Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect and Bogus Virus Notification


  • This topic is locked This topic is locked
15 replies to this topic

#1 SATCFI

SATCFI

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 14 December 2009 - 11:46 PM

When I search with any search engine and attempt to selecte one of the hits, I am redirected to another site, often another search engine. Often times I instead get a bogus virus warning I cannot get out of without killing the internet connection via Task Manager.

Here are the logs I was reguested to run.



DDS (Ver_09-12-01.01) - NTFSx86
Run by Brad marcum at 22:35:05.65 on Mon 12/14/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.165 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\ActivCard\acachsrv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\acautoup.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Brad marcum\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ModemOnHold] c:\program files\netwaiting\NetWaiting.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [acEventServ] "c:\program files\activcard\activcard gold\acevtsrv.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [iProtectYou] "c:\windows\system32\ip.exe" -h
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\activcard\activcard gold\agquickp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} - hxxp://bridge.item2.naver.com/music/cab/nbgm.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242618824765
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5094/mcfscan.cab
TCP: {4D7BAFA2-C2F0-4024-9B66-B16C71435655} = 12.127.16.67,12.127.17.71
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: acAuth - acauth.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bradma~1\applic~1\mozilla\firefox\profiles\1s5bnptq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\brad marcum\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDBsignWeb.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-2 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 74480]
R2 ACachSrv;ActivCard Authentication Service;c:\program files\common files\activcard\acachsrv.exe [2002-12-17 135168]
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\common files\activcard\acautoreg.exe [2002-11-29 53248]
R2 acautoupdate;ActivCard Auto-Update Service;c:\program files\common files\activcard\acautoup.exe [2003-3-24 36864]
R2 Accoca;ActivCard Gold service;c:\program files\common files\activcard\accoca.exe [2002-8-12 159744]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-8-17 276816]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files\rosettastoneltdservices\RosettaStoneLtdController.exe [2007-10-31 354648]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-8-17 19160]
S0 adwarealert;adwarealert;c:\windows\system32\drivers\adwarealert.sys --> c:\windows\system32\drivers\adwarealert.sys [?]
S3 cxbu0wdm;CardMan 1021;c:\windows\system32\drivers\cxbu0wdm.sys [2006-7-11 84608]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [2002-11-7 181875]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [2004-4-6 64088]

=============== Created Last 30 ================

2009-12-14 21:57:12 87552 ----a-w- c:\windows\system32\VACFix.exe
2009-12-14 21:57:12 82944 ----a-w- c:\windows\system32\IEDFix.C.exe
2009-12-14 21:57:12 82432 ----a-w- c:\windows\system32\404Fix.exe
2009-12-14 21:57:12 80384 ----a-w- c:\windows\system32\o4Patch.exe
2009-12-14 21:57:12 78336 ----a-w- c:\windows\system32\Agent.OMZ.Fix.exe
2009-12-14 21:57:12 75776 ----a-w- c:\windows\system32\WS2Fix.exe
2009-12-14 21:57:12 53248 ----a-w- c:\windows\system32\Process.exe
2009-12-11 23:42:48 0 d-----w- c:\documents and settings\brad marcum\DoctorWeb
2009-12-07 03:08:49 0 d-----w- c:\program files\common files\Scanner
2009-12-07 03:08:43 0 d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-12-05 14:09:09 0 dc-h--w- c:\windows\ie8
2009-11-26 02:36:24 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-26 02:31:58 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-19 00:42:15 0 d-sh--w- c:\documents and settings\brad marcum\IECompatCache

==================== Find3M ====================

2009-12-15 03:52:47 7724 ----a-w- c:\windows\system32\mssip.dat
2009-12-15 03:45:11 4544 ----a-w- c:\windows\system32\tmp.reg
2009-12-14 05:34:21 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-14 05:34:21 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-12-03 22:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 22:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 02:36:13 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-28 14:40:47 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-10-02 04:44:07 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2007-01-12 01:15:11 88 --sh--r- c:\windows\system32\27A12F420E.sys
2007-01-12 01:15:31 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-02 23:52:04 32768 --sha-w- c:\windows\system32\config\systemprofile\application data\microsoft\internet explorer\userdata\index.dat
2008-09-01 01:25:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083120080901\index.dat

============= FINISH: 22:36:56.89 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 chamber

chamber

    Bleepin' Geek


  • Members
  • 329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:~/
  • Local time:08:36 AM

Posted 15 December 2009 - 03:51 AM

Hi,

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU


#3 SATCFI

SATCFI
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 17 December 2009 - 09:15 PM

OK,
I ran OTL and have pasted the logs below. When I started GMER I ran out of time and had to leave town. My wife monitored it and it took almost 40 hours. When she attempted to save the file, the computer locked and had to be turned off. I attempted to run it again and got a blue screen and this:

"A problem has been detected and windows has been shut down to prevent damage to your computer. The problem seems to be caused by the following file: pxtdqgpob.sys"

I attempted to run in safe mode, but I got a blue screen with an error notice and was unable to start in safe mode. So I was unable to run GMER.

Best regards,

Brad

OTL logfile created on: 12/15/2009 7:34:03 AM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Brad marcum\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 278.46 Mb Available Physical Memory | 27.45% Memory free
2.38 Gb Paging File | 1.78 Gb Available in Paging File | 74.53% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.83 Gb Total Space | 31.56 Gb Free Space | 46.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRAD
Current User Name: Brad marcum
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Brad marcum\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe (Rosetta Stone Ltd.)
PRC - C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe (Rosetta Stone Ltd.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\LxrJD31s.exe ()
PRC - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe (Logitech Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
PRC - C:\WINDOWS\system32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\system32\BCMWLTRY.EXE (Dell Inc.)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe (ActivCard)
PRC - C:\Program Files\Common Files\ActivCard\acautoup.exe (ActivCard S.A.)
PRC - C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe (ActivCard)
PRC - C:\Program Files\Common Files\ActivCard\acachsrv.exe (ActivCard)
PRC - C:\Program Files\Common Files\ActivCard\acautoreg.exe (ActivCard S.A.)
PRC - C:\Program Files\Common Files\ActivCard\accoca.exe (ActivCard)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Brad marcum\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MSSQL$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (NWCWorkstation) -- C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
SRV - (RosettaStoneLtdController) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe (Rosetta Stone Ltd.)
SRV - (LxrJD31s) -- C:\WINDOWS\System32\LxrJD31s.exe ()
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (wltrysvc) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (SQLAgent$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (acautoupdate) -- C:\Program Files\Common Files\ActivCard\acautoup.exe (ActivCard S.A.)
SRV - (ACachSrv) -- C:\Program Files\Common Files\ActivCard\acachsrv.exe (ActivCard)
SRV - (acautoreg) -- C:\Program Files\Common Files\ActivCard\acautoreg.exe (ActivCard S.A.)
SRV - (Accoca) -- C:\Program Files\Common Files\ActivCard\accoca.exe (ActivCard)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (NWRDR) -- C:\WINDOWS\system32\drivers\nwrdr.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (LxrJD31d) -- C:\WINDOWS\system32\drivers\LxrJD31d.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys ()
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (cxbu0wdm) -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys (OMNIKEY)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SCR33X USB Smart Card Reader) -- C:\WINDOWS\system32\drivers\SCR33X2K.sys (SCM Microsystems Inc.)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (SCR131C) -- C:\WINDOWS\system32\drivers\SCR131C.sys (SCM Microsystems Inc.)
DRV - (usbcm) -- C:\WINDOWS\system32\drivers\usbcm.sys (Microsystems Corp)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7171
FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/31 18:12:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/29 19:27:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/29 19:27:14 | 00,000,000 | ---D | M]

[2009/07/11 19:20:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\Mozilla\Extensions
[2009/12/13 15:06:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\Mozilla\Firefox\Profiles\1s5bnptq.default\extensions
[2009/09/09 18:42:53 | 00,000,000 | ---D | M] (Auto Copy) -- C:\Documents and Settings\Brad marcum\Application Data\Mozilla\Firefox\Profiles\1s5bnptq.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2009/09/06 18:11:46 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Brad marcum\Application Data\Mozilla\Firefox\Profiles\1s5bnptq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/11 19:25:27 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Brad marcum\Application Data\Mozilla\Firefox\Profiles\1s5bnptq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/07/11 19:20:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (789 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [acEventServ] C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe (ActivCard)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iProtectYou] C:\WINDOWS\System32\ip.exe (SoftForYou)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe File not found
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe ()
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivCard Gold Smart Card Agent.lnk = C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe (ActivCard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.lizardtech.com/download/files/w...ntrol_en_US.cab (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} http://bridge.item2.naver.com/music/cab/nbgm.cab (Gogs Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1242618824765 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...094/mcfscan.cab (McFreeScan Class)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\acAuth: DllName - acauth.dll - C:\WINDOWS\System32\acauth.dll (ActivCard)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{d376fafe-2afc-11dc-940a-0018f3d82be6}\Shell\AutoRun\command - "" = E:\JDSecure\Windows\JDSecure31.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 04:22:48 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
NetSvcs: Nwsapagent - File not found
NetSvcs: fyphhfvk - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {0e8d0700-75df-11d3-8b4a-0008c7450c4a} - Reg Error: Value error.
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/12/14 22:38:15 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Brad marcum\Desktop\RootRepeal.exe
[2009/12/14 15:57:12 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/12/14 15:57:12 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/12/14 15:57:12 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/12/14 15:57:12 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/12/14 15:57:12 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/12/14 15:57:12 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/12/14 15:57:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad marcum\Desktop\SmitfraudFix
[2009/12/13 19:42:54 | 25,065,392 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Brad marcum\Desktop\j5eteedj.exe
[2009/12/13 16:50:53 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Brad marcum\Desktop\ATF-Cleaner.exe
[2009/12/11 17:42:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad marcum\DoctorWeb
[2009/12/11 16:51:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\Threat Expert
[2009/12/11 10:24:38 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Brad marcum\Recent
[2009/12/06 21:08:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2009/12/06 21:08:43 | 00,000,000 | ---D | C] -- C:\Program Files\CA Yahoo! Anti-Spy
[2009/12/05 08:09:09 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/12/04 17:21:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\dpvpym
[2009/11/25 20:36:24 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/11/25 20:31:58 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/11/25 19:20:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/25 18:05:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\bjqmbt
[2009/11/18 18:42:15 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Brad marcum\IECompatCache
[2009/11/16 14:20:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad marcum\Desktop\Citabria 7ECA Gainsville
[2009/01/04 17:09:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2009/01/04 17:09:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2009/01/04 17:09:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/01/04 17:01:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008/08/31 19:29:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/08/06 16:35:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/12/11 19:53:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\PIE Service
[2006/12/09 22:34:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2005/08/16 04:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/08/16 04:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/08/16 04:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/15 07:32:27 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\~$wnload OTL to your desktop.doc
[2009/12/15 07:31:25 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\Download OTL to your desktop.doc
[2009/12/14 22:38:52 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\settings.dat
[2009/12/14 22:38:17 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Brad marcum\Desktop\RootRepeal.exe
[2009/12/14 22:34:18 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\dds.scr
[2009/12/14 21:53:17 | 00,000,430 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/12/14 21:53:12 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/14 21:52:47 | 00,007,724 | ---- | M] () -- C:\WINDOWS\System32\mssip.dat
[2009/12/14 21:52:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/14 21:52:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/14 21:52:32 | 10,637,14816 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/14 21:51:20 | 04,980,736 | -H-- | M] () -- C:\Documents and Settings\Brad marcum\NTUSER.DAT
[2009/12/14 21:51:20 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Brad marcum\ntuser.ini
[2009/12/14 21:51:17 | 04,240,656 | -H-- | M] () -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\IconCache.db
[2009/12/14 21:50:40 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\smitfraud instructions.doc
[2009/12/14 21:45:11 | 00,004,544 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/12/14 21:45:02 | 00,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/14 17:56:31 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\Bleeping Computer answer.doc
[2009/12/14 16:06:14 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\SASW.doc
[2009/12/14 15:56:53 | 01,872,472 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\SmitfraudFix.exe
[2009/12/14 05:40:30 | 00,000,484 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\DrWeb.csv
[2009/12/14 01:06:44 | 00,000,516 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Brad marcum.job
[2009/12/13 23:34:21 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2009/12/13 19:42:54 | 25,065,392 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Brad marcum\Desktop\j5eteedj.exe
[2009/12/13 19:19:22 | 00,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/13 19:01:05 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\Scan with Dr.doc
[2009/12/13 16:50:54 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Brad marcum\Desktop\ATF-Cleaner.exe
[2009/12/13 15:43:14 | 00,109,922 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\Sangs 2009 cosmetology certificate.pdf
[2009/12/09 17:00:15 | 00,463,768 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/09 17:00:15 | 00,080,730 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/09 17:00:14 | 00,554,366 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/07 21:20:11 | 00,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Brad marcum.job
[2009/12/06 21:04:34 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\CCleaner.lnk
[2009/12/05 10:47:39 | 04,668,928 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\911_Aerial_Photos.ppt
[2009/12/04 17:24:22 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\Songs.doc
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/28 19:53:11 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/26 12:05:02 | 00,056,315 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\refueler1.pdf
[2009/11/26 11:50:52 | 22,905,860 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\skybolt operating limitations.pdf
[2009/11/26 11:47:14 | 19,710,790 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\skybolt logbook.pdf
[2009/11/26 11:42:46 | 00,029,333 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\Skybolt Manual.pdf
[2009/11/25 20:36:18 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/11/25 20:36:13 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/11/25 20:31:56 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/11/25 18:56:32 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/25 16:58:45 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Brad marcum\My Documents\owners gainsville texas.doc
[2009/11/22 16:50:45 | 00,236,618 | ---- | M] () -- C:\Documents and Settings\Brad marcum\My Documents\Vectors to final.pdf
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/15 07:32:27 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\~$wnload OTL to your desktop.doc
[2009/12/15 07:31:25 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\Download OTL to your desktop.doc
[2009/12/14 22:38:52 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\settings.dat
[2009/12/14 22:34:16 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\dds.scr
[2009/12/14 21:52:32 | 10,637,14816 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/14 21:36:19 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\smitfraud instructions.doc
[2009/12/14 16:06:14 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\SASW.doc
[2009/12/14 16:04:58 | 00,046,592 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\Bleeping Computer answer.doc
[2009/12/14 15:57:12 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/12/14 15:56:53 | 01,872,472 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\SmitfraudFix.exe
[2009/12/14 05:40:30 | 00,000,484 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\DrWeb.csv
[2009/12/13 19:01:05 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\Scan with Dr.doc
[2009/12/13 15:43:14 | 00,109,922 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\Sangs 2009 cosmetology certificate.pdf
[2009/12/05 10:47:39 | 04,668,928 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\911_Aerial_Photos.ppt
[2009/12/04 17:24:20 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\Songs.doc
[2009/11/26 12:05:02 | 00,056,315 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\refueler1.pdf
[2009/11/26 11:49:43 | 22,905,860 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\skybolt operating limitations.pdf
[2009/11/26 11:46:35 | 19,710,790 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\skybolt logbook.pdf
[2009/11/26 11:42:46 | 00,029,333 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\Skybolt Manual.pdf
[2009/11/25 20:31:56 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/11/25 16:58:45 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Brad marcum\My Documents\owners gainsville texas.doc
[2009/11/22 16:50:44 | 00,236,618 | ---- | C] () -- C:\Documents and Settings\Brad marcum\My Documents\Vectors to final.pdf
[2009/07/06 17:06:04 | 00,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/06/11 17:27:16 | 00,000,785 | ---- | C] () -- C:\WINDOWS\GARMINWT.INI
[2009/05/21 10:58:56 | 00,000,217 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/18 07:09:08 | 00,004,834 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\E9867627-A188-440D-942C-D2076A5CBB6D.txt
[2009/04/10 16:54:51 | 00,170,496 | ---- | C] () -- C:\WINDOWS\System32\libssh2.dll
[2007/12/29 09:54:54 | 00,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/07/08 07:21:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2007/07/08 07:21:08 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2007/07/08 07:21:08 | 00,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys
[2007/07/08 07:21:08 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2007/06/12 17:30:43 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\msfffff2b7.dll
[2007/06/12 17:30:35 | 00,000,968 | ---- | C] () -- C:\WINDOWS\System32\ms102a.dll
[2007/03/20 08:42:49 | 00,001,129 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2007/03/11 18:37:48 | 00,000,304 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Application Data\wklnhst.dat
[2007/02/06 16:45:04 | 00,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/02/06 16:42:40 | 01,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2007/01/25 21:39:10 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2007/01/03 18:27:22 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/25 14:42:13 | 00,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/25 14:42:13 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\27A12F420E.sys
[2006/12/25 14:41:28 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/09 19:36:55 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\fusioncache.dat
[2006/11/26 20:58:21 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/26 20:48:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/26 20:38:54 | 00,003,552 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/26 20:05:24 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/11/26 20:05:14 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/11/26 20:05:10 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/11/26 20:05:02 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/07/04 05:17:22 | 00,010,229 | ---- | C] () -- C:\WINDOWS\System32\cmdiag.ini
[2006/03/20 10:53:58 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\chksvrn.dll
[2006/02/03 07:42:44 | 00,000,142 | ---- | C] () -- C:\WINDOWS\System32\cmabout.ini
[2005/08/16 04:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 14:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/12 07:25:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/13 08:17:00 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\cmabout.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/28 18:23:16 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\aclibeay.dll

========== LOP Check ==========

[2007/08/10 21:45:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ante four vga mfcd
[2007/08/10 21:45:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mfcd upload army browse
[2008/03/23 15:43:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
[2009/12/11 17:10:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/11/26 20:44:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/03/16 18:54:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/10/09 11:49:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/12 10:18:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/25 20:32:07 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2008/07/19 18:55:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\CarryItEasy
[2007/03/13 13:08:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\DBsign
[2009/05/28 17:38:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\GetRightToGo
[2006/12/17 13:33:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\Leadertech
[2007/03/11 18:37:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\Template
[2006/12/17 13:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\WildTangent
[2009/05/28 17:39:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\Xilisoft Corporation
[2009/04/18 08:18:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\ygdqybyx
[2009/12/13 19:19:22 | 00,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-12-13 22:30:05


< MD5 for: AGP440.SYS >
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2009/12/13 23:34:21 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2009/12/13 23:34:21 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/13 18:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 18:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/10 05:00:00 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\i386\autochk.exe
[2004/08/10 05:00:00 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2004/08/10 05:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\i386\beep.sys
[2004/08/10 05:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004/08/10 05:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 05:26:03 | 01,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: IMM32.DLL >
[2008/04/13 18:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/13 18:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/10 05:00:00 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\i386\imm32.dll
[2004/08/10 05:00:00 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >
[2007/04/16 10:07:27 | 00,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2006/07/05 04:57:10 | 00,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC76CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[2007/04/16 09:52:53 | 00,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 08:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 08:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/13 18:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2006/07/05 04:55:01 | 00,984,064 | ---- | M] (Microsoft Corporation) MD5=D8DB5397DE07577C1CB50BA6D23B3AD4 -- C:\i386\kernel32.dll
[2009/03/21 07:59:23 | 00,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 11:41:10 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 11:36:11 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/10 05:00:00 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\i386\mswsock.dll
[2008/06/20 11:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 11:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 11:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 18:12:01 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 11:43:05 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 13:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2009/04/17 22:46:00 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/10 05:00:00 | 00,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\i386\ndis.sys
[2004/08/10 05:00:00 | 00,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/09 05:23:36 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2007/02/09 05:10:35 | 00,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2008/04/13 13:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 13:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/10 05:00:00 | 00,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\i386\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/13 18:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 18:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/10 05:00:00 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\i386\ntmssvc.dll
[2004/08/10 05:00:00 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/10 05:00:00 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\i386\proquota.exe
[2004/08/10 05:00:00 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 18:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 18:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/10 05:00:00 | 00,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\i386\qmgr.dll
[2004/08/10 05:00:00 | 00,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 18:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 18:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 18:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/10 05:00:00 | 01,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\i386\sfcfiles.dll
[2004/08/10 05:00:00 | 01,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 18:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 18:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2005/06/10 18:17:13 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/13 18:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/13 18:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\system32\spoolsv.exe
[2005/06/10 17:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\i386\spoolsv.exe
[2005/06/10 17:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/13 18:12:07 | 00,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 18:12:07 | 00,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/10 05:00:00 | 00,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\i386\srsvc.dll
[2004/08/10 05:00:00 | 00,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 18:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 18:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/10 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2005/03/09 19:49:52 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=C29A5286E64D97385178452D5F307B98 -- C:\i386\termsrv.dll
[2005/03/09 19:49:52 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=C29A5286E64D97385178452D5F307B98 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/13 18:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 18:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/10 05:00:00 | 00,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/10 05:00:00 | 00,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 18:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 18:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/04/13 18:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 18:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/10 05:00:00 | 00,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\i386\ws2_32.dll
[2004/08/10 05:00:00 | 00,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/13 18:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 18:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/10 05:00:00 | 00,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\i386\xmlprov.dll
[2004/08/10 05:00:00 | 00,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

========== Files - Unicode (All) ==========
[2009/05/24 20:40:40 | 00,063,488 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 5 17 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 5 17 09.doc
[2009/05/24 20:40:39 | 00,063,488 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 5 17 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 5 17 09.doc
[2009/05/14 21:06:16 | 00,062,976 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 2009 0504.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 2009 0504.doc
[2009/05/14 21:06:15 | 00,062,976 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 2009 0504.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 2009 0504.doc
[2009/04/27 21:39:55 | 00,060,928 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 4 13 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 4 13 09.doc
[2009/04/27 21:39:54 | 00,060,928 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 4 13 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 4 13 09.doc
[2009/04/27 21:32:25 | 00,060,928 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 3 16 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 3 16 09.doc
[2009/04/04 23:02:46 | 00,035,840 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\???? (???).doc) -- C:\Documents and Settings\Brad marcum\Desktop\할렐루야 (기도문).doc
[2009/04/04 20:50:35 | 00,035,840 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\???? (???).doc) -- C:\Documents and Settings\Brad marcum\Desktop\할렐루야 (기도문).doc
[2009/04/04 07:00:01 | 00,016,896 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\???? ??? ??.xls) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무 다락방 헌금.xls
[2009/04/04 07:00:01 | 00,016,896 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\???? ??? ??.xls) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무 다락방 헌금.xls
[2009/03/08 12:41:15 | 00,060,928 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 3 16 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 3 16 09.doc
[2009/03/08 12:38:50 | 00,060,416 | ---- | M] ()(C:\Documents and Settings\Brad marcum\My Documents\????-??? ??? Form.doc) -- C:\Documents and Settings\Brad marcum\My Documents\좋은나무-다락방 보고서 Form.doc
[2009/03/08 12:38:49 | 00,060,416 | ---- | C] ()(C:\Documents and Settings\Brad marcum\My Documents\????-??? ??? Form.doc) -- C:\Documents and Settings\Brad marcum\My Documents\좋은나무-다락방 보고서 Form.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


OTL Extras logfile created on: 12/15/2009 7:34:03 AM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Brad marcum\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 278.46 Mb Available Physical Memory | 27.45% Memory free
2.38 Gb Paging File | 1.78 Gb Available in Paging File | 74.53% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.83 Gb Total Space | 31.56 Gb Free Space | 46.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRAD
Current User Name: Brad marcum
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4B9B73E1-F36E-4DCE-BFCA-F1EADAF3917E}" = Weather Exchange
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{619B8475-0F48-41B7-A370-5147F7092989}" = Virtual Earth 3D (Beta)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7D2370AC-D8E6-4996-986A-19824F8A167C}" = Logitech QuickCam
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8D7F5708-73E0-4E68-B208-EF19D5933D38}" = iProtectYou
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{BE99B4DC-754E-4D40-AFA6-AB43248231EC}" = Canon Camera WIA Driver
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EB1AE258-8DDD-4F54-B2EB-AC02EC4C6FAB}" = Rosetta Stone Ltd Services
"{EBEBDE9F-78FA-4E68-820D-78CAF9DD46FF}" = SCR531 Smartcard Reader
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F489174B-CF14-4B4D-84BB-C1AD46EDB412}" = ActivCard Gold for CAC - PKI - Version 3.0 Feature Pack 1
"{F9C80FE8-DB25-4EE5-AE6D-4332FB0E8B83}" = Microsoft WorldWide Telescope
"A106663FD3361BDFACB045D83EBA03858EB1E411" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"F2F24872454C7CAEAABD8BB063F70FBEFF01989D" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"GARMIN 500 Series Trainer" = GARMIN 500 Series Trainer
"Guru Utility_is1" = Guru Utility 2.0.2.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{BE99B4DC-754E-4D40-AFA6-AB43248231EC}" = Canon PowerShot G3 WIA Driver
"JDSecure" = JD Secure 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01000" = Microsoft Kernel-Mode Driver Framework 1.0
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/5/2009 10:05:37 AM | Computer Name = BRAD | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/5/2009 10:05:37 AM | Computer Name = BRAD | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/6/2009 4:11:09 PM | Computer Name = BRAD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00010a19.

Error - 12/7/2009 5:44:21 PM | Computer Name = BRAD | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Excel.

Error - 12/7/2009 11:57:24 PM | Computer Name = BRAD | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/7/2009 11:57:28 PM | Computer Name = BRAD | Source = Application Hang | ID = 1001
Description = Fault bucket 1116954496.

Error - 12/8/2009 12:01:58 AM | Computer Name = BRAD | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/8/2009 12:02:03 AM | Computer Name = BRAD | Source = Application Hang | ID = 1001
Description = Fault bucket 1116954496.

Error - 12/8/2009 5:35:30 PM | Computer Name = BRAD | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/14/2009 11:34:07 PM | Computer Name = BRAD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x000108f3.

[ System Events ]
Error - 12/14/2009 11:39:36 PM | Computer Name = BRAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 12/14/2009 11:39:42 PM | Computer Name = BRAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/14/2009 11:43:36 PM | Computer Name = BRAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 12/14/2009 11:48:34 PM | Computer Name = BRAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 12/14/2009 11:49:42 PM | Computer Name = BRAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 12/14/2009 11:51:09 PM | Computer Name = BRAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 12/14/2009 11:51:18 PM | Computer Name = BRAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/14/2009 11:53:00 PM | Computer Name = BRAD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/14/2009 11:53:00 PM | Computer Name = BRAD | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/14/2009 11:53:05 PM | Computer Name = BRAD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
adwarealert


< End of report >

#4 chamber

chamber

    Bleepin' Geek


  • Members
  • 329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:~/
  • Local time:08:36 AM

Posted 18 December 2009 - 03:16 AM

Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
    O33 - MountPoints2\{d376fafe-2afc-11dc-940a-0018f3d82be6}\Shell\AutoRun\command - "" = E:\JDSecure\Windows\JDSecure31.exe -- File not found
    [2009/12/14 15:57:12 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
    [2009/12/14 15:57:12 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
    [2009/12/14 15:57:12 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
    [2009/12/14 15:57:12 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
    [2009/12/14 15:57:12 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
    [2009/12/14 15:57:12 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
    [2009/12/14 15:57:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad marcum\Desktop\SmitfraudFix
    [2009/11/25 18:05:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\bjqmbt
    [2009/04/18 08:18:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\ygdqybyx
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Download ComboFix from here:

Link 1

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link HERE

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Edited by chamber, 18 December 2009 - 03:17 AM.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU


#5 SATCFI

SATCFI
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 18 December 2009 - 05:02 PM

OTL logfile created on: 12/18/2009 3:27:09 PM - Run 2
OTL by OldTimer - Version 3.1.18.0 Folder = C:\Documents and Settings\Brad marcum\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 315.07 Mb Available Physical Memory | 31.06% Memory free
2.38 Gb Paging File | 1.79 Gb Available in Paging File | 74.93% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.83 Gb Total Space | 31.90 Gb Free Space | 47.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRAD
Current User Name: Brad marcum
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Brad marcum\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe (Rosetta Stone Ltd.)
PRC - C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe (Rosetta Stone Ltd.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\LxrJD31s.exe ()
PRC - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe (Logitech Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
PRC - C:\WINDOWS\system32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\system32\BCMWLTRY.EXE (Dell Inc.)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe (ActivCard)
PRC - C:\Program Files\Common Files\ActivCard\acautoup.exe (ActivCard S.A.)
PRC - C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe (ActivCard)
PRC - C:\Program Files\Common Files\ActivCard\acachsrv.exe (ActivCard)
PRC - C:\Program Files\Common Files\ActivCard\acautoreg.exe (ActivCard S.A.)
PRC - C:\Program Files\Common Files\ActivCard\accoca.exe (ActivCard)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Brad marcum\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MSSQL$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (NWCWorkstation) -- C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
SRV - (RosettaStoneLtdController) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe (Rosetta Stone Ltd.)
SRV - (LxrJD31s) -- C:\WINDOWS\System32\LxrJD31s.exe ()
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (wltrysvc) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (SQLAgent$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (acautoupdate) -- C:\Program Files\Common Files\ActivCard\acautoup.exe (ActivCard S.A.)
SRV - (ACachSrv) -- C:\Program Files\Common Files\ActivCard\acachsrv.exe (ActivCard)
SRV - (acautoreg) -- C:\Program Files\Common Files\ActivCard\acautoreg.exe (ActivCard S.A.)
SRV - (Accoca) -- C:\Program Files\Common Files\ActivCard\accoca.exe (ActivCard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7171
FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/31 18:12:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/29 19:27:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/29 19:27:14 | 00,000,000 | ---D | M]

[2009/07/11 19:20:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\Mozilla\Extensions
[2009/12/13 15:06:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\Mozilla\Firefox\Profiles\1s5bnptq.default\extensions
[2009/09/09 18:42:53 | 00,000,000 | ---D | M] (Auto Copy) -- C:\Documents and Settings\Brad marcum\Application Data\Mozilla\Firefox\Profiles\1s5bnptq.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2009/09/06 18:11:46 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Brad marcum\Application Data\Mozilla\Firefox\Profiles\1s5bnptq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/11 19:25:27 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Brad marcum\Application Data\Mozilla\Firefox\Profiles\1s5bnptq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/07/11 19:20:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (789 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [acEventServ] C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe (ActivCard)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iProtectYou] C:\WINDOWS\System32\ip.exe (SoftForYou)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe File not found
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe ()
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivCard Gold Smart Card Agent.lnk = C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe (ActivCard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.lizardtech.com/download/files/w...ntrol_en_US.cab (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} http://bridge.item2.naver.com/music/cab/nbgm.cab (Gogs Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1242618824765 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...094/mcfscan.cab (McFreeScan Class)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\acAuth: DllName - acauth.dll - C:\WINDOWS\System32\acauth.dll (ActivCard)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/18 15:25:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad marcum\Desktop\12 18 09
[2009/12/18 15:22:43 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/18 15:21:44 | 00,564,736 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brad marcum\Desktop\OTL.exe
[2009/12/18 15:11:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad marcum\Desktop\Virus Logs
[2009/12/11 17:42:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad marcum\DoctorWeb
[2009/12/11 16:51:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\Threat Expert
[2009/12/11 10:24:38 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Brad marcum\Recent
[2009/12/06 21:08:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2009/12/06 21:08:43 | 00,000,000 | ---D | C] -- C:\Program Files\CA Yahoo! Anti-Spy
[2009/12/05 08:09:09 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/12/04 17:21:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\dpvpym
[2009/01/04 17:09:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2009/01/04 17:09:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2009/01/04 17:09:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/01/04 17:01:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008/08/31 19:29:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/08/06 16:35:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/12/11 19:53:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\PIE Service
[2006/12/09 22:34:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2005/08/16 04:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/08/16 04:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/08/16 04:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/18 15:25:59 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/18 15:25:35 | 00,000,430 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/12/18 15:25:05 | 00,007,724 | ---- | M] () -- C:\WINDOWS\System32\mssip.dat
[2009/12/18 15:24:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/18 15:24:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/18 15:24:50 | 10,637,14816 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/18 15:24:14 | 04,980,736 | -H-- | M] () -- C:\Documents and Settings\Brad marcum\NTUSER.DAT
[2009/12/18 15:24:06 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Brad marcum\ntuser.ini
[2009/12/18 15:21:45 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brad marcum\Desktop\OTL.exe
[2009/12/18 15:18:36 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\~$ 18 instructions.doc
[2009/12/18 15:15:04 | 03,857,212 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\KittyFix.exe
[2009/12/17 19:47:56 | 04,314,876 | -H-- | M] () -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\IconCache.db
[2009/12/15 08:02:16 | 00,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Brad marcum.job
[2009/12/15 07:32:27 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\~$wnload OTL to your desktop.doc
[2009/12/14 22:38:52 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\settings.dat
[2009/12/14 21:45:11 | 00,004,544 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/12/14 21:45:02 | 00,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/14 16:06:14 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\SASW.doc
[2009/12/14 01:06:44 | 00,000,516 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Brad marcum.job
[2009/12/13 19:19:22 | 00,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/13 15:43:14 | 00,109,922 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\Sangs 2009 cosmetology certificate.pdf
[2009/12/09 17:00:15 | 00,463,768 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/09 17:00:15 | 00,080,730 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/09 17:00:14 | 00,554,366 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/06 21:04:34 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\CCleaner.lnk
[2009/12/05 10:47:39 | 04,668,928 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\911_Aerial_Photos.ppt
[2009/12/04 17:24:22 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\Songs.doc
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/18 15:18:36 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\~$ 18 instructions.doc
[2009/12/18 15:14:52 | 03,857,212 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\KittyFix.exe
[2009/12/15 07:32:27 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\~$wnload OTL to your desktop.doc
[2009/12/14 22:38:52 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\settings.dat
[2009/12/14 21:52:32 | 10,637,14816 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/14 16:06:14 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\SASW.doc
[2009/12/14 15:57:12 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/12/13 15:43:14 | 00,109,922 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\Sangs 2009 cosmetology certificate.pdf
[2009/12/05 10:47:39 | 04,668,928 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\911_Aerial_Photos.ppt
[2009/12/04 17:24:20 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\Songs.doc
[2009/07/06 17:06:04 | 00,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/06/11 17:27:16 | 00,000,785 | ---- | C] () -- C:\WINDOWS\GARMINWT.INI
[2009/05/21 10:58:56 | 00,000,217 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/18 07:09:08 | 00,004,834 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\E9867627-A188-440D-942C-D2076A5CBB6D.txt
[2009/04/10 16:54:51 | 00,170,496 | ---- | C] () -- C:\WINDOWS\System32\libssh2.dll
[2007/12/29 09:54:54 | 00,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/07/08 07:21:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2007/07/08 07:21:08 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2007/07/08 07:21:08 | 00,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys
[2007/07/08 07:21:08 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2007/06/12 17:30:43 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\msfffff2b7.dll
[2007/06/12 17:30:35 | 00,000,968 | ---- | C] () -- C:\WINDOWS\System32\ms102a.dll
[2007/03/20 08:42:49 | 00,001,129 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2007/03/11 18:37:48 | 00,000,304 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Application Data\wklnhst.dat
[2007/02/06 16:45:04 | 00,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/02/06 16:42:40 | 01,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2007/01/25 21:39:10 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2007/01/03 18:27:22 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/25 14:42:13 | 00,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/25 14:42:13 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\27A12F420E.sys
[2006/12/25 14:41:28 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/09 19:36:55 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\fusioncache.dat
[2006/11/26 20:58:21 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/26 20:48:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/26 20:38:54 | 00,003,552 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/26 20:05:24 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/11/26 20:05:14 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/11/26 20:05:10 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/11/26 20:05:02 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/07/04 05:17:22 | 00,010,229 | ---- | C] () -- C:\WINDOWS\System32\cmdiag.ini
[2006/03/20 10:53:58 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\chksvrn.dll
[2006/02/03 07:42:44 | 00,000,142 | ---- | C] () -- C:\WINDOWS\System32\cmabout.ini
[2005/08/16 04:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 14:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/12 07:25:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/13 08:17:00 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\cmabout.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/28 18:23:16 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\aclibeay.dll

========== LOP Check ==========

[2007/08/10 21:45:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ante four vga mfcd
[2007/08/10 21:45:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mfcd upload army browse
[2008/03/23 15:43:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
[2009/12/11 17:10:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/11/26 20:44:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/03/16 18:54:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/10/09 11:49:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/12 10:18:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/25 20:32:07 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2008/07/19 18:55:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\CarryItEasy
[2007/03/13 13:08:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\DBsign
[2009/05/28 17:38:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\GetRightToGo
[2006/12/17 13:33:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\Leadertech
[2007/03/11 18:37:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\Template
[2006/12/17 13:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\WildTangent
[2009/05/28 17:39:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\Xilisoft Corporation
[2009/12/13 19:19:22 | 00,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/05/24 20:40:40 | 00,063,488 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 5 17 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 5 17 09.doc
[2009/05/24 20:40:39 | 00,063,488 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 5 17 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 5 17 09.doc
[2009/05/14 21:06:16 | 00,062,976 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 2009 0504.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 2009 0504.doc
[2009/05/14 21:06:15 | 00,062,976 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 2009 0504.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 2009 0504.doc
[2009/04/27 21:39:55 | 00,060,928 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 4 13 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 4 13 09.doc
[2009/04/27 21:39:54 | 00,060,928 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 4 13 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 4 13 09.doc
[2009/04/27 21:32:25 | 00,060,928 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 3 16 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 3 16 09.doc
[2009/04/04 23:02:46 | 00,035,840 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\???? (???).doc) -- C:\Documents and Settings\Brad marcum\Desktop\할렐루야 (기도문).doc
[2009/04/04 20:50:35 | 00,035,840 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\???? (???).doc) -- C:\Documents and Settings\Brad marcum\Desktop\할렐루야 (기도문).doc
[2009/04/04 07:00:01 | 00,016,896 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\???? ??? ??.xls) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무 다락방 헌금.xls
[2009/04/04 07:00:01 | 00,016,896 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\???? ??? ??.xls) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무 다락방 헌금.xls
[2009/03/08 12:41:15 | 00,060,928 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 3 16 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 3 16 09.doc
[2009/03/08 12:38:50 | 00,060,416 | ---- | M] ()(C:\Documents and Settings\Brad marcum\My Documents\????-??? ??? Form.doc) -- C:\Documents and Settings\Brad marcum\My Documents\좋은나무-다락방 보고서 Form.doc
[2009/03/08 12:38:49 | 00,060,416 | ---- | C] ()(C:\Documents and Settings\Brad marcum\My Documents\????-??? ??? Form.doc) -- C:\Documents and Settings\Brad marcum\My Documents\좋은나무-다락방 보고서 Form.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

ComboFix 09-12-17.03 - Brad marcum 12/18/2009 15:42:51.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.575 [GMT -6:00]
Running from: c:\documents and settings\Brad marcum\Desktop\KittyFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common
c:\program files\Common\_helper.sig
c:\windows\kb913800.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\nfr.assembly
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :(
.
((((((((((((((((((((((((( Files Created from 2009-11-18 to 2009-12-18 )))))))))))))))))))))))))))))))
.

2009-12-18 21:22 . 2009-12-18 21:22 -------- d-----w- C:\_OTL
2009-12-11 23:42 . 2009-12-12 00:21 -------- d-----w- c:\documents and settings\Brad marcum\DoctorWeb
2009-12-11 22:51 . 2009-12-11 22:51 -------- d-----w- c:\documents and settings\Brad marcum\Local Settings\Application Data\Threat Expert
2009-12-07 03:08 . 2009-12-07 03:08 -------- d-----w- c:\program files\Common Files\Scanner
2009-12-07 03:08 . 2009-12-07 03:32 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-12-05 14:09 . 2009-12-05 14:10 -------- dc-h--w- c:\windows\ie8
2009-12-05 00:00 . 2009-12-05 00:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-04 23:25 . 2009-12-04 23:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-04 23:21 . 2009-12-05 01:27 -------- d-----w- c:\documents and settings\Brad marcum\Local Settings\Application Data\dpvpym
2009-11-26 02:36 . 2009-11-26 02:36 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-26 02:31 . 2009-11-26 02:32 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-26 01:20 . 2009-12-11 23:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-19 00:42 . 2009-11-19 00:42 -------- d-sh--w- c:\documents and settings\Brad marcum\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-18 21:53 . 2009-10-12 18:51 -------- d-----w- c:\documents and settings\Brad marcum\Application Data\Skype
2009-12-18 21:51 . 2007-06-12 23:30 7724 ----a-w- c:\windows\system32\mssip.dat
2009-12-18 21:25 . 2009-06-18 02:49 -------- d-----w- c:\documents and settings\Brad marcum\Application Data\skypePM
2009-12-14 22:07 . 2009-11-26 02:39 117760 ----a-w- c:\documents and settings\Brad marcum\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-14 05:34 . 2004-08-04 04:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-11 23:10 . 2009-05-18 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-08 03:29 . 2009-05-18 02:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-08 03:21 . 2008-11-24 22:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-08 03:19 . 2009-09-19 13:00 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-03 22:14 . 2009-08-17 22:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 22:13 . 2009-08-17 22:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 02:38 . 2007-12-28 03:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-26 02:35 . 2009-07-03 03:47 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-26 02:35 . 2009-07-03 03:47 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-26 02:35 . 2009-07-03 03:47 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-26 02:35 . 2009-07-03 03:47 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-26 02:34 . 2009-09-25 03:48 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-26 02:34 . 2009-07-03 03:47 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-26 02:34 . 2009-07-03 03:47 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-26 02:34 . 2009-07-03 03:47 1638640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-26 02:34 . 2009-07-03 03:47 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-26 02:34 . 2009-07-03 03:47 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-26 01:01 . 2008-02-03 22:34 -------- d-----w- c:\documents and settings\Brad marcum\Application Data\Move Networks
2009-11-17 01:38 . 2009-11-17 01:38 127325 ----a-w- c:\documents and settings\Brad marcum\Application Data\Move Networks\uninstall.exe
2009-11-17 01:38 . 2009-08-13 19:21 4187512 ----a-w- c:\documents and settings\Brad marcum\Application Data\Move Networks\plugins\npqmp071505000011.dll
2009-11-07 22:53 . 2006-11-27 02:44 -------- d-----w- c:\program files\Yahoo!
2009-11-05 01:10 . 2009-11-05 01:10 -------- d-----w- c:\documents and settings\Brad marcum\Application Data\Yahoo!
2009-11-02 21:58 . 2009-11-02 21:55 -------- d-----w- c:\program files\iTunes
2009-11-02 21:56 . 2009-11-02 21:56 -------- d-----w- c:\program files\iPod
2009-11-02 21:56 . 2009-03-09 21:52 -------- d-----w- c:\program files\Common Files\Apple
2009-11-02 21:48 . 2009-11-02 21:48 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 07:45 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2005-08-16 10:18 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2005-08-16 10:18 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 05:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-16 00:55 . 2006-11-27 02:57 86120 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-13 10:30 . 2005-08-16 10:18 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2005-08-16 10:18 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2005-08-16 10:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-03 08:15 . 2009-11-26 02:31 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-09-25 03:48 . 2009-09-25 03:48 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-09-25 03:48 . 2009-09-25 03:48 68640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-09-25 03:48 . 2009-09-25 03:48 303976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-09-25 03:48 . 2009-07-03 03:47 640760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-09-23 12:55 . 2009-07-03 03:48 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2007-01-12 01:15 . 2006-12-25 20:42 88 --sh--r- c:\windows\system32\27A12F420E.sys
2007-01-12 01:15 . 2006-12-25 20:42 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-11-29 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2008-11-29 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ModemOnHold"="c:\program files\NetWaiting\NetWaiting.exe" [2008-08-28 20480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"acEventServ"="c:\program files\ActivCard\ActivCard Gold\acevtsrv.exe" [2003-07-01 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-03 774233]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-03 429392]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-11-26 788880]
"iProtectYou"="c:\windows\system32\ip.exe" [2003-03-03 958464]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivCard Gold Smart Card Agent.lnk - c:\program files\ActivCard\ActivCard Gold\agquickp.exe [2003-3-19 147456]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-11-26 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-11-26 02:38 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acAuth]
2002-12-17 16:11 65536 ----a-w- c:\windows\system32\acauth.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/2/2009 9:48 PM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 12:53 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 11:39 AM 74480]
R2 ACachSrv;ActivCard Authentication Service;c:\program files\Common Files\ActivCard\acachsrv.exe [12/17/2002 7:38 AM 135168]
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\Common Files\ActivCard\acautoreg.exe [11/29/2002 1:43 PM 53248]
R2 acautoupdate;ActivCard Auto-Update Service;c:\program files\Common Files\ActivCard\acautoup.exe [3/24/2003 12:39 PM 36864]
R2 Accoca;ActivCard Gold service;c:\program files\Common Files\ActivCard\accoca.exe [8/12/2002 3:54 PM 159744]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 5:17 AM 1184912]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/17/2009 4:30 PM 276816]
R2 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files\RosettaStoneLtdServices\RosettaStoneLtdController.exe [10/31/2007 2:11 PM 354648]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/17/2009 4:29 PM 19160]
S0 adwarealert;adwarealert;c:\windows\system32\DRIVERS\adwarealert.sys --> c:\windows\system32\DRIVERS\adwarealert.sys [?]
S3 cxbu0wdm;CardMan 1021;c:\windows\system32\drivers\cxbu0wdm.sys [7/11/2006 8:03 AM 84608]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [11/7/2002 3:04 AM 181875]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [4/6/2004 3:24 AM 64088]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fyphhfvk
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
TCP: {4D7BAFA2-C2F0-4024-9B66-B16C71435655} = 12.127.16.67,12.127.17.71
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} - hxxp://bridge.item2.naver.com/music/cab/nbgm.cab
FF - ProfilePath - c:\documents and settings\Brad marcum\Application Data\Mozilla\Firefox\Profiles\1s5bnptq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\Brad marcum\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-18 15:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(7084)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\stsystra.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\windows\system32\LxrJD31s.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-12-18 16:00:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-18 22:00

Pre-Run: 34,167,193,600 bytes free
Post-Run: 34,132,824,064 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 0FAEC048F14711D12A78074A7A83971F

#6 chamber

chamber

    Bleepin' Geek


  • Members
  • 329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:~/
  • Local time:08:36 AM

Posted 19 December 2009 - 06:32 AM

Hi.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    [2007/08/10 21:45:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ante four vga mfcd
    [2007/08/10 21:45:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mfcd upload army browse
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

Registry::

Driver::
fyphhfvk

NetSvc::
fyphhfvk


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 2 (Fix + Hosts)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU


#7 SATCFI

SATCFI
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 19 December 2009 - 11:48 AM

OTL logfile created on: 12/19/2009 10:10:18 AM - Run 3
OTL by OldTimer - Version 3.1.18.0 Folder = C:\Documents and Settings\Brad marcum\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 384.21 Mb Available Physical Memory | 37.88% Memory free
2.38 Gb Paging File | 1.88 Gb Available in Paging File | 78.71% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.83 Gb Total Space | 31.92 Gb Free Space | 47.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRAD
Current User Name: Brad marcum
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Brad marcum\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\threatwork.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe (Rosetta Stone Ltd.)
PRC - C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe (Rosetta Stone Ltd.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\LxrJD31s.exe ()
PRC - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe (Logitech Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
PRC - C:\WINDOWS\system32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\system32\BCMWLTRY.EXE (Dell Inc.)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe (ActivCard)
PRC - C:\Program Files\Common Files\ActivCard\acautoup.exe (ActivCard S.A.)
PRC - C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe (ActivCard)
PRC - C:\Program Files\Common Files\ActivCard\acachsrv.exe (ActivCard)
PRC - C:\Program Files\Common Files\ActivCard\acautoreg.exe (ActivCard S.A.)
PRC - C:\Program Files\Common Files\ActivCard\accoca.exe (ActivCard)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Brad marcum\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MSSQL$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (NWCWorkstation) -- C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
SRV - (RosettaStoneLtdController) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe (Rosetta Stone Ltd.)
SRV - (LxrJD31s) -- C:\WINDOWS\System32\LxrJD31s.exe ()
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (wltrysvc) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (SQLAgent$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (acautoupdate) -- C:\Program Files\Common Files\ActivCard\acautoup.exe (ActivCard S.A.)
SRV - (ACachSrv) -- C:\Program Files\Common Files\ActivCard\acachsrv.exe (ActivCard)
SRV - (acautoreg) -- C:\Program Files\Common Files\ActivCard\acautoreg.exe (ActivCard S.A.)
SRV - (Accoca) -- C:\Program Files\Common Files\ActivCard\accoca.exe (ActivCard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7171
FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/31 18:12:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/29 19:27:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/29 19:27:14 | 00,000,000 | ---D | M]

[2009/07/11 19:20:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\Mozilla\Extensions
[2009/12/18 21:38:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\Mozilla\Firefox\Profiles\1s5bnptq.default\extensions
[2009/09/09 18:42:53 | 00,000,000 | ---D | M] (Auto Copy) -- C:\Documents and Settings\Brad marcum\Application Data\Mozilla\Firefox\Profiles\1s5bnptq.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2009/09/06 18:11:46 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Brad marcum\Application Data\Mozilla\Firefox\Profiles\1s5bnptq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/11 19:25:27 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Brad marcum\Application Data\Mozilla\Firefox\Profiles\1s5bnptq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/07/11 19:20:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [acEventServ] C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe (ActivCard)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iProtectYou] C:\WINDOWS\System32\ip.exe (SoftForYou)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe ()
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivCard Gold Smart Card Agent.lnk = C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe (ActivCard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.lizardtech.com/download/files/w...ntrol_en_US.cab (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} http://bridge.item2.naver.com/music/cab/nbgm.cab (Gogs Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1242618824765 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...094/mcfscan.cab (McFreeScan Class)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\acAuth: DllName - acauth.dll - C:\WINDOWS\System32\acauth.dll (ActivCard)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/19 10:00:20 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Brad marcum\Recent
[2009/12/19 09:59:38 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/18 15:38:07 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/18 15:36:03 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/18 15:36:03 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/18 15:36:03 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/18 15:36:03 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/18 15:35:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/18 15:35:13 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/18 15:25:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad marcum\Desktop\12 18 09
[2009/12/18 15:22:43 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/18 15:21:44 | 00,564,736 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brad marcum\Desktop\OTL.exe
[2009/12/18 15:11:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad marcum\Desktop\Virus Logs
[2009/12/11 17:42:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad marcum\DoctorWeb
[2009/12/11 16:51:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\Threat Expert
[2009/12/06 21:08:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2009/12/06 21:08:43 | 00,000,000 | ---D | C] -- C:\Program Files\CA Yahoo! Anti-Spy
[2009/01/04 17:09:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2009/01/04 17:09:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2009/01/04 17:09:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/01/04 17:01:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008/08/31 19:29:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/08/06 16:35:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/12/11 19:53:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\PIE Service
[2006/12/09 22:34:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2005/08/16 04:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/08/16 04:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/08/16 04:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/19 10:09:38 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/19 10:09:32 | 00,000,430 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/12/19 10:09:09 | 00,007,724 | ---- | M] () -- C:\WINDOWS\System32\mssip.dat
[2009/12/19 10:09:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/19 10:08:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/19 10:08:58 | 10,637,14816 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/19 10:08:22 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Brad marcum\NTUSER.DAT
[2009/12/19 10:07:58 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Brad marcum\ntuser.ini
[2009/12/19 08:00:11 | 00,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Brad marcum.job
[2009/12/18 15:51:14 | 00,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/18 15:50:57 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/18 15:38:26 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/12/18 15:21:45 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brad marcum\Desktop\OTL.exe
[2009/12/18 15:18:36 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\~$ 18 instructions.doc
[2009/12/18 15:15:04 | 03,857,212 | R--- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\KittyFix.exe
[2009/12/17 19:47:56 | 04,314,876 | -H-- | M] () -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\IconCache.db
[2009/12/15 07:32:27 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\~$wnload OTL to your desktop.doc
[2009/12/14 22:38:52 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\settings.dat
[2009/12/14 16:06:14 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\SASW.doc
[2009/12/14 01:06:44 | 00,000,516 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Brad marcum.job
[2009/12/13 19:19:22 | 00,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/13 15:43:14 | 00,109,922 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\Sangs 2009 cosmetology certificate.pdf
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/12/09 17:00:15 | 00,463,768 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/09 17:00:15 | 00,080,730 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/09 17:00:14 | 00,554,366 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/06 21:04:34 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\CCleaner.lnk
[2009/12/05 10:47:39 | 04,668,928 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\911_Aerial_Photos.ppt
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/18 15:38:24 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/12/18 15:38:12 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/12/18 15:36:03 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/18 15:36:03 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/18 15:36:03 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/18 15:36:03 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/18 15:36:03 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/18 15:18:36 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\~$ 18 instructions.doc
[2009/12/18 15:14:52 | 03,857,212 | R--- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\KittyFix.exe
[2009/12/15 07:32:27 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\~$wnload OTL to your desktop.doc
[2009/12/14 22:38:52 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\settings.dat
[2009/12/14 21:52:32 | 10,637,14816 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/14 16:06:14 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\SASW.doc
[2009/12/13 15:43:14 | 00,109,922 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\Sangs 2009 cosmetology certificate.pdf
[2009/12/05 10:47:39 | 04,668,928 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\911_Aerial_Photos.ppt
[2009/07/06 17:06:04 | 00,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/06/11 17:27:16 | 00,000,785 | ---- | C] () -- C:\WINDOWS\GARMINWT.INI
[2009/05/21 10:58:56 | 00,000,217 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/18 07:09:08 | 00,004,834 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\E9867627-A188-440D-942C-D2076A5CBB6D.txt
[2009/04/10 16:54:51 | 00,170,496 | ---- | C] () -- C:\WINDOWS\System32\libssh2.dll
[2007/12/29 09:54:54 | 00,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/07/08 07:21:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2007/07/08 07:21:08 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2007/07/08 07:21:08 | 00,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys
[2007/07/08 07:21:08 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2007/06/12 17:30:43 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\msfffff2b7.dll
[2007/06/12 17:30:35 | 00,000,968 | ---- | C] () -- C:\WINDOWS\System32\ms102a.dll
[2007/03/20 08:42:49 | 00,001,129 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2007/03/11 18:37:48 | 00,000,304 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Application Data\wklnhst.dat
[2007/02/06 16:45:04 | 00,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/02/06 16:42:40 | 01,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2007/01/25 21:39:10 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2007/01/03 18:27:22 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/25 14:42:13 | 00,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/25 14:42:13 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\27A12F420E.sys
[2006/12/25 14:41:28 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/09 19:36:55 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\fusioncache.dat
[2006/11/26 20:58:21 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/26 20:48:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/26 20:38:54 | 00,003,552 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/26 20:05:24 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/11/26 20:05:14 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/11/26 20:05:10 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/11/26 20:05:02 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/07/04 05:17:22 | 00,010,229 | ---- | C] () -- C:\WINDOWS\System32\cmdiag.ini
[2006/03/20 10:53:58 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\chksvrn.dll
[2006/02/03 07:42:44 | 00,000,142 | ---- | C] () -- C:\WINDOWS\System32\cmabout.ini
[2005/08/16 04:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 14:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/12 07:25:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/13 08:17:00 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\cmabout.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/28 18:23:16 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\aclibeay.dll

========== LOP Check ==========

[2008/03/23 15:43:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
[2009/12/11 17:10:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/11/26 20:44:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/03/16 18:54:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/10/09 11:49:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/12 10:18:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/25 20:32:07 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2008/07/19 18:55:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\CarryItEasy
[2007/03/13 13:08:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\DBsign
[2009/05/28 17:38:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\GetRightToGo
[2006/12/17 13:33:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\Leadertech
[2007/03/11 18:37:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\Template
[2006/12/17 13:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\WildTangent
[2009/05/28 17:39:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\Xilisoft Corporation
[2009/12/13 19:19:22 | 00,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/05/24 20:40:40 | 00,063,488 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 5 17 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 5 17 09.doc
[2009/05/24 20:40:39 | 00,063,488 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 5 17 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 5 17 09.doc
[2009/05/14 21:06:16 | 00,062,976 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 2009 0504.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 2009 0504.doc
[2009/05/14 21:06:15 | 00,062,976 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 2009 0504.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 2009 0504.doc
[2009/04/27 21:39:55 | 00,060,928 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 4 13 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 4 13 09.doc
[2009/04/27 21:39:54 | 00,060,928 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 4 13 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 4 13 09.doc
[2009/04/27 21:32:25 | 00,060,928 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 3 16 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 3 16 09.doc
[2009/04/04 23:02:46 | 00,035,840 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\???? (???).doc) -- C:\Documents and Settings\Brad marcum\Desktop\할렐루야 (기도문).doc
[2009/04/04 20:50:35 | 00,035,840 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\???? (???).doc) -- C:\Documents and Settings\Brad marcum\Desktop\할렐루야 (기도문).doc
[2009/04/04 07:00:01 | 00,016,896 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\???? ??? ??.xls) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무 다락방 헌금.xls
[2009/04/04 07:00:01 | 00,016,896 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\???? ??? ??.xls) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무 다락방 헌금.xls
[2009/03/08 12:41:15 | 00,060,928 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 3 16 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 3 16 09.doc
[2009/03/08 12:38:50 | 00,060,416 | ---- | M] ()(C:\Documents and Settings\Brad marcum\My Documents\????-??? ??? Form.doc) -- C:\Documents and Settings\Brad marcum\My Documents\좋은나무-다락방 보고서 Form.doc
[2009/03/08 12:38:49 | 00,060,416 | ---- | C] ()(C:\Documents and Settings\Brad marcum\My Documents\????-??? ??? Form.doc) -- C:\Documents and Settings\Brad marcum\My Documents\좋은나무-다락방 보고서 Form.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

ComboFix 09-12-17.03 - Brad marcum 12/19/2009 10:28:28.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.359 [GMT -6:00]
Running from: c:\documents and settings\Brad marcum\Desktop\KittyFix.exe
Command switches used :: c:\documents and settings\Brad marcum\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FYPHHFVK


((((((((((((((((((((((((( Files Created from 2009-11-19 to 2009-12-19 )))))))))))))))))))))))))))))))
.

2009-12-18 21:22 . 2009-12-18 21:22 -------- d-----w- C:\_OTL
2009-12-11 23:42 . 2009-12-12 00:21 -------- d-----w- c:\documents and settings\Brad marcum\DoctorWeb
2009-12-11 22:51 . 2009-12-11 22:51 -------- d-----w- c:\documents and settings\Brad marcum\Local Settings\Application Data\Threat Expert
2009-12-07 03:08 . 2009-12-07 03:08 -------- d-----w- c:\program files\Common Files\Scanner
2009-12-07 03:08 . 2009-12-07 03:32 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-12-05 14:09 . 2009-12-05 14:10 -------- dc-h--w- c:\windows\ie8
2009-12-05 00:00 . 2009-12-05 00:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-04 23:25 . 2009-12-04 23:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-04 23:21 . 2009-12-05 01:27 -------- d-----w- c:\documents and settings\Brad marcum\Local Settings\Application Data\dpvpym
2009-11-26 02:39 . 2009-12-14 22:07 117760 ----a-w- c:\documents and settings\Brad marcum\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-26 02:36 . 2009-11-26 02:36 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-26 02:36 . 2009-11-26 02:36 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-26 02:36 . 2009-11-26 02:36 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-26 02:36 . 2009-11-26 02:36 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-11-26 02:36 . 2009-11-26 02:36 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-26 02:36 . 2009-11-26 02:36 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-26 02:36 . 2009-11-26 02:36 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-26 02:36 . 2009-11-26 02:36 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-26 02:31 . 2009-11-26 02:32 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-26 02:31 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-26 01:20 . 2009-12-11 23:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 16:38 . 2009-10-12 18:51 -------- d-----w- c:\documents and settings\Brad marcum\Application Data\Skype
2009-12-19 16:36 . 2007-06-12 23:30 7724 ----a-w- c:\windows\system32\mssip.dat
2009-12-19 16:09 . 2009-06-18 02:49 -------- d-----w- c:\documents and settings\Brad marcum\Application Data\skypePM
2009-12-19 15:59 . 2009-05-18 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-19 03:27 . 2007-12-28 03:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-14 05:34 . 2004-08-04 04:59 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-12-08 03:29 . 2009-05-18 02:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-08 03:21 . 2008-11-24 22:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-08 03:19 . 2009-09-19 13:00 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-03 22:14 . 2009-08-17 22:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 22:13 . 2009-08-17 22:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 02:36 . 2009-07-03 03:48 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-11-26 02:36 . 2009-07-03 03:59 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-26 02:36 . 2009-07-03 03:47 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-26 02:36 . 2009-07-03 03:47 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-11-26 02:36 . 2009-07-03 03:47 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-11-26 02:36 . 2009-07-03 03:47 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-11-26 02:36 . 2009-07-03 03:47 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-26 02:36 . 2009-07-03 03:47 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-11-26 02:35 . 2009-07-03 03:47 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-26 02:35 . 2009-07-03 03:47 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-26 02:35 . 2009-07-03 03:47 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-26 02:35 . 2009-07-03 03:47 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-26 02:34 . 2009-09-25 03:48 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-26 02:34 . 2009-07-03 03:47 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-26 02:34 . 2009-07-03 03:47 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-26 02:34 . 2009-07-03 03:47 1638640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-26 02:34 . 2009-07-03 03:47 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-26 02:34 . 2009-07-03 03:47 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-26 01:01 . 2008-02-03 22:34 -------- d-----w- c:\documents and settings\Brad marcum\Application Data\Move Networks
2009-11-17 01:38 . 2009-11-17 01:38 127325 ----a-w- c:\documents and settings\Brad marcum\Application Data\Move Networks\uninstall.exe
2009-11-17 01:38 . 2009-08-13 19:21 4187512 ----a-w- c:\documents and settings\Brad marcum\Application Data\Move Networks\plugins\npqmp071505000011.dll
2009-11-07 22:53 . 2006-11-27 02:44 -------- d-----w- c:\program files\Yahoo!
2009-11-05 01:10 . 2009-11-05 01:10 -------- d-----w- c:\documents and settings\Brad marcum\Application Data\Yahoo!
2009-11-02 21:58 . 2009-11-02 21:55 -------- d-----w- c:\program files\iTunes
2009-11-02 21:56 . 2009-11-02 21:56 -------- d-----w- c:\program files\iPod
2009-11-02 21:56 . 2009-03-09 21:52 -------- d-----w- c:\program files\Common Files\Apple
2009-11-02 21:48 . 2009-11-02 21:48 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 07:45 . 2005-08-16 10:18 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2005-08-16 10:18 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2005-08-16 10:18 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 05:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-16 00:55 . 2006-11-27 02:57 86120 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-13 10:30 . 2005-08-16 10:18 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2005-08-16 10:18 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2005-08-16 10:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-25 03:48 . 2009-09-25 03:48 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-09-25 03:48 . 2009-09-25 03:48 68640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-09-25 03:48 . 2009-09-25 03:48 303976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-09-25 03:48 . 2009-07-03 03:47 640760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-09-23 12:55 . 2009-07-03 03:48 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2007-01-12 01:15 . 2006-12-25 20:42 88 --sh--r- c:\windows\system32\27A12F420E.sys
2007-01-12 01:15 . 2006-12-25 20:42 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-11-29 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2008-11-29 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ModemOnHold"="c:\program files\NetWaiting\NetWaiting.exe" [2008-08-28 20480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"acEventServ"="c:\program files\ActivCard\ActivCard Gold\acevtsrv.exe" [2003-07-01 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-03 774233]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-03 429392]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-11-26 788880]
"iProtectYou"="c:\windows\system32\ip.exe" [2003-03-03 958464]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivCard Gold Smart Card Agent.lnk - c:\program files\ActivCard\ActivCard Gold\agquickp.exe [2003-3-19 147456]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-11-26 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-11-26 02:38 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acAuth]
2002-12-17 16:11 65536 ----a-w- c:\windows\system32\acauth.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/2/2009 9:48 PM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 12:53 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 11:39 AM 74480]
R2 ACachSrv;ActivCard Authentication Service;c:\program files\Common Files\ActivCard\acachsrv.exe [12/17/2002 7:38 AM 135168]
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\Common Files\ActivCard\acautoreg.exe [11/29/2002 1:43 PM 53248]
R2 acautoupdate;ActivCard Auto-Update Service;c:\program files\Common Files\ActivCard\acautoup.exe [3/24/2003 12:39 PM 36864]
R2 Accoca;ActivCard Gold service;c:\program files\Common Files\ActivCard\accoca.exe [8/12/2002 3:54 PM 159744]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 5:17 AM 1184912]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/17/2009 4:30 PM 276816]
R2 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files\RosettaStoneLtdServices\RosettaStoneLtdController.exe [10/31/2007 2:11 PM 354648]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/17/2009 4:29 PM 19160]
S0 adwarealert;adwarealert;c:\windows\system32\DRIVERS\adwarealert.sys --> c:\windows\system32\DRIVERS\adwarealert.sys [?]
S3 cxbu0wdm;CardMan 1021;c:\windows\system32\drivers\cxbu0wdm.sys [7/11/2006 8:03 AM 84608]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [11/7/2002 3:04 AM 181875]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [4/6/2004 3:24 AM 64088]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
TCP: {4D7BAFA2-C2F0-4024-9B66-B16C71435655} = 12.127.16.67,12.127.17.71
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} - hxxp://bridge.item2.naver.com/music/cab/nbgm.cab
FF - ProfilePath - c:\documents and settings\Brad marcum\Application Data\Mozilla\Firefox\Profiles\1s5bnptq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\Brad marcum\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(6792)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\stsystra.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\windows\system32\LxrJD31s.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-12-19 10:41:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-19 16:41
ComboFix2.txt 2009-12-18 22:00

Pre-Run: 34,238,644,224 bytes free
Post-Run: 34,109,804,544 bytes free

- - End Of File - - 099FA9B96C84EA5554F871E0989736CD


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Genuine Intel® CPU T2300 @ 1.66GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A09
USER : Brad marcum ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:67 Go (Free:31 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( Sat 12/19/2009|10:44 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[11/26/2006|20:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\GTek
[08/16/2005|04:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[11/26/2006|20:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
[11/26/2006|20:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[03/16/2009|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[10/09/2009|11:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[04/12/2009|10:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[11/25/2009|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[01/28/2007|14:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[06/26/2009|15:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[03/09/2009|15:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[11/26/2006|20:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
[11/26/2006|20:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Dell
[06/18/2009|18:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[08/09/2007|14:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[11/26/2006|20:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GTek
[11/26/2006|20:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[07/02/2009|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[08/08/2009|16:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[07/06/2009|16:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[11/24/2008|16:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[11/26/2006|20:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[07/26/2008|13:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
[02/05/2007|22:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com Personal Firewall
[05/17/2009|22:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[03/23/2008|15:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RosettaStoneLtdServices
[10/12/2009|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[12/19/2009|09:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[12/27/2007|21:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[07/04/2007|11:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
[12/11/2009|17:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[12/10/2006|08:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[11/26/2006|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\YAHOO

[01/01/2008|11:15] C:\DOCUME~1\BRADMA~1\APPLIC~1\Adobe
[05/11/2008|14:25] C:\DOCUME~1\BRADMA~1\APPLIC~1\AdobeUM
[10/09/2009|11:55] C:\DOCUME~1\BRADMA~1\APPLIC~1\Apple Computer
[07/19/2008|18:55] C:\DOCUME~1\BRADMA~1\APPLIC~1\CarryItEasy
[01/11/2007|19:17] C:\DOCUME~1\BRADMA~1\APPLIC~1\Corel
[07/29/2007|16:55] C:\DOCUME~1\BRADMA~1\APPLIC~1\CyberLink
[03/13/2007|13:08] C:\DOCUME~1\BRADMA~1\APPLIC~1\DBsign
[05/28/2009|17:38] C:\DOCUME~1\BRADMA~1\APPLIC~1\GetRightToGo
[05/03/2008|13:28] C:\DOCUME~1\BRADMA~1\APPLIC~1\Google
[11/26/2006|20:48] C:\DOCUME~1\BRADMA~1\APPLIC~1\Gtek
[02/18/2007|18:16] C:\DOCUME~1\BRADMA~1\APPLIC~1\Help
[08/16/2005|04:50] C:\DOCUME~1\BRADMA~1\APPLIC~1\Identities
[11/26/2006|20:45] C:\DOCUME~1\BRADMA~1\APPLIC~1\InstallShield
[12/17/2006|13:33] C:\DOCUME~1\BRADMA~1\APPLIC~1\Leadertech
[12/09/2006|19:54] C:\DOCUME~1\BRADMA~1\APPLIC~1\Macromedia
[11/24/2008|16:38] C:\DOCUME~1\BRADMA~1\APPLIC~1\Malwarebytes
[01/21/2007|17:01] C:\DOCUME~1\BRADMA~1\APPLIC~1\McAfee.com Personal Firewall
[05/28/2009|18:55] C:\DOCUME~1\BRADMA~1\APPLIC~1\Media Player Classic
[07/06/2009|17:01] C:\DOCUME~1\BRADMA~1\APPLIC~1\Microsoft
[11/25/2009|19:01] C:\DOCUME~1\BRADMA~1\APPLIC~1\Move Networks
[07/11/2009|19:20] C:\DOCUME~1\BRADMA~1\APPLIC~1\Mozilla
[02/28/2007|19:26] C:\DOCUME~1\BRADMA~1\APPLIC~1\Real
[12/19/2009|10:38] C:\DOCUME~1\BRADMA~1\APPLIC~1\Skype
[12/19/2009|10:09] C:\DOCUME~1\BRADMA~1\APPLIC~1\skypePM
[12/17/2006|13:33] C:\DOCUME~1\BRADMA~1\APPLIC~1\Sonic
[12/24/2006|16:37] C:\DOCUME~1\BRADMA~1\APPLIC~1\Sun
[09/06/2009|18:08] C:\DOCUME~1\BRADMA~1\APPLIC~1\SUPERAntiSpyware.com
[03/11/2007|18:37] C:\DOCUME~1\BRADMA~1\APPLIC~1\Template
[12/17/2006|13:34] C:\DOCUME~1\BRADMA~1\APPLIC~1\WildTangent
[05/28/2009|17:39] C:\DOCUME~1\BRADMA~1\APPLIC~1\Xilisoft Corporation
[11/04/2009|19:10] C:\DOCUME~1\BRADMA~1\APPLIC~1\Yahoo!

[11/26/2006|20:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Gtek
[08/16/2005|04:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[11/26/2006|20:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InstallShield
[11/26/2006|20:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[12/09/2006|22:34] C:\DOCUME~1\LOCALS~1\APPLIC~1\McAfee.com Personal Firewall
[08/16/2005|04:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[01/04/2009|17:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\Adobe
[01/04/2009|17:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
[08/16/2005|04:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[12/11/2007|19:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\PIE Service
[01/04/2009|17:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\Sun

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[12/13/2009 19:19][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[11/28/2009 19:53][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[12/14/2009 01:06][--a------] C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Brad marcum.job
[12/19/2009 08:00][--a------] C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Brad marcum.job
[12/19/2009 10:36][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/10/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[03/20/2007|08:37] C:\Program Files\ActivCard
[11/26/2006|20:45] C:\Program Files\Adobe
[05/28/2009|18:04] C:\Program Files\Agrin Free All Video Audio to Mp3 Amr Converter
[05/17/2009|20:06] C:\Program Files\Alwil Software
[03/09/2009|15:53] C:\Program Files\Apple Software Update
[11/26/2006|20:43] C:\Program Files\BAE
[04/12/2009|10:15] C:\Program Files\Bonjour
[12/06/2009|21:32] C:\Program Files\CA Yahoo! Anti-Spy
[12/25/2006|14:35] C:\Program Files\Canon
[03/23/2009|20:12] C:\Program Files\CCleaner
[12/19/2009|10:32] C:\Program Files\Common Files
[08/16/2005|04:38] C:\Program Files\ComPlus Applications
[11/26/2006|20:32] C:\Program Files\CONEXANT
[01/11/2007|19:17] C:\Program Files\Corel
[05/02/2009|15:28] C:\Program Files\Dell
[11/26/2006|20:48] C:\Program Files\Dell Support
[04/10/2009|16:55] C:\Program Files\DIFX
[05/17/2009|20:12] C:\Program Files\Enigma Software Group
[06/11/2009|17:18] C:\Program Files\GARMIN
[01/02/2007|16:50] C:\Program Files\GemMaster
[06/28/2009|18:32] C:\Program Files\Golf Guru
[06/18/2009|20:13] C:\Program Files\Google
[11/26/2006|20:44] C:\Program Files\illiminable
[07/19/2009|07:44] C:\Program Files\InstallShield Installation Information
[12/08/2009|17:44] C:\Program Files\Internet Explorer
[11/02/2009|15:56] C:\Program Files\iPod
[11/02/2009|15:58] C:\Program Files\iTunes
[11/26/2006|20:27] C:\Program Files\Java
[07/02/2009|21:45] C:\Program Files\Lavasoft
[01/27/2008|16:04] C:\Program Files\LizardTech
[08/08/2009|16:05] C:\Program Files\Logitech
[12/07/2009|21:21] C:\Program Files\Malwarebytes' Anti-Malware
[11/26/2006|20:42] C:\Program Files\McAfee
[08/31/2008|19:25] C:\Program Files\Messenger
[11/26/2006|20:46] C:\Program Files\Microsoft ActiveSync
[07/08/2009|10:41] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[08/16/2005|04:43] C:\Program Files\microsoft frontpage
[12/29/2006|16:59] C:\Program Files\Microsoft Games
[09/01/2009|15:05] C:\Program Files\Microsoft Office
[11/26/2006|20:37] C:\Program Files\Microsoft Plus! Digital Media Edition
[11/26/2006|20:37] C:\Program Files\Microsoft Plus! Photo Story 2 LE
[05/15/2008|10:35] C:\Program Files\Microsoft Research
[09/23/2009|18:40] C:\Program Files\Microsoft Silverlight
[11/26/2006|20:53] C:\Program Files\Microsoft Small Business
[11/26/2006|20:53] C:\Program Files\Microsoft SQL Server
[11/26/2006|20:46] C:\Program Files\Microsoft Visual Studio
[11/26/2006|20:53] C:\Program Files\Microsoft Visual Studio .NET 2003
[10/15/2009|19:04] C:\Program Files\Microsoft Works
[11/26/2006|20:46] C:\Program Files\Microsoft.NET
[08/31/2008|16:41] C:\Program Files\Movie Maker
[12/19/2009|10:00] C:\Program Files\Mozilla Firefox
[08/23/2009|07:34] C:\Program Files\MSBuild
[09/01/2009|15:05] C:\Program Files\MSECache
[08/16/2005|04:37] C:\Program Files\MSN
[08/16/2005|04:37] C:\Program Files\MSN Gaming Zone
[12/11/2006|10:16] C:\Program Files\MSXML 4.0
[11/26/2006|20:37] C:\Program Files\MUSICMATCH
[01/28/2008|19:10] C:\Program Files\National Instruments
[08/31/2008|16:37] C:\Program Files\NetMeeting
[08/28/2008|14:25] C:\Program Files\NetWaiting
[08/16/2005|04:38] C:\Program Files\Online Services
[08/12/2009|15:10] C:\Program Files\Outlook Express
[11/23/2008|18:18] C:\Program Files\PokerStars.NET
[10/09/2009|11:45] C:\Program Files\QuickTime
[03/06/2007|15:39] C:\Program Files\Real
[08/23/2009|07:34] C:\Program Files\Reference Assemblies
[08/16/2005|20:58] C:\Program Files\RGB
[03/12/2008|19:18] C:\Program Files\RosettaStoneLtdServices
[10/09/2009|11:38] C:\Program Files\Safari
[03/20/2007|08:42] C:\Program Files\SCM Microsystems
[11/26/2006|20:32] C:\Program Files\Sigmatel
[10/12/2009|12:51] C:\Program Files\Skype
[06/12/2007|17:30] C:\Program Files\SoftForYou
[10/14/2007|11:43] C:\Program Files\Sonic
[12/07/2009|21:29] C:\Program Files\Spybot - Search & Destroy
[12/18/2009|21:27] C:\Program Files\SUPERAntiSpyware
[11/30/2008|18:52] C:\Program Files\SwarmPlayer
[09/03/2007|15:03] C:\Program Files\Synaptics
[08/16/2005|04:50] C:\Program Files\Uninstall Information
[07/01/2007|19:49] C:\Program Files\Virtual Earth 3D
[08/10/2007|21:47] C:\Program Files\webidz
[11/23/2008|19:19] C:\Program Files\Windows Live Safety Center
[12/16/2006|22:29] C:\Program Files\Windows Media Player
[08/31/2008|16:37] C:\Program Files\Windows NT
[08/16/2005|04:37] C:\Program Files\Windows Plus
[08/16/2005|04:40] C:\Program Files\WindowsUpdate
[01/28/2008|19:10] C:\Program Files\WxEx
[01/28/2008|19:09] C:\Program Files\WxEx Installer
[08/16/2005|04:43] C:\Program Files\xerox
[11/07/2009|16:53] C:\Program Files\Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[03/20/2007|08:37] C:\Program Files\Common Files\ActivCard
[01/28/2007|14:42] C:\Program Files\Common Files\Adobe
[11/02/2009|15:56] C:\Program Files\Common Files\Apple
[11/26/2006|20:53] C:\Program Files\Common Files\Crystal Decisions
[11/26/2006|20:46] C:\Program Files\Common Files\DESIGNER
[11/26/2006|20:40] C:\Program Files\Common Files\InstallShield
[11/26/2006|20:26] C:\Program Files\Common Files\Java
[11/26/2006|20:47] C:\Program Files\Common Files\L&H
[08/16/2009|20:29] C:\Program Files\Common Files\LogiShrd
[07/06/2009|17:01] C:\Program Files\Common Files\Logitech
[11/25/2009|18:05] C:\Program Files\Common Files\Microsoft Shared
[04/18/2009|08:10] C:\Program Files\Common Files\Mozilla Shared
[08/16/2005|04:40] C:\Program Files\Common Files\MSSoap
[08/16/2005|04:33] C:\Program Files\Common Files\ODBC
[03/31/2009|18:12] C:\Program Files\Common Files\Real
[12/06/2009|21:08] C:\Program Files\Common Files\Scanner
[08/16/2005|04:40] C:\Program Files\Common Files\Services
[10/12/2009|12:51] C:\Program Files\Common Files\Skype
[10/28/2007|18:28] C:\Program Files\Common Files\Sonic Shared
[08/16/2005|04:33] C:\Program Files\Common Files\SpeechEngines
[08/31/2008|16:37] C:\Program Files\Common Files\System
[11/26/2006|20:38] C:\Program Files\Common Files\TiVo Shared
[09/06/2009|18:07] C:\Program Files\Common Files\Wise Installation Wizard
[03/31/2009|18:13] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 70 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-19 10:46:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:3][D:2]-> C:\DOCUME~1\BRADMA~1\LOCALS~1\Temp
[F:17][D:0]-> C:\DOCUME~1\BRADMA~1\Cookies
[F:10][D:3]-> C:\DOCUME~1\BRADMA~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sat 12/19/2009|10:47 - Option : [2]

--------------------\\ Scan completed at 10:47:10

#8 chamber

chamber

    Bleepin' Geek


  • Members
  • 329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:~/
  • Local time:08:36 AM

Posted 21 December 2009 - 03:46 AM

That looks better.
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • c:\windows\system32\drivers\TCPIP.SYS
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Also scan,

c:\windows\system32\dllcache\TCPIP.SYS


Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU


#9 SATCFI

SATCFI
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 21 December 2009 - 04:29 PM

VirSCAN.org Scanned Report :
Scanned time : 2009/12/21 15:08:36 (CST)
Scanner results: Scanners did not find malware!
File Name : TCPIP.SYS
File Size : 361600 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : d24ea301e2b36c4e975fd216ca85d8e7
SHA1 : fa9dc1de4881552c6b71c1bce9cfaf60a3c9db79
Online report : http://virscan.org/report/13f9884b00c951c3...b59f2ddc45.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091222010136 2009-12-22 4.13 -
AhnLab V3 2009.12.22.00 2009.12.22 2009-12-22 1.01 -
AntiVir 8.2.1.122 7.10.2.44 2009-12-21 0.26 -
Antiy 2.0.18 20091218.3500546 2009-12-18 0.12 -
Arcavir 2009 200912211248 2009-12-21 0.28 -
Authentium 5.1.1 200912211351 2009-12-21 2.21 -
AVAST! 4.7.4 091221-1 2009-12-21 0.03 -
AVG 8.5.288 270.14.116/2579 2009-12-21 0.33 -
BitDefender 7.81008.4764596 7.29556 2009-12-22 4.11 -
CA (VET) 35.1.0 7187 2009-12-20 8.13 -
ClamAV 0.95.2 10206 2009-12-21 0.07 -
Comodo 3.13 3323 2009-12-21 0.94 -
CP Secure 1.3.0.5 2009.12.20 2009-12-20 0.09 -
Dr.Web 4.44.0.9170 2009.12.21 2009-12-21 8.05 -
F-Prot 4.4.4.56 20091221 2009-12-21 2.21 -
F-Secure 7.02.73807 2009.12.21.13 2009-12-21 0.12 -
Fortinet 11.297- 11.297 2009-12-21 0.22 -
GData 19.9454/19.638 20091221 2009-12-21 6.31 -
ViRobot 20091221 2009.12.21 2009-12-21 0.41 -
Ikarus T3.1.01.79 2009.12.21.74811 2009-12-21 4.18 -
JiangMin 13.0.900 2009.12.21 2009-12-21 4.66 -
Kaspersky 5.5.10 2009.12.21 2009-12-21 0.07 -
KingSoft 2009.2.5.15 2009.12.21.21 2009-12-21 0.52 -
McAfee 5.3.00 5839 2009-12-21 3.44 -
Microsoft 1.5302 2009.12.21 2009-12-21 6.49 -
Norman 6.01.09 6.01.00 2009-12-21 4.00 -
Panda 9.05.01 2009.12.21 2009-12-21 1.90 -
Trend Micro 9.000-1003 6.708.09 2009-12-21 0.04 -
Quick Heal 10.00 2009.12.21 2009-12-21 1.43 -
Rising 20.0 22.27.00.04 2009-12-21 0.93 -
Sophos 3.03.0 4.49 2009-12-22 2.66 -
Sunbelt 3.9.2388.2 5573 2009-12-21 1.98 -
Symantec 1.3.0.24 20091221.003 2009-12-21 0.06 -
nProtect 20091221.01 6660259 2009-12-21 4.01 -
The Hacker 6.5.0.3 v00103 2009-12-21 0.77 -
VBA32 3.12.12.0 20091219.1607 2009-12-19 2.33 -
VirusBuster 4.5.11.10 10.118.4/2022232 2009-12-21 2.54 -


When I tried to run the second scan here is what I got:

The file are TCPIP.SYS uploaded by other users and scanned successfully at 2009/12/22 05:08:36, and 0 softwares update the database from last scan to now.

I don’t understand this since 12/22 is tomorrow. It asked if I wanted the scan results so here they are. No option to rescan. Also, as a note, I was unable to just past or even type the file name into the window, rather had to browse and get to the file that way.

VirSCAN.org Scanned Report :
Scanned time : 2009/12/21 15:08:36 (CST)
Scanner results: Scanners did not find malware!
File Name : TCPIP.SYS
File Size : 361600 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : d24ea301e2b36c4e975fd216ca85d8e7
SHA1 : fa9dc1de4881552c6b71c1bce9cfaf60a3c9db79
Online report : http://virscan.org/report/13f9884b00c951c3...b59f2ddc45.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091222010136 2009-12-22 4.13 -
AhnLab V3 2009.12.22.00 2009.12.22 2009-12-22 1.01 -
AntiVir 8.2.1.122 7.10.2.44 2009-12-21 0.26 -
Antiy 2.0.18 20091218.3500546 2009-12-18 0.12 -
Arcavir 2009 200912211248 2009-12-21 0.28 -
Authentium 5.1.1 200912211351 2009-12-21 2.21 -
AVAST! 4.7.4 091221-1 2009-12-21 0.03 -
AVG 8.5.288 270.14.116/2579 2009-12-21 0.33 -
BitDefender 7.81008.4764596 7.29556 2009-12-22 4.11 -
CA (VET) 35.1.0 7187 2009-12-20 8.13 -
ClamAV 0.95.2 10206 2009-12-21 0.07 -
Comodo 3.13 3323 2009-12-21 0.94 -
CP Secure 1.3.0.5 2009.12.20 2009-12-20 0.09 -
Dr.Web 4.44.0.9170 2009.12.21 2009-12-21 8.05 -
F-Prot 4.4.4.56 20091221 2009-12-21 2.21 -
F-Secure 7.02.73807 2009.12.21.13 2009-12-21 0.12 -
Fortinet 11.297- 11.297 2009-12-21 0.22 -
GData 19.9454/19.638 20091221 2009-12-21 6.31 -
ViRobot 20091221 2009.12.21 2009-12-21 0.41 -
Ikarus T3.1.01.79 2009.12.21.74811 2009-12-21 4.18 -
JiangMin 13.0.900 2009.12.21 2009-12-21 4.66 -
Kaspersky 5.5.10 2009.12.21 2009-12-21 0.07 -
KingSoft 2009.2.5.15 2009.12.21.21 2009-12-21 0.52 -
McAfee 5.3.00 5839 2009-12-21 3.44 -
Microsoft 1.5302 2009.12.21 2009-12-21 6.49 -
Norman 6.01.09 6.01.00 2009-12-21 4.00 -
Panda 9.05.01 2009.12.21 2009-12-21 1.90 -
Trend Micro 9.000-1003 6.708.09 2009-12-21 0.04 -
Quick Heal 10.00 2009.12.21 2009-12-21 1.43 -
Rising 20.0 22.27.00.04 2009-12-21 0.93 -
Sophos 3.03.0 4.49 2009-12-22 2.66 -
Sunbelt 3.9.2388.2 5573 2009-12-21 1.98 -
Symantec 1.3.0.24 20091221.003 2009-12-21 0.06 -
nProtect 20091221.01 6660259 2009-12-21 4.01 -
The Hacker 6.5.0.3 v00103 2009-12-21 0.77 -
VBA32 3.12.12.0 20091219.1607 2009-12-19 2.33 -
VirusBuster 4.5.11.10 10.118.4/2022232 2009-12-21 2.54 -


Malwarebytes' Anti-Malware 1.42
Database version: 3406
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/21/2009 3:27:20 PM
mbam-log-2009-12-21 (15-27-20).txt

Scan type: Quick Scan
Objects scanned: 120111
Time elapsed: 5 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 chamber

chamber

    Bleepin' Geek


  • Members
  • 329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:~/
  • Local time:08:36 AM

Posted 22 December 2009 - 03:48 AM

Looks better.

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU


#11 SATCFI

SATCFI
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 22 December 2009 - 09:15 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, December 22, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, December 22, 2009 21:58:43
Records in database: 3400623
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 121989
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 02:52:39


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Infected: Rootkit.Win32.TDSS.y 1

Selected area has been scanned.

#12 chamber

chamber

    Bleepin' Geek


  • Members
  • 329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:~/
  • Local time:08:36 AM

Posted 23 December 2009 - 03:19 AM

Looks good.

How are things running?

Post a fresh OTL log for me.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU


#13 SATCFI

SATCFI
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 23 December 2009 - 11:39 PM

I think it's running fine now. No trace of the redirect :(

Thanks for all your help.

Best regards,

Brad

OTL logfile created on: 12/23/2009 10:32:07 PM - Run 4
OTL by OldTimer - Version 3.1.18.0 Folder = C:\Documents and Settings\Brad marcum\Desktop\Virus Logs
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 655.94 Mb Available Physical Memory | 64.67% Memory free
2.38 Gb Paging File | 1.99 Gb Available in Paging File | 83.34% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.83 Gb Total Space | 31.43 Gb Free Space | 46.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRAD
Current User Name: Brad marcum
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Documents and Settings\Brad marcum\Desktop\Virus Logs\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe (Rosetta Stone Ltd.)
PRC - C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe (Rosetta Stone Ltd.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\LxrJD31s.exe ()
PRC - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe (Logitech Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
PRC - C:\WINDOWS\system32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\system32\BCMWLTRY.EXE (Dell Inc.)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe (ActivCard)
PRC - C:\Program Files\Common Files\ActivCard\acautoup.exe (ActivCard S.A.)
PRC - C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe (ActivCard)
PRC - C:\Program Files\Common Files\ActivCard\acachsrv.exe (ActivCard)
PRC - C:\Program Files\Common Files\ActivCard\acautoreg.exe (ActivCard S.A.)
PRC - C:\Program Files\Common Files\ActivCard\accoca.exe (ActivCard)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Brad marcum\Desktop\Virus Logs\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MSSQL$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (NWCWorkstation) -- C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
SRV - (RosettaStoneLtdController) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe (Rosetta Stone Ltd.)
SRV - (LxrJD31s) -- C:\WINDOWS\System32\LxrJD31s.exe ()
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (wltrysvc) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (SQLAgent$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (acautoupdate) -- C:\Program Files\Common Files\ActivCard\acautoup.exe (ActivCard S.A.)
SRV - (ACachSrv) -- C:\Program Files\Common Files\ActivCard\acachsrv.exe (ActivCard)
SRV - (acautoreg) -- C:\Program Files\Common Files\ActivCard\acautoreg.exe (ActivCard S.A.)
SRV - (Accoca) -- C:\Program Files\Common Files\ActivCard\accoca.exe (ActivCard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7171
FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/31 18:12:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/29 19:27:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/22 15:57:36 | 00,000,000 | ---D | M]

[2009/07/11 19:20:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\Mozilla\Extensions
[2009/12/18 21:38:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\Mozilla\Firefox\Profiles\1s5bnptq.default\extensions
[2009/09/09 18:42:53 | 00,000,000 | ---D | M] (Auto Copy) -- C:\Documents and Settings\Brad marcum\Application Data\Mozilla\Firefox\Profiles\1s5bnptq.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2009/09/06 18:11:46 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Brad marcum\Application Data\Mozilla\Firefox\Profiles\1s5bnptq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/11 19:25:27 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Brad marcum\Application Data\Mozilla\Firefox\Profiles\1s5bnptq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/12/22 15:57:38 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [acEventServ] C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe (ActivCard)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iProtectYou] C:\WINDOWS\System32\ip.exe (SoftForYou)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe ()
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivCard Gold Smart Card Agent.lnk = C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe (ActivCard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.lizardtech.com/download/files/w...ntrol_en_US.cab (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} http://bridge.item2.naver.com/music/cab/nbgm.cab (Gogs Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1242618824765 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...094/mcfscan.cab (McFreeScan Class)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\acAuth: DllName - acauth.dll - C:\WINDOWS\System32\acauth.dll (ActivCard)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/22 16:00:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad marcum\.SunDownloadManager
[2009/12/22 15:49:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad marcum\Desktop\JavaRa
[2009/12/21 15:17:09 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/19 10:43:12 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/12/19 10:27:26 | 00,000,000 | ---D | C] -- C:\KittyFix
[2009/12/19 10:00:20 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Brad marcum\Recent
[2009/12/18 15:38:07 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/18 15:36:03 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/18 15:36:03 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/18 15:36:03 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/18 15:36:03 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/18 15:35:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/18 15:35:13 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/18 15:25:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad marcum\Desktop\12 18 09
[2009/12/18 15:22:43 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/18 15:11:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad marcum\Desktop\Virus Logs
[2009/12/11 17:42:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad marcum\DoctorWeb
[2009/12/11 16:51:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\Threat Expert
[2009/01/04 17:09:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2009/01/04 17:09:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2009/01/04 17:09:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/01/04 17:01:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008/08/31 19:29:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/08/06 16:35:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/12/11 19:53:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\PIE Service
[2006/12/09 22:34:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2005/08/16 04:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/08/16 04:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/08/16 04:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/23 17:43:32 | 00,158,179 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\Cover.pdf
[2009/12/23 17:11:23 | 01,223,268 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\OddPages.pdf
[2009/12/23 17:10:40 | 01,363,659 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\EvenPages.pdf
[2009/12/22 15:47:05 | 00,034,816 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\12 22 09 to do.doc
[2009/12/21 15:28:06 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\12 21 09 logs.doc
[2009/12/21 15:19:12 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/21 15:19:07 | 00,000,430 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/12/21 15:18:41 | 00,007,724 | ---- | M] () -- C:\WINDOWS\System32\mssip.dat
[2009/12/21 15:18:34 | 00,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/21 15:18:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/21 15:18:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/21 15:18:31 | 10,637,14816 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/21 15:17:54 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Brad marcum\NTUSER.DAT
[2009/12/21 15:17:29 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Brad marcum\ntuser.ini
[2009/12/21 15:04:52 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\12 21 09.doc
[2009/12/19 19:53:12 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/19 10:47:42 | 00,146,944 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\12 19 09.doc
[2009/12/19 10:43:04 | 01,106,944 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\BleepingComputer.doc
[2009/12/19 10:36:45 | 00,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/19 10:36:27 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/19 10:35:04 | 04,315,978 | -H-- | M] () -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\IconCache.db
[2009/12/19 10:27:24 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\~$eepingComputer.doc
[2009/12/19 08:00:11 | 00,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Brad marcum.job
[2009/12/18 15:38:26 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/12/18 15:18:36 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\~$ 18 instructions.doc
[2009/12/15 07:32:27 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\~$wnload OTL to your desktop.doc
[2009/12/14 22:38:52 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\settings.dat
[2009/12/14 16:06:14 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\SASW.doc
[2009/12/14 01:06:44 | 00,000,516 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Brad marcum.job
[2009/12/13 15:43:14 | 00,109,922 | ---- | M] () -- C:\Documents and Settings\Brad marcum\Desktop\Sangs 2009 cosmetology certificate.pdf
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/23 17:43:31 | 00,158,179 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\Cover.pdf
[2009/12/23 17:11:18 | 01,223,268 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\OddPages.pdf
[2009/12/23 17:10:34 | 01,363,659 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\EvenPages.pdf
[2009/12/22 15:47:04 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\12 22 09 to do.doc
[2009/12/21 15:09:45 | 00,039,424 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\12 21 09 logs.doc
[2009/12/21 15:04:51 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\12 21 09.doc
[2009/12/19 10:27:24 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\~$eepingComputer.doc
[2009/12/19 10:23:25 | 01,106,944 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\BleepingComputer.doc
[2009/12/19 10:21:30 | 00,146,944 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\12 19 09.doc
[2009/12/18 15:38:24 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/12/18 15:38:12 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/12/18 15:36:03 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/18 15:36:03 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/18 15:36:03 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/18 15:36:03 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/18 15:36:03 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/18 15:18:36 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\~$ 18 instructions.doc
[2009/12/15 07:32:27 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\~$wnload OTL to your desktop.doc
[2009/12/14 22:38:52 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\settings.dat
[2009/12/14 16:06:14 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\SASW.doc
[2009/12/13 15:43:14 | 00,109,922 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Desktop\Sangs 2009 cosmetology certificate.pdf
[2009/07/06 17:06:04 | 00,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/06/11 17:27:16 | 00,000,785 | ---- | C] () -- C:\WINDOWS\GARMINWT.INI
[2009/05/21 10:58:56 | 00,000,217 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/18 07:09:08 | 00,004,834 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\E9867627-A188-440D-942C-D2076A5CBB6D.txt
[2009/04/10 16:54:51 | 00,170,496 | ---- | C] () -- C:\WINDOWS\System32\libssh2.dll
[2007/12/29 09:54:54 | 00,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/07/08 07:21:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2007/07/08 07:21:08 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2007/07/08 07:21:08 | 00,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys
[2007/07/08 07:21:08 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2007/06/12 17:30:43 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\msfffff2b7.dll
[2007/06/12 17:30:35 | 00,000,968 | ---- | C] () -- C:\WINDOWS\System32\ms102a.dll
[2007/03/20 08:42:49 | 00,001,129 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2007/03/11 18:37:48 | 00,000,304 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Application Data\wklnhst.dat
[2007/02/06 16:45:04 | 00,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/02/06 16:42:40 | 01,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2007/01/25 21:39:10 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2007/01/03 18:27:22 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/25 14:42:13 | 00,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/25 14:42:13 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\27A12F420E.sys
[2006/12/25 14:41:28 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/09 19:36:55 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Brad marcum\Local Settings\Application Data\fusioncache.dat
[2006/11/26 20:58:21 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/26 20:48:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/26 20:38:54 | 00,003,552 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/26 20:05:24 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/11/26 20:05:14 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/11/26 20:05:10 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/11/26 20:05:02 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/07/04 05:17:22 | 00,010,229 | ---- | C] () -- C:\WINDOWS\System32\cmdiag.ini
[2006/03/20 10:53:58 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\chksvrn.dll
[2006/02/03 07:42:44 | 00,000,142 | ---- | C] () -- C:\WINDOWS\System32\cmabout.ini
[2005/08/16 04:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 14:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/12 07:25:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/13 08:17:00 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\cmabout.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/28 18:23:16 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\aclibeay.dll

========== LOP Check ==========

[2008/03/23 15:43:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
[2009/12/11 17:10:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/11/26 20:44:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/03/16 18:54:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/10/09 11:49:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/12 10:18:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/25 20:32:07 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2008/07/19 18:55:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\CarryItEasy
[2007/03/13 13:08:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\DBsign
[2009/05/28 17:38:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\GetRightToGo
[2006/12/17 13:33:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\Leadertech
[2007/03/11 18:37:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\Template
[2006/12/17 13:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\WildTangent
[2009/05/28 17:39:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad marcum\Application Data\Xilisoft Corporation
[2009/12/21 15:18:34 | 00,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/05/24 20:40:40 | 00,063,488 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 5 17 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 5 17 09.doc
[2009/05/24 20:40:39 | 00,063,488 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 5 17 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 5 17 09.doc
[2009/05/14 21:06:16 | 00,062,976 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 2009 0504.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 2009 0504.doc
[2009/05/14 21:06:15 | 00,062,976 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 2009 0504.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 2009 0504.doc
[2009/04/27 21:39:55 | 00,060,928 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 4 13 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 4 13 09.doc
[2009/04/27 21:39:54 | 00,060,928 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 4 13 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 4 13 09.doc
[2009/04/27 21:32:25 | 00,060,928 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 3 16 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 3 16 09.doc
[2009/04/04 23:02:46 | 00,035,840 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\???? (???).doc) -- C:\Documents and Settings\Brad marcum\Desktop\할렐루야 (기도문).doc
[2009/04/04 20:50:35 | 00,035,840 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\???? (???).doc) -- C:\Documents and Settings\Brad marcum\Desktop\할렐루야 (기도문).doc
[2009/04/04 07:00:01 | 00,016,896 | ---- | M] ()(C:\Documents and Settings\Brad marcum\Desktop\???? ??? ??.xls) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무 다락방 헌금.xls
[2009/04/04 07:00:01 | 00,016,896 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\???? ??? ??.xls) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무 다락방 헌금.xls
[2009/03/08 12:41:15 | 00,060,928 | ---- | C] ()(C:\Documents and Settings\Brad marcum\Desktop\????-??? ??? 3 16 09.doc) -- C:\Documents and Settings\Brad marcum\Desktop\좋은나무-다락방 보고서 3 16 09.doc
[2009/03/08 12:38:50 | 00,060,416 | ---- | M] ()(C:\Documents and Settings\Brad marcum\My Documents\????-??? ??? Form.doc) -- C:\Documents and Settings\Brad marcum\My Documents\좋은나무-다락방 보고서 Form.doc
[2009/03/08 12:38:49 | 00,060,416 | ---- | C] ()(C:\Documents and Settings\Brad marcum\My Documents\????-??? ??? Form.doc) -- C:\Documents and Settings\Brad marcum\My Documents\좋은나무-다락방 보고서 Form.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#14 chamber

chamber

    Bleepin' Geek


  • Members
  • 329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:~/
  • Local time:08:36 AM

Posted 24 December 2009 - 03:24 PM

Now here's a Christmas present for you.

Congratulations your logs appear clean!! :(

Clean up

Follow these steps to uninstall Combofix and tools used in the removal of malware

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything assoicated with it.


  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
Additional Security Measures

Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

You should have a good anti spyware program - We recommend MalwareBytes Anti-Malware and SUPERAntiSpyware

MVPS Hosts file The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

Winpatrol Download and install the free version of Winpatrol. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Spring Cleaning

TFC - Temp File Cleaner by OldTimer - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders

Auslogics Disc Defrag or JKDefrag - Two good disc defragmenters for you to choose from.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU


#15 SATCFI

SATCFI
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 28 December 2009 - 12:30 PM

Wow,
You have done such a fantastic job with this. Thank you so very much.

Best regards,

Brad :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users