INI
[2006/08/08 23:47:56 | 00,000,066 | ---- | C] () -- C:\WINDOWS\Ahead DVD Ripper.INI
[2006/07/24 19:15:06 | 00,001,357 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/22 22:34:10 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\astro32.dll
[2006/07/13 16:42:30 | 00,433,664 | ---- | C] () -- C:\WINDOWS\System32\TBS32.DLL
[2006/06/17 13:03:41 | 00,000,029 | ---- | C] () -- C:\WINDOWS\coolacm.ini
[2006/05/27 14:59:57 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\Sheldon\Local Settings\Application Data\fusioncache.dat
[2006/05/11 15:10:05 | 00,039,742 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/05/11 13:20:46 | 00,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2006/05/11 13:20:45 | 00,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/07 10:07:39 | 00,199,680 | ---- | C] () -- C:\Documents and Settings\Sheldon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/02 13:24:01 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/05/11 20:02:36 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/11 20:02:36 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/11 20:02:35 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/11 20:02:35 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/11 20:02:35 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/11 20:02:35 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/11 19:49:08 | 00,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/12 00:33:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 05:16:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 05:10:08 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/10/15 14:54:04 | 00,160,768 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/08/17 08:58:50 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[1999/01/27 12:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/07/10 23:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/10 23:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/10 23:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/06/13 06:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2004/08/03 16:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 00:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 00:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
< End of report >


OTL Extras logfile created on: 12/20/2009 11:46:50 PM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\Sheldon\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 141.00 Mb Available Physical Memory | 28.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 28.85 Gb Free Space | 38.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4105E587B6
Current User Name: Sheldon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [UnzipThemAll] -- "C:\Program Files\UnzipThemAll\UnzipThemAll.exe" "%1" (Hervé Thouzard)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\iVisit\iVisit.exe" = C:\Program Files\iVisit\iVisit.exe:*:Disabled: iVisit -- (iVisit, LLC)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E22217-0E96-4C3F-B831-83AA942B7715}" = UserGuides
"{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}" = Serif PhotoPlus 6.0
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EAC5DEC-2AFD-4533-9416-3098BFEFDEC2}_is1" = Infine CaptureFlash version 1.5
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{15D91706-6ADF-44CF-9D7D-FF2D8ACD2C6F}" = LS_HSI
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{184EB198-1DBA-46DB-B728-7A5FC13D5C2B}_is1" = Yahoo! Photos Print-at-Home Tool
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{2185D687-CF16-48CD-90AD-A3AB2C6D1845}" = QCShow
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 A3
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{534AA552-E1F1-4965-B2AA-FBDEB0730D60}" = muvee autoProducer 4.0 - SE
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{62F79C52-E264-44ab-ABC2-7BEA2962C70D}" = 5500Trb
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D4E56A1-22EE-44d8-BD14-7B9FB7F80D1B}" = 5500_Help
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C23496-A105-4b6f-B8F0-22523DFE4E4E}" = 5500
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}" = LeapFrog Connect
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{A09501A9-EE89-4961-83E1-AF6581F118A5}" = SPSS 15.0 for Windows Graduate Student Version
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A6392127-1223-4C7F-BBC8-87CCB449F96C}" = ArcSoft WebCam Companion 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.8
"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}" = Sibelius Scorch (ActiveX Only)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CC33E708-A795-4AB3-908A-8F45919BC097}" = LeapFrog My Pals Plugin
"{CDBFDD5B-50E0-4021-94AF-516B80509ABE}" = 5500Tour
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B3
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"Ask Toolbar_is1" = Vuze Toolbar
"Astronomer's Control Panel" = Astronomer's Control Panel
"ATI Display Driver" = ATI Display Driver
"AviSynth" = AviSynth 2.5
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C" = Data Fax SoftModem with SmartCP
"Compaq Presario r4000 User Guides" = Compaq Presario r4000 User Guides
"Conexant PCI Audio" = Conexant AC-Link Audio
"DivX Content Uploader" = DivX Content Uploader
"GoogleVideoPlayer" = Google Video Player
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Pavillion zv6000 User Guides" = HP Pavillion zv6000 User Guides
"HP Photo & Imaging" = HP Image Zone 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"iVisit" = iVisit 3.6.4
"LecShare Pro_is1" = LecShare Pro 1.30
"LimeWire" = LimeWire 4.16.6
"MAGpie21.01" = MAGpie2
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.0
"MediaCoder" = MediaCoder 0.5.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSCSR" = Microsoft Speech Recognition Engine 4.0 (English)
"MWSnap 3" = MWSnap 3
"MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office8.0" = Microsoft Office 97, Professional Edition
"PUBLISHERR" = Microsoft Office Publisher 2007 Trial
"RealPlayer 6.0" = RealPlayer
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ST5UNST #1" = MAGPIE
"Starry Night Bundle Edition" = Starry Night Bundle Edition
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"UnzipThemAll_is1" = UnzipThemAll 1.3
"UPCShell" = LeapFrog Connect
"Veoh Web Player Beta" = Veoh Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.5
"VobSub" = VobSub v2.23 (Remove Only)
"WeFi" = WeFi 3.6.4.4
"WinAVI VideoConverter_is1" = WinAVI VideoConverter
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WindowsScriptHost" = Microsoft Windows Script Host
"WinPcapInst" = WinPcap 3.1
"WM Recorder 11.2" = WM Recorder 11.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Photos Easy Upload Tool" = Yahoo! Photos Easy Upload Tool
"YASA VOB to MPEG Converter v3.2 (build 036)" = YASA VOB to MPEG Converter v3.2 (build 036)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/16/2009 2:23:31 AM | Computer Name = YOUR-4105E587B6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/18/2009 10:37:59 PM | Computer Name = YOUR-4105E587B6 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/18/2009 10:37:59 PM | Computer Name = YOUR-4105E587B6 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/18/2009 10:37:59 PM | Computer Name = YOUR-4105E587B6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: 404 (HTTP Response Status)

Error - 12/18/2009 10:37:59 PM | Computer Name = YOUR-4105E587B6 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/18/2009 10:37:59 PM | Computer Name = YOUR-4105E587B6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/19/2009 1:57:25 PM | Computer Name = YOUR-4105E587B6 | Source = ESENT | ID = 489
Description = wuauclt (2440) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 12/19/2009 1:57:25 PM | Computer Name = YOUR-4105E587B6 | Source = ESENT | ID = 455
Description = wuaueng.dll (2440) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 12/19/2009 1:57:35 PM | Computer Name = YOUR-4105E587B6 | Source = ESENT | ID = 489
Description = wuauclt (2440) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 12/19/2009 1:57:35 PM | Computer Name = YOUR-4105E587B6 | Source = ESENT | ID = 455
Description = wuaueng.dll (2440) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

[ Application Events ]
Error - 12/16/2009 2:23:31 AM | Computer Name = YOUR-4105E587B6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/18/2009 10:37:59 PM | Computer Name = YOUR-4105E587B6 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/18/2009 10:37:59 PM | Computer Name = YOUR-4105E587B6 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/18/2009 10:37:59 PM | Computer Name = YOUR-4105E587B6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: 404 (HTTP Response Status)

Error - 12/18/2009 10:37:59 PM | Computer Name = YOUR-4105E587B6 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/18/2009 10:37:59 PM | Computer Name = YOUR-4105E587B6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/19/2009 1:57:25 PM | Computer Name = YOUR-4105E587B6 | Source = ESENT | ID = 489
Description = wuauclt (2440) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 12/19/2009 1:57:25 PM | Computer Name = YOUR-4105E587B6 | Source = ESENT | ID = 455
Description = wuaueng.dll (2440) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 12/19/2009 1:57:35 PM | Computer Name = YOUR-4105E587B6 | Source = ESENT | ID = 489
Description = wuauclt (2440) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 12/19/2009 1:57:35 PM | Computer Name = YOUR-4105E587B6 | Source = ESENT | ID = 455
Description = wuaueng.dll (2440) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

[ System Events ]
Error - 12/18/2009 10:40:34 PM | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/18/2009 10:40:34 PM | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/18/2009 10:40:34 PM | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/18/2009 10:40:34 PM | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/18/2009 10:40:34 PM | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/18/2009 10:40:34 PM | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/18/2009 10:40:34 PM | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/18/2009 10:40:34 PM | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/18/2009 10:40:34 PM | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/18/2009 10:40:35 PM | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:11 AM

Posted 21 December 2009 - 10:24 AM

bayareaguy,
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Show All
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

unite.jpg


#5 bayareaguy

bayareaguy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 21 December 2009 - 04:10 PM

Here's the result of that scan. Thanks again!


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-21 13:03:38
Windows 5.1.2600 Service Pack 2
Running: q4nse4qs.exe; Driver: C:\DOCUME~1\Sheldon\LOCALS~1\Temp\agxiyaod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...

---- EOF - GMER 1.0.15 ----

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:11 AM

Posted 21 December 2009 - 04:42 PM

Hi,

I don't see an Anti Virus Program running on your machine
  • Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Two good antivirus programs free for non-commercial home use are Avast! and Antivir
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.



Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKCU..\Run: [Auto Run Software for Photo Frame] C:\Program Files\Philips\Philips PhotoFrame\PhotoManager.exe File not found
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.255.115.2 85.255.112.209
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

Then please post back here with the following logs:
  • MBAM results
  • OTL results
  • New OTL log
Thanks

unite.jpg


#7 bayareaguy

bayareaguy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 22 December 2009 - 12:16 AM

MBAM:

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

12/21/2009 8:48:33 PM
mbam-log-2009-12-21 (20-48-33).txt

Scan type: Quick Scan
Objects scanned: 130274
Time elapsed: 25 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\setup.player (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.2 85.255.112.209 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{518503a2-ac6e-4252-b7ad-cdd732bd85bd}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.2 85.255.112.209 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL log:


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Auto Run Software for Photo Frame deleted successfully.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {49232000-16E4-426C-A231-62846947304B}
C:\WINDOWS\Downloaded Program Files\SysInfo.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{49232000-16E4-426C-A231-62846947304B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49232000-16E4-426C-A231-62846947304B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{49232000-16E4-426C-A231-62846947304B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49232000-16E4-426C-A231-62846947304B}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 552 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 809472 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 509763 bytes

User: Sheldon
->Temp folder emptied: 56420047 bytes
->Temporary Internet Files folder emptied: 482604278 bytes
->Java cache emptied: 91460285 bytes
->FireFox cache emptied: 143794510 bytes
->Google Chrome cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 164092 bytes
%systemroot%\System32 .tmp files removed: 4140561 bytes
Windows Temp folder emptied: 19263312 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4079771341 bytes

Total Files Cleaned = 4,653.00 mb


OTL by OldTimer - Version 3.1.19.0 log created on 12212009_205758

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_648.dat moved successfully.

Registry entries deleted on Reboot...

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:11 AM

Posted 22 December 2009 - 04:52 PM

Can you run OTL again and post the new log please.

unite.jpg


#9 bayareaguy

bayareaguy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 22 December 2009 - 06:12 PM

OTL logfile created on: 12/22/2009 3:04:05 PM - Run 2
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\Sheldon\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 186.00 Mb Available Physical Memory | 37.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 33.12 Gb Free Space | 44.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4105E587B6
Current User Name: Sheldon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/20 23:45:37 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sheldon\Desktop\OTL.exe
PRC - [2009/12/18 19:46:12 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/24 15:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 15:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 15:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 15:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 15:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/10 10:14:38 | 00,443,728 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2009/11/10 09:28:06 | 01,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/10 13:32:18 | 00,305,664 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2009/10/10 13:32:18 | 00,203,264 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2009/09/28 09:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/02 11:47:04 | 00,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2009/04/02 11:47:02 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/06/10 03:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
PRC - [2008/05/12 00:37:58 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/10/26 12:45:04 | 00,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE
PRC - [2005/04/11 14:21:02 | 00,794,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005/04/01 02:02:36 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/03/22 21:05:00 | 00,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/03/04 11:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\Shared\hpqwmi.exe
PRC - [2005/02/22 15:32:14 | 00,038,912 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/02/16 22:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
PRC - [2005/02/02 04:12:22 | 00,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/02/02 04:11:12 | 00,692,316 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/12/03 13:24:20 | 00,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004/08/04 00:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 00:00:00 | 00,419,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2003/12/22 08:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hp\hpcoretech\hpcmpmgr.exe
PRC - [2003/09/16 04:19:24 | 00,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
PRC - [1997/07/10 23:00:00 | 00,061,440 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/20 23:45:37 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sheldon\Desktop\OTL.exe
MOD - [2006/08/25 07:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/02/02 04:12:14 | 00,069,724 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/24 15:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 15:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 15:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 15:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/10 09:28:06 | 01,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/28 09:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/02 11:47:04 | 00,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 11:47:02 | 00,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/08/02 13:18:49 | 00,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2005/04/01 02:02:36 | 00,360,448 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/03/04 11:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\HPQ\Shared\hpqwmi.exe -- (hpqwmi)
SRV - [2005/02/22 15:32:14 | 00,038,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2004/01/04 23:27:32 | 00,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/11/24 15:50:59 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 15:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 15:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 15:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 15:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 15:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/03/26 23:55:31 | 00,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/08/02 13:10:13 | 00,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/04/04 08:25:36 | 00,160,768 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/04/01 02:02:36 | 01,034,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/22 06:39:54 | 00,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/03/22 06:39:44 | 00,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/03/22 06:39:42 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/03/22 06:39:40 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/15 08:14:52 | 00,346,496 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/03/15 08:14:52 | 00,037,760 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/03/10 01:41:52 | 00,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/02/02 03:58:58 | 00,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/10/07 17:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/11 15:30:00 | 00,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 00:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/04 00:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 22:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/06/28 02:35:24 | 00,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/04/14 07:36:50 | 00,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/01/04 23:27:34 | 00,021,488 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2004/01/04 23:27:34 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2004/01/04 23:27:32 | 00,051,056 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2003/06/06 11:46:16 | 00,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2002/07/17 08:05:10 | 00,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002/07/17 08:05:10 | 00,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2002/03/19 10:29:16 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2001/08/17 11:10:28 | 00,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 07:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/18 19:46:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/18 19:46:23 | 00,000,000 | ---D | M]

[2008/07/31 00:20:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sheldon\Application Data\Mozilla\Extensions
[2009/12/22 13:27:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sheldon\Application Data\Mozilla\Firefox\Profiles\w857tg6r.default\extensions
[2007/07/25 23:30:01 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Sheldon\Application Data\Mozilla\Firefox\Profiles\w857tg6r.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/18 10:06:09 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sheldon\Application Data\Mozilla\Firefox\Profiles\w857tg6r.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2006/12/01 08:27:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sheldon\Application Data\Mozilla\Firefox\Profiles\w857tg6r.default\extensions\videodowloader@videodownloader.net
[2008/07/31 00:21:04 | 00,000,892 | ---- | M] () -- C:\Documents and Settings\Sheldon\Application Data\Mozilla\Firefox\Profiles\w857tg6r.default\searchplugins\webster.xml
[2008/07/31 00:21:04 | 00,001,312 | ---- | M] () -- C:\Documents and Settings\Sheldon\Application Data\Mozilla\Firefox\Profiles\w857tg6r.default\searchplugins\wikipedia.xml
[2009/12/22 13:27:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/05/06 23:53:04 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Sheldon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ohlone.edu ([mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/Oneclickfix/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.evite.com/html/imageUpload/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1183918618500 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.255.115.2 85.255.112.209
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\Hp\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/21 20:57:58 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/21 20:16:30 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/21 20:16:26 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/21 20:16:25 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/21 20:14:35 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sheldon\Desktop\mbam-setup.exe
[2009/12/21 19:59:32 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/12/21 19:59:31 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/12/21 19:59:30 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/12/21 19:59:28 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/12/21 19:59:26 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/12/21 19:59:26 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/12/21 19:59:25 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/12/21 19:59:25 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/12/21 19:58:47 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/12/21 19:58:40 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/12/21 19:53:48 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\Sheldon\Desktop\avast_home_setup.exe
[2009/12/20 23:45:37 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sheldon\Desktop\OTL.exe
[2009/12/18 11:55:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sheldon\Desktop\Grades F09
[2009/12/14 20:45:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sheldon\Desktop\Birthday
[2009/12/07 19:57:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sheldon\Desktop\BleepingComputer dot com
[2009/12/06 19:57:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/12/06 19:56:08 | 00,000,000 | ---D | C] -- C:\Program Files\LeapFrog
[2009/12/06 19:56:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2009/11/28 12:32:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\custom matrices
[2009/11/28 12:30:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2009/11/28 12:29:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\C2MP
[2009/11/28 11:26:28 | 00,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2009/11/24 08:35:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sheldon\Local Settings\Application Data\AOL
[2009/11/24 08:35:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2009/11/24 08:35:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2009/11/23 20:10:33 | 00,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2009/10/16 19:10:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/12/28 10:23:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\WTablet
[2007/07/17 10:32:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/07/17 09:24:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/05/11 19:31:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/05/11 19:31:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[141 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/22 14:15:06 | 00,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3791578662-2090678905-3491001564-1006UA.job
[2009/12/22 00:47:58 | 00,140,741 | ---- | M] () -- C:\Documents and Settings\Sheldon\Desktop\photo.jpg
[2009/12/22 00:47:27 | 00,025,698 | ---- | M] () -- C:\Documents and Settings\Sheldon\Desktop\GetAttachment.aspx
[2009/12/21 21:36:38 | 00,001,466 | ---- | M] () -- C:\WINDOWS\ULEAD.INI
[2009/12/21 21:07:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/21 21:06:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/21 21:06:35 | 53,535,1296 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/21 21:05:38 | 07,340,032 | ---- | M] () -- C:\Documents and Settings\Sheldon\ntuser.dat
[2009/12/21 21:05:16 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Sheldon\ntuser.ini
[2009/12/21 20:21:22 | 00,010,246 | ---- | M] () -- C:\Documents and Settings\Sheldon\Desktop\Error Code.docx
[2009/12/21 20:17:14 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\Sheldon\Desktop\Microsoft Office Word 2007.lnk
[2009/12/21 20:16:33 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/21 20:15:21 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sheldon\Desktop\mbam-setup.exe
[2009/12/21 19:59:32 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/12/21 19:59:26 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/21 19:53:48 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\Sheldon\Desktop\avast_home_setup.exe
[2009/12/21 10:37:33 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Sheldon\Desktop\q4nse4qs.exe
[2009/12/20 23:45:37 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sheldon\Desktop\OTL.exe
[2009/12/18 11:15:08 | 00,199,680 | ---- | M] () -- C:\Documents and Settings\Sheldon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/17 23:15:00 | 00,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3791578662-2090678905-3491001564-1006Core.job
[2009/12/06 19:58:11 | 00,000,110 | ---- | M] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/12/05 14:11:29 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/05 14:05:23 | 00,000,791 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/04 20:10:26 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/24 15:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/11/24 15:51:09 | 00,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/11/24 15:50:59 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/11/24 15:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/11/24 15:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/11/24 15:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/11/24 15:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/11/24 15:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/11/24 15:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/11/24 08:35:42 | 00,001,463 | -H-- | M] () -- C:\IPH.PH
[2009/11/23 20:34:38 | 00,001,669 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_NTBK_Pavilion ZV6100 (EC356UA#ABA)_YN_0Pavi_QCND6111PGZ_E393291001_46_I3085_SHP_V42.3B_BF.1B_T051011_WXH2_L409_M511_J80_7AMD_8Athlon 64_91_#050511_N10EC8139_(EC356UA#ABA)_XMOBILE_CN10_Z10024378_2F.1B.MRK
[2009/11/23 20:15:22 | 00,466,810 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/23 20:15:22 | 00,406,896 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/23 20:15:22 | 00,063,930 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[141 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/22 00:47:58 | 00,140,741 | ---- | C] () -- C:\Documents and Settings\Sheldon\Desktop\photo.jpg
[2009/12/22 00:47:25 | 00,025,698 | ---- | C] () -- C:\Documents and Settings\Sheldon\Desktop\GetAttachment.aspx
[2009/12/21 20:18:50 | 00,010,246 | ---- | C] () -- C:\Documents and Settings\Sheldon\Desktop\Error Code.docx
[2009/12/21 20:16:33 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/21 19:59:32 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/12/21 19:58:47 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/12/21 10:37:32 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Sheldon\Desktop\q4nse4qs.exe
[2009/12/18 11:15:16 | 10,097,2123 | ---- | C] () -- C:\Documents and Settings\Sheldon\Desktop\Adven Prostitution - with text.wmv
[2009/12/18 11:15:13 | 28,724,867 | ---- | C] () -- C:\Documents and Settings\Sheldon\Desktop\Adven Mission - with text.wmv
[2009/12/06 19:57:53 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/12/05 14:11:29 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/23 20:34:35 | 00,001,669 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_NTBK_Pavilion ZV6100 (EC356UA#ABA)_YN_0Pavi_QCND6111PGZ_E393291001_46_I3085_SHP_V42.3B_BF.1B_T051011_WXH2_L409_M511_J80_7AMD_8Athlon 64_91_#050511_N10EC8139_(EC356UA#ABA)_XMOBILE_CN10_Z10024378_2F.1B.MRK
[2009/10/28 22:49:42 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2009/10/27 15:22:08 | 04,835,652 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/10/27 15:16:44 | 01,632,375 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2009/10/27 15:16:12 | 00,611,638 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/10/27 15:10:02 | 00,143,872 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/10/27 14:46:26 | 00,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/10/27 14:28:08 | 00,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/10/16 15:58:06 | 00,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/10/16 15:57:06 | 00,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/10/16 15:04:24 | 00,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/10/16 15:04:08 | 00,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/10/16 15:03:48 | 00,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/10/16 15:03:44 | 00,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/10/16 15:03:40 | 00,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/10/16 12:53:32 | 00,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/10/16 12:53:20 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/16 11:40:42 | 00,957,047 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/10/16 11:38:20 | 00,914,464 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/10 14:17:32 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/10 14:16:56 | 00,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/10 14:16:50 | 00,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/10 14:16:14 | 00,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/10 14:15:54 | 00,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/10 14:15:44 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/10 14:15:32 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/10 14:15:28 | 00,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/10 14:15:12 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/10 14:14:08 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/10 14:14:06 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/12/03 14:11:50 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 08:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 08:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/04/04 14:07:06 | 00,000,268 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/03/05 18:28:48 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2007/12/13 09:50:10 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\Sheldon\Application Data\LecShare Pro.rdb
[2007/12/10 21:32:18 | 00,565,248 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2007/12/08 18:28:58 | 00,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2007/12/08 18:28:55 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\IC32.INI
[2007/12/08 18:26:16 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMAdvDVD.ini
[2007/10/13 01:30:20 | 00,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/10/08 16:41:41 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007/10/08 16:41:41 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007/09/23 12:42:14 | 00,004,958 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xnwfyhdk.mld
[2007/09/10 15:42:06 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007/09/10 15:42:06 | 00,000,341 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007/07/18 11:24:49 | 00,000,581 | ---- | C] () -- C:\Documents and Settings\Sheldon\Application Data\AutoGK.ini
[2007/07/10 09:10:12 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/04/07 15:53:26 | 01,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2007/03/10 17:47:51 | 00,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9869p2now.sys
[2006/12/12 08:24:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/11/20 22:18:15 | 00,001,466 | ---- | C] () -- C:\WINDOWS\ULEAD.INI
[2006/11/17 08:26:24 | 00,004,492 | ---- | C] () -- C:\Documents and Settings\Sheldon\Application Data\wklnhst.dat
[2006/09/08 11:44:53 | 00,000,157 | ---- | C] () -- C:\WINDOWS\WISE.INI
[2006/08/08 23:47:56 | 00,000,066 | ---- | C] () -- C:\WINDOWS\Ahead DVD Ripper.INI
[2006/07/24 19:15:06 | 00,001,357 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/22 22:34:10 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\astro32.dll
[2006/07/13 16:42:30 | 00,433,664 | ---- | C] () -- C:\WINDOWS\System32\TBS32.DLL
[2006/06/17 13:03:41 | 00,000,029 | ---- | C] () -- C:\WINDOWS\coolacm.ini
[2006/05/27 14:59:57 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\Sheldon\Local Settings\Application Data\fusioncache.dat
[2006/05/11 15:10:05 | 00,039,742 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/05/11 13:20:46 | 00,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2006/05/11 13:20:45 | 00,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/07 10:07:39 | 00,199,680 | ---- | C] () -- C:\Documents and Settings\Sheldon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/02 13:24:01 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/05/11 20:02:36 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/11 20:02:36 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/11 20:02:35 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/11 20:02:35 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/11 20:02:35 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/11 20:02:35 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/11 19:49:08 | 00,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/12 00:33:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 05:16:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 05:10:08 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/10/15 14:54:04 | 00,160,768 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/08/17 08:58:50 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[1999/01/27 12:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/07/10 23:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/10 23:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/10 23:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/06/13 06:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
< End of report >

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:11 AM

Posted 22 December 2009 - 08:15 PM

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#11 bayareaguy

bayareaguy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 27 December 2009 - 01:35 PM

Happy Holidays!

ComboFix 09-12-26.05 - Sheldon 12/27/2009 10:18:43.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.170 [GMT -8:00]
Running from: c:\documents and settings\Sheldon\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091227-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db
c:\windows\regsvr32.exe
c:\windows\unins000.dat
c:\windows\unins000.exe

.
((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.

2009-12-22 04:57 . 2009-12-22 04:57 -------- d-----w- C:\_OTL
2009-12-22 04:16 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-22 04:16 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-22 04:16 . 2009-12-22 04:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-22 03:59 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-22 03:59 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-22 03:59 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-22 03:59 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-22 03:59 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-22 03:59 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-22 03:59 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-22 03:59 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-22 03:58 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-22 03:58 . 2009-12-22 03:58 -------- d-----w- c:\program files\Alwil Software
2009-12-07 03:57 . 2009-12-07 03:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-07 03:57 . 2009-12-07 03:57 28696928 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe
2009-12-07 03:56 . 2009-12-07 03:56 3106632 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\MyPalsPlugin.exe
2009-12-07 03:56 . 2009-12-07 03:57 -------- d-----w- c:\program files\LeapFrog
2009-12-07 03:56 . 2009-12-07 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Leapfrog
2009-11-28 20:32 . 2009-11-28 20:32 -------- d-----w- c:\windows\system32\custom matrices
2009-11-28 20:30 . 2009-11-28 20:30 -------- d-----w- c:\windows\system32\QuickTime
2009-11-28 20:29 . 2009-11-28 20:34 -------- d-----w- c:\windows\system32\C2MP
2009-11-28 19:26 . 2009-11-28 19:26 -------- d-----w- c:\program files\Veoh Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 05:24 . 2006-08-17 04:41 -------- d-----w- c:\documents and settings\Sheldon\Application Data\dvdcss
2009-12-19 02:44 . 2009-11-24 16:35 -------- d-----w- c:\program files\Common Files\AOL
2009-12-19 02:40 . 2009-11-06 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-19 02:37 . 2009-11-06 19:50 -------- d-----w- c:\documents and settings\Sheldon\Application Data\skypePM
2009-12-15 09:43 . 2009-10-18 18:09 -------- d-----w- c:\program files\WeFi
2009-11-24 16:35 . 2009-11-24 16:35 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-11-24 04:34 . 2009-11-24 04:34 1669 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_Pavilion ZV6100 (EC356UA#ABA)_YN_0Pavi_QCND6111PGZ_E393291001_46_I3085_SHP_V42.3B_BF.1B_T051011_WXH2_L409_M511_J80_7AMD_8Athlon 64_91_#050511_N10EC8139_(EC356UA#ABA)_XMOBILE_CN10_Z10024378_2F.1B.MRK
2009-11-24 04:17 . 2008-08-16 19:58 -------- d-----w- c:\program files\CPQ
2009-11-24 04:16 . 2005-05-12 03:37 -------- d-----w- c:\program files\HPQ
2009-11-24 04:15 . 2005-05-12 04:02 -------- d-----w- c:\program files\InterVideo
2009-11-24 04:10 . 2009-11-24 04:10 -------- d-----w- c:\program files\CONEXANT
2009-11-24 04:09 . 2005-05-12 03:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-10 06:34 . 2007-01-16 22:16 -------- d-----w- c:\documents and settings\Sheldon\Application Data\Azureus
2009-11-08 16:42 . 2007-07-08 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-08 16:41 . 2007-07-08 18:27 -------- d-----w- c:\program files\McAfee
2009-11-08 16:17 . 2009-11-08 16:17 -------- d-----w- c:\program files\Trend Micro
2009-11-08 05:14 . 2009-11-08 05:14 -------- d-----w- c:\documents and settings\Sheldon\Application Data\Malwarebytes
2009-11-08 05:14 . 2009-11-08 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-07 06:52 . 2009-11-07 05:24 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-07 05:05 . 2005-05-12 04:06 -------- d-----w- c:\program files\Google
2009-11-07 05:03 . 2009-11-07 05:00 -------- d-----w- c:\program files\iTunes
2009-11-07 05:01 . 2009-11-07 05:01 -------- d-----w- c:\program files\iPod
2009-11-07 05:01 . 2009-10-02 16:46 -------- d-----w- c:\program files\Common Files\Apple
2009-11-07 04:36 . 2009-11-07 04:36 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-07 04:25 . 2009-11-07 04:23 -------- d-----w- c:\program files\Safari
2009-11-06 19:50 . 2009-11-06 19:50 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-03 01:25 . 2009-11-01 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2009-11-01 23:07 . 2009-11-01 22:47 -------- d-----w- c:\documents and settings\Sheldon\Application Data\ArcSoft
2009-11-01 22:46 . 2009-11-01 22:46 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-11-01 22:46 . 2009-11-01 22:46 -------- d-----w- c:\program files\ArcSoft
2009-10-29 02:05 . 2006-05-06 21:43 114016 ----a-w- c:\documents and settings\Sheldon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-29 01:54 . 2008-05-21 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-29 01:41 . 2009-10-29 01:16 -------- d-----w- c:\documents and settings\Sheldon\Application Data\GetRightToGo
2009-10-27 23:22 . 2009-10-27 23:22 4835652 ----a-w- c:\windows\system32\libavcodec.dll
2009-10-27 23:16 . 2009-10-27 23:16 1632375 ----a-w- c:\windows\system32\ffmpegmt.dll
2009-10-27 23:16 . 2009-10-27 23:16 611638 ----a-w- c:\windows\system32\libmplayer.dll
2009-10-27 23:10 . 2009-10-27 23:10 143872 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2009-10-27 22:46 . 2009-10-27 22:46 248320 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2009-10-27 22:28 . 2009-10-27 22:28 324096 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2009-10-16 23:58 . 2009-10-16 23:58 183296 ----a-w- c:\windows\system32\ff_samplerate.dll
2009-10-16 23:57 . 2009-10-16 23:57 146944 ----a-w- c:\windows\system32\ff_tremor.dll
2009-10-16 23:04 . 2009-10-16 23:04 178688 ----a-w- c:\windows\system32\ff_libmad.dll
2009-10-16 23:04 . 2009-10-16 23:04 113152 ----a-w- c:\windows\system32\ff_unrar.dll
2009-10-16 23:03 . 2009-10-16 23:03 257024 ----a-w- c:\windows\system32\ff_libdts.dll
2009-10-16 23:03 . 2009-10-16 23:03 142848 ----a-w- c:\windows\system32\ff_liba52.dll
2009-10-16 23:03 . 2009-10-16 23:03 484864 ----a-w- c:\windows\system32\ff_libfaad2.dll
2009-10-16 20:53 . 2009-10-16 20:53 100864 ----a-w- c:\windows\system32\ff_wmv9.dll
2009-10-16 20:53 . 2009-10-16 20:53 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-16 19:40 . 2009-10-16 19:40 957047 ----a-w- c:\windows\system32\ff_x264.dll
2009-10-16 19:38 . 2009-10-16 19:38 914464 ----a-w- c:\windows\system32\xvidcore.dll
.

------- Sigcheck -------

[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys

[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\kbdclass.sys

[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\system32\drivers\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll

[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe

[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll

[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\system32\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[7] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
[7] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\rpcss.dll

[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\system32\services.exe

[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll

[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\system32\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 08:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll

[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\system32\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB935839$\kernel32.dll

[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll

[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll

[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\system32\mswsock.dll

[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll

[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 582A8DBAA58C3B1F176EB2817DAEE77C . 2180352 . . [5.1.2600.3093] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2007-02-28 . 582A8DBAA58C3B1F176EB2817DAEE77C . 2180352 . . [5.1.2600.3093] . . c:\windows\system32\ntoskrnl.exe
[-] 2007-02-28 . 582A8DBAA58C3B1F176EB2817DAEE77C . 2180352 . . [5.1.2600.3093] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2004-08-04 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll

[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll

[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll

[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\system32\dllcache\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe

[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll

[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll

[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll

[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe

[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll

[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll

[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll

[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll

[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . 515D30E2C90A3665A2739309334C9283 . 2057600 . . [5.1.2600.3093] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2007-02-28 . 515D30E2C90A3665A2739309334C9283 . 2057600 . . [5.1.2600.3093] . . c:\windows\system32\ntkrnlpa.exe
[-] 2007-02-28 . 515D30E2C90A3665A2739309334C9283 . 2057600 . . [5.1.2600.3093] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2004-08-04 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

[-] 2004-08-04 08:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll

[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\dllcache\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-08_16.55.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-27 05:22 . 2009-12-27 05:22 16384 c:\windows\temp\Perflib_Perfdata_684.dat
+ 2009-11-24 04:09 . 2004-06-28 10:35 69760 c:\windows\system32\ReinstallBackups\0008\DriverFiles\Rtlnicxp.sys
+ 2009-11-24 04:31 . 2004-08-04 07:14 52736 c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\i8042prt.sys
+ 2009-11-24 04:08 . 2004-08-04 08:00 23552 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\wdmaud.drv
+ 2009-11-24 04:08 . 2004-08-04 07:08 48640 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\stream.sys
+ 2009-11-24 04:08 . 2004-08-04 07:08 60288 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\drmk.sys
+ 2009-11-24 04:08 . 2005-03-15 16:14 28672 c:\windows\system32\ReinstallBackups\0006\DriverFiles\ciaunwdm.exe
+ 2009-11-24 04:08 . 2005-03-15 16:14 11589 c:\windows\system32\ReinstallBackups\0006\DriverFiles\CAUDINST.dll
+ 2009-11-24 04:08 . 2005-03-15 16:14 37760 c:\windows\system32\ReinstallBackups\0006\DriverFiles\camc6aud.sys
+ 2009-11-24 04:10 . 2005-03-22 14:39 13059 c:\windows\system32\ReinstallBackups\0005\DriverFiles\MDMXSDK.SYS
- 2008-08-16 19:27 . 2005-03-22 14:39 13059 c:\windows\system32\ReinstallBackups\0005\DriverFiles\MDMXSDK.SYS
+ 2009-11-24 04:10 . 2005-03-22 14:39 86016 c:\windows\system32\ReinstallBackups\0005\DriverFiles\MDMXSDK.DLL
- 2008-08-16 19:27 . 2005-03-22 14:39 86016 c:\windows\system32\ReinstallBackups\0005\DriverFiles\MDMXSDK.DLL
+ 2009-11-24 04:10 . 2005-03-22 14:39 39018 c:\windows\system32\ReinstallBackups\0005\DriverFiles\HSFCI012.DLL
- 2008-08-16 19:27 . 2005-03-22 14:39 39018 c:\windows\system32\ReinstallBackups\0005\DriverFiles\HSFCI012.DLL
+ 2008-06-08 22:58 . 2008-06-08 22:58 60273 c:\windows\system32\pthreadGC2.dll
- 2004-08-07 13:10 . 2009-11-07 03:32 63930 c:\windows\system32\perfc009.dat
+ 2004-08-07 13:10 . 2009-11-24 04:15 63930 c:\windows\system32\perfc009.dat
+ 2009-01-10 22:14 . 2009-01-10 22:14 79360 c:\windows\system32\mkzlib.dll
+ 2009-01-10 22:14 . 2009-01-10 22:14 23552 c:\windows\system32\mkunicode.dll
- 2007-07-25 21:30 . 2009-09-11 07:41 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2007-07-25 21:30 . 2009-11-12 20:48 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2004-04-09 02:16 . 2004-04-09 02:16 99688 c:\windows\system32\Macromed\Flash\GetFlash.exe
- 2006-05-08 00:04 . 2004-08-04 06:08 26496 c:\windows\system32\drivers\USBSTOR.SYS
+ 2006-05-08 00:04 . 2004-08-04 07:08 26496 c:\windows\system32\drivers\USBSTOR.SYS
+ 2004-08-04 08:00 . 2004-08-04 06:59 36352 c:\windows\system32\drivers\disk.sys
- 2004-08-04 08:00 . 2004-08-04 05:59 36352 c:\windows\system32\drivers\disk.sys
+ 2008-08-05 21:59 . 2008-08-05 21:59 57344 c:\windows\system32\dpv11.dll
- 2007-03-27 07:49 . 2007-03-27 07:49 57344 c:\windows\system32\dpv11.dll
+ 2009-05-01 21:02 . 2009-05-01 21:02 90112 c:\windows\system32\dpl100.dll
+ 2008-05-25 14:39 . 2008-05-25 14:39 13824 c:\windows\system32\C2MP\StatsReader.exe
+ 2002-12-12 00:14 . 2002-12-12 00:14 13312 c:\windows\system32\C2MP\msdmo.dll
+ 2002-06-12 16:52 . 2002-06-12 16:52 23040 c:\windows\system32\C2MP\MiniCalc.exe
+ 2009-05-01 21:02 . 2009-05-01 21:02 69632 c:\windows\system32\C2MP\DivXConfig.exe
+ 2007-02-01 23:19 . 2007-02-01 23:19 28088 c:\windows\system32\bass_wv.dll
+ 2007-02-01 23:19 . 2007-02-01 23:19 18888 c:\windows\system32\bass_mpc.dll
+ 2007-02-01 23:19 . 2007-02-01 23:19 23616 c:\windows\system32\bass_flac.dll
+ 2007-02-01 23:19 . 2007-02-01 23:19 33240 c:\windows\system32\bass_ape.dll
+ 2007-02-01 23:19 . 2007-02-01 23:19 12784 c:\windows\system32\bass_alac.dll
+ 2007-02-01 23:19 . 2007-02-01 23:19 92728 c:\windows\system32\bass.dll
+ 2009-01-10 22:15 . 2009-01-10 22:15 97280 c:\windows\system32\avs.dll
+ 2009-08-11 20:21 . 2009-08-11 20:21 87552 c:\windows\system32\ac3config.exe
+ 2009-11-24 04:31 . 2003-06-06 19:46 5220 c:\windows\system32\ReinstallBackups\0007\DriverFiles\EabUsb.sys
+ 2009-11-24 04:31 . 2004-04-14 15:36 7432 c:\windows\system32\ReinstallBackups\0007\DriverFiles\eabfiltr.sys
+ 2009-11-24 04:08 . 2004-08-04 08:56 4096 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\ksuser.dll
+ 2003-12-26 19:26 . 2003-12-26 19:26 9216 c:\windows\system32\C2MP\OGMCalc.exe
+ 2004-03-04 20:00 . 2004-03-04 20:00 6144 c:\windows\system32\C2MP\AviC.exe
+ 2007-02-01 23:19 . 2007-02-01 23:19 8664 c:\windows\system32\bass_tta.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 11:54 . 2008-07-29 11:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-12-03 22:11 . 2008-12-03 22:11 180224 c:\windows\system32\xvidvfw.dll
+ 2008-08-26 22:11 . 2008-08-26 22:11 987136 c:\windows\system32\VSFilter.dll
+ 2004-12-10 09:03 . 2004-12-10 09:03 438272 c:\windows\system32\vp6vfw.dll
+ 2009-01-10 22:17 . 2009-01-10 22:17 163840 c:\windows\system32\ts.dll
+ 2009-05-01 21:02 . 2009-05-01 21:02 200704 c:\windows\system32\ssldivx.dll
- 2007-03-27 07:55 . 2007-03-27 07:55 200704 c:\windows\system32\ssldivx.dll
+ 2009-11-24 04:08 . 2004-12-18 00:13 145920 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\portcls.sys
+ 2009-11-24 04:08 . 2004-08-04 07:15 140928 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\ks.sys
+ 2009-11-24 04:08 . 2005-03-15 16:14 346496 c:\windows\system32\ReinstallBackups\0006\DriverFiles\camc6hal.sys
- 2008-08-16 19:27 . 2005-03-22 14:39 561152 c:\windows\system32\ReinstallBackups\0005\DriverFiles\HXFSETUP.EXE
+ 2009-11-24 04:10 . 2005-03-22 14:39 561152 c:\windows\system32\ReinstallBackups\0005\DriverFiles\HXFSETUP.EXE
+ 2009-11-24 04:10 . 2005-03-22 14:39 200192 c:\windows\system32\ReinstallBackups\0005\DriverFiles\HSFHWATI.SYS
- 2008-08-16 19:27 . 2005-03-22 14:39 200192 c:\windows\system32\ReinstallBackups\0005\DriverFiles\HSFHWATI.SYS
- 2008-08-16 19:27 . 2005-03-22 14:39 703232 c:\windows\system32\ReinstallBackups\0005\DriverFiles\HSF_CNXT.SYS
+ 2009-11-24 04:10 . 2005-03-22 14:39 703232 c:\windows\system32\ReinstallBackups\0005\DriverFiles\HSF_CNXT.SYS
- 2004-08-07 13:10 . 2009-11-07 03:32 406896 c:\windows\system32\perfh009.dat
+ 2004-08-07 13:10 . 2009-11-24 04:15 406896 c:\windows\system32\perfh009.dat
+ 2004-04-20 22:00 . 2004-04-20 22:00 172032 c:\windows\system32\OptimFROG.dll
+ 2009-01-10 22:15 . 2009-01-10 22:15 120832 c:\windows\system32\ogm.dll
+ 2009-01-10 22:16 . 2009-01-10 22:16 141312 c:\windows\system32\mp4.dll
+ 2009-01-10 22:15 . 2009-01-10 22:15 159744 c:\windows\system32\mmfinfo.dll
+ 2009-01-10 22:16 . 2009-01-10 22:16 148480 c:\windows\system32\mkx.dll
+ 2009-01-10 22:15 . 2009-01-10 22:15 135168 c:\windows\system32\mkv2vfr.exe
+ 2007-07-05 01:33 . 2007-07-05 01:33 892928 c:\windows\system32\iconv.dll
+ 2009-01-10 22:16 . 2009-01-10 22:16 335872 c:\windows\system32\gdsmux.exe
+ 2009-01-10 22:15 . 2009-01-10 22:15 246784 c:\windows\system32\dxr.dll
- 2007-03-27 07:49 . 2007-03-27 07:49 196608 c:\windows\system32\dtu100.dll
+ 2008-08-05 21:59 . 2008-08-05 21:59 196608 c:\windows\system32\dtu100.dll
+ 2009-01-10 22:15 . 2009-01-10 22:15 103424 c:\windows\system32\dsmux.exe
+ 2005-05-12 04:01 . 2005-04-04 16:25 160768 c:\windows\system32\drivers\tifm21.sys
- 2005-04-04 16:25 . 2005-04-04 16:25 160768 c:\windows\system32\drivers\tifm21.sys
+ 2008-08-05 21:59 . 2008-08-05 21:59 344064 c:\windows\system32\dpus11.dll
- 2007-03-27 07:49 . 2007-03-27 07:49 344064 c:\windows\system32\dpus11.dll
+ 2008-08-05 21:59 . 2008-08-05 21:59 593920 c:\windows\system32\dpuGUI11.dll
- 2007-03-27 07:49 . 2007-03-27 07:49 593920 c:\windows\system32\dpuGUI11.dll
+ 2008-08-05 21:59 . 2008-08-05 21:59 294912 c:\windows\system32\dpu11.dll
- 2007-03-27 07:49 . 2007-03-27 07:49 294912 c:\windows\system32\dpu11.dll
+ 2009-05-01 21:03 . 2009-05-01 21:03 528384 c:\windows\system32\DivXsm.exe
+ 2009-05-01 21:02 . 2009-05-01 21:02 685056 c:\windows\system32\DivX.dll
+ 2009-11-04 01:58 . 2009-11-04 01:58 241342 c:\windows\system32\C2MP\Uninst.exe
+ 2009-11-04 01:58 . 2009-11-04 01:58 237995 c:\windows\system32\C2MP\Un_Parts.exe
+ 2009-11-04 01:56 . 2009-11-04 01:56 234691 c:\windows\system32\C2MP\Set_Defaults.exe
+ 2007-02-19 15:28 . 2007-02-19 15:28 117974 c:\windows\system32\C2MP\GSpot27.dat
+ 2007-02-22 20:08 . 2007-02-22 20:08 925696 c:\windows\system32\C2MP\GSpot.exe
+ 2007-02-01 23:19 . 2007-02-01 23:19 150520 c:\windows\system32\bass_aac.dll
+ 2009-01-10 22:15 . 2009-01-10 22:15 102400 c:\windows\system32\avss.dll
+ 2009-01-10 22:16 . 2009-01-10 22:16 108032 c:\windows\system32\avi.dll
+ 2009-12-07 03:58 . 2009-12-07 03:58 842752 c:\windows\Installer\42cde9f0.msi
+ 2009-11-24 16:35 . 2009-11-24 16:35 122880 c:\windows\Installer\290ea2e.msi
+ 2006-11-20 19:04 . 2006-11-20 19:04 117088 c:\windows\Downloaded Program Files\CONFLICT.1\PURen-us.dll
+ 2009-08-19 19:55 . 2009-08-19 19:55 829288 c:\windows\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll
+ 2008-11-06 16:37 . 2008-11-06 16:37 1585664 c:\windows\system32\VC80CRTRedist.msi
+ 2009-11-24 04:10 . 2005-03-22 14:39 1038208 c:\windows\system32\ReinstallBackups\0005\DriverFiles\HSF_DP.SYS
- 2008-08-16 19:27 . 2005-03-22 14:39 1038208 c:\windows\system32\ReinstallBackups\0005\DriverFiles\HSF_DP.SYS
- 2007-03-27 07:55 . 2007-03-27 07:55 3596288 c:\windows\system32\qt-dx331.dll
+ 2008-11-06 16:37 . 2008-11-06 16:37 3596288 c:\windows\system32\qt-dx331.dll
+ 2009-05-01 21:02 . 2009-05-01 21:02 1044480 c:\windows\system32\libdivx.dll
- 2007-03-27 07:55 . 2007-03-27 07:55 1044480 c:\windows\system32\libdivx.dll
+ 2009-05-12 18:46 . 2009-05-12 18:46 1650992 c:\windows\system32\C2MP\npdivx32.dll
+ 2009-12-07 03:58 . 2009-12-07 03:58 7610880 c:\windows\Installer\42cde9eb.msi
- 2005-05-12 03:48 . 2009-01-12 02:13 2220544 c:\windows\Hewlett-Packard\Setup Files\HP Software Update\{77C7D65D-7F07-4F6B-95DE-3D893B08E7FF}\HP Software Update.msi
+ 2005-05-12 03:48 . 2009-11-24 04:17 2220544 c:\windows\Hewlett-Packard\Setup Files\HP Software Update\{77C7D65D-7F07-4F6B-95DE-3D893B08E7FF}\HP Software Update.msi
- 2005-05-12 04:07 . 2009-01-12 02:14 20034560 c:\windows\Downloaded Installations\{EA6652A6-343E-4645-AF84-0BACF426C950}\iTunes.msi
+ 2005-05-12 04:07 . 2009-11-24 04:18 20034560 c:\windows\Downloaded Installations\{EA6652A6-343E-4645-AF84-0BACF426C950}\iTunes.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 19:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Sheldon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-13 133104]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-11-20 2590456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-23 339968]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-12 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-10 122880]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-10 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iVisit\\iVisit.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/21/2009 7:59 PM 114768]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [10/18/2009 10:06 AM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [10/18/2009 10:07 AM 234888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/21/2009 7:59 PM 20560]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/16/2008 11:24 AM 200192]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [8/16/2006 8:40 PM 16512]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 1:10 PM 32512]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: ohlone.edu\mail
FF - ProfilePath - c:\documents and settings\Sheldon\Application Data\Mozilla\Firefox\Profiles\w857tg6r.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - plugin: c:\documents and settings\Sheldon\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.
- - - - ORPHANS REMOVED - - - -

AddRemove-{184EB198-1DBA-46DB-B728-7A5FC13D5C2B}_is1 - c:\windows\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-27 10:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?7?8?9??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-12-27 10:33:40
ComboFix-quarantined-files.txt 2009-12-27 18:33
ComboFix2.txt 2009-11-08 17:04
ComboFix3.txt 2009-11-07 03:40

Pre-Run: 35,496,198,144 bytes free
Post-Run: 35,628,179,456 bytes free

- - End Of File - - 716A71F3409716C7DD9F77C009EC23F6

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:11 AM

Posted 27 December 2009 - 04:49 PM

Happy holidays to you too.


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 17.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Then run another quick scan with MBAM.


Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • Kaspersky report
  • MBAM log
  • New OTL log
Thanks

unite.jpg


#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:11 AM

Posted 31 December 2009 - 01:00 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users