Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox/IE Google search redirects


  • This topic is locked This topic is locked
15 replies to this topic

#1 MindTrik

MindTrik

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 16 December 2009 - 12:16 PM

OK...this all started yesterday when I added a Facebook friend that I didn't know...thought it might be a friend of the wifes. I clicked the profile after I added her and BOOM....this all started. Every time I do a Google search, it shows the results...but when I click on them they go to other sites.

Here are my log files.



DDS (Ver_09-12-01.01) - NTFSx86
Run by Kevin at 12:29:07.98 on Wed 12/16/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2495 [GMT -5:00]

AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
Z:\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IFXBackup] c:\program files\ifxbackup\IFXBackup.exe
uRun: [AdobeBridge]
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [TGDTJ] "c:\program files\the gun dog training journal\TGDTJ.exe" -h
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
StartupFolder: c:\docume~1\kevin\startm~1\programs\startup\buffal~1.lnk - c:\program files\buffalo\nasnavi\NasNavi.exe
StartupFolder: c:\docume~1\kevin\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\kevin\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\kevin\startm~1\programs\startup\memeoa~1.lnk - c:\docume~1\kevin\applic~1\microsoft\installer\{bd1f8143-c678-43cd-a296-a3a32a8c2976}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe
StartupFolder: c:\docume~1\kevin\startm~1\programs\startup\nassch~1.lnk - c:\program files\buffalo\nasnavi\nassche.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://gjonassupport.webex.com/client/T26L/support/ieatgpc.cab
TCP: {603335CE-18CB-4D99-9876-CEE37272D857} = 24.25.5.148,24.25.5.147
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kevin\applic~1\mozilla\firefox\profiles\nheonbmg.default\
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 EpsonPOSLog;Epson Point of Service Log Service;c:\program files\epson\epson advanced printer driver 4\EpsonPHLog.exe [2008-11-28 290816]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 NasPmService;NAS PM Service;c:\program files\buffalo\nasnavi\nassvc.exe -service_execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> c:\program files\buffalo\nasnavi\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
R2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb18 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-29 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091216.003\NAVENG.SYS [2009-12-16 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091216.003\NAVEX15.SYS [2009-12-16 1323568]
RUnknown SASKUTIL;SASKUTIL; [x]
S2 gupdate1c9e6b67a3223f4;Google Update Service (gupdate1c9e6b67a3223f4);c:\program files\google\update\GoogleUpdate.exe [2009-6-6 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-1-13 1245064]

=============== Created Last 30 ================

2009-12-16 16:46:24 7900 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-16 16:44:04 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-12-16 16:44:03 7167 ----a-w- c:\windows\system32\atifglpf.xml
2009-12-16 16:44:03 479232 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-12-16 16:44:03 18618 ----a-w- c:\windows\atiogl.xml
2009-12-16 16:44:02 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-12-16 16:44:02 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-12-16 16:44:02 195855 ----a-w- c:\windows\system32\atiicdxx.dat
2009-12-16 16:43:42 0 d-----w- c:\program files\ATI
2009-12-16 16:05:04 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-12-16 16:05:04 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-12-16 16:05:04 368480 ----a-w- c:\windows\system32\ativvaxx.cap
2009-12-16 16:05:04 3526656 ----a-w- c:\windows\system32\aticaldd.dll
2009-12-16 16:05:04 118784 ----a-w- c:\windows\system32\atibtmon.exe
2009-12-16 16:05:03 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-12-16 16:05:03 13000704 ----a-w- c:\windows\system32\atioglxx.dll
2009-12-16 16:03:13 0 d-----w- C:\ATI
2009-12-16 14:54:54 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-12-16 14:54:48 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-16 14:54:48 0 d-----w- c:\docume~1\kevin\applic~1\SUPERAntiSpyware.com
2009-12-16 14:35:17 0 d-----w- c:\docume~1\kevin\applic~1\Malwarebytes
2009-12-16 14:35:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-16 14:35:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-15 18:48:41 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-15 18:48:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-15 14:38:54 0 d-----w- c:\docume~1\kevin\applic~1\HeidiSQL
2009-12-09 15:09:52 0 d-----w- c:\program files\SpeedFan
2009-12-09 15:09:51 45 ----a-w- c:\windows\system32\initdebug.nfo
2009-12-03 17:51:24 0 d-----w- c:\program files\Light-O-Rama
2009-12-03 17:51:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Light-O-Rama
2009-12-02 14:48:30 0 d-----w- C:\_AcroTemp

==================== Find3M ====================

2009-11-04 19:40:12 90112 ----a-w- c:\windows\system32\ccrpTmr6.dll
2009-11-04 16:15:30 4423168 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-11-04 15:44:14 300032 ----a-w- c:\windows\system32\ati2dvag.dll
2009-11-04 15:29:44 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-04 15:29:28 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-04 15:29:16 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-11-04 15:29:08 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-04 15:28:54 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-11-04 15:27:40 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-11-04 15:26:18 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-11-04 15:18:50 3518304 ----a-w- c:\windows\system32\ati3duag.dll
2009-11-04 15:05:10 2135680 ----a-w- c:\windows\system32\ativvaxx.dll
2009-11-04 14:51:08 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-04 14:47:16 565248 ----a-w- c:\windows\system32\atikvmag.dll
2009-11-04 14:45:30 172032 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-04 14:45:04 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-11-04 14:44:48 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2009-11-04 14:44:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-04 14:39:26 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-11-02 15:55:41 9232 ----a-w- c:\documents and settings\kevin\mqdmmdfl.sys
2009-11-02 15:55:41 92064 ----a-w- c:\documents and settings\kevin\mqdmmdm.sys
2009-11-02 15:55:41 79328 ----a-w- c:\documents and settings\kevin\mqdmserd.sys
2009-11-02 15:55:41 66656 ----a-w- c:\documents and settings\kevin\mqdmbus.sys
2009-11-02 15:55:41 6208 ----a-w- c:\documents and settings\kevin\mqdmcmnt.sys
2009-11-02 15:55:41 5936 ----a-w- c:\documents and settings\kevin\mqdmwhnt.sys
2009-11-02 15:55:41 4048 ----a-w- c:\documents and settings\kevin\mqdmcr.sys
2009-11-02 15:55:41 25600 ----a-w- c:\documents and settings\kevin\usbsermptxp.sys
2009-11-02 15:55:41 22768 ----a-w- c:\documents and settings\kevin\usbsermpt.sys
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-25 16:42:38 129784 ------w- c:\windows\system32\pxafs.dll
2009-09-25 16:42:38 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-09-25 16:42:38 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-03-30 20:31:13 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009033020090331\index.dat

============= FINISH: 12:29:21.90 ===============

Attached Files


Edited by MindTrik, 16 December 2009 - 12:43 PM.


BC AdBot (Login to Remove)

 


#2 MindTrik

MindTrik
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 16 December 2009 - 12:35 PM

I did try to use Malwarebytes...CCleaner and SUPERantimalware...I ran those reports with those installed...I uninstalled everything I had installed and just re-ran the reports and reposted with new info....sorry for that I figured I better do the new reports after I did that so things won't get screwed up from the beginning.

#3 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:08 PM

Posted 28 December 2009 - 11:37 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#4 MindTrik

MindTrik
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 29 December 2009 - 11:16 AM

DDS (Ver_09-12-01.01) - NTFSx86
Run by Kevin at 11:14:07.48 on Tue 12/29/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2439 [GMT -5:00]

AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroDist.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Gun Dog Training Journal\TGDTJ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
C:\Documents and Settings\Kevin\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\BUFFALO\NASNAVI\nassche.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Kevin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IFXBackup] c:\program files\ifxbackup\IFXBackup.exe
uRun: [AdobeBridge]
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [TGDTJ] "c:\program files\the gun dog training journal\TGDTJ.exe" -h
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
StartupFolder: c:\docume~1\kevin\startm~1\programs\startup\buffal~1.lnk - c:\program files\buffalo\nasnavi\NasNavi.exe
StartupFolder: c:\docume~1\kevin\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\kevin\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\kevin\startm~1\programs\startup\memeoa~1.lnk - c:\docume~1\kevin\applic~1\microsoft\installer\{bd1f8143-c678-43cd-a296-a3a32a8c2976}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe
StartupFolder: c:\docume~1\kevin\startm~1\programs\startup\nassch~1.lnk - c:\program files\buffalo\nasnavi\nassche.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://gjonassupport.webex.com/client/T26L/support/ieatgpc.cab
TCP: {603335CE-18CB-4D99-9876-CEE37272D857} = 24.25.5.148,24.25.5.147
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kevin\applic~1\mozilla\firefox\profiles\nheonbmg.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 EpsonPOSLog;Epson Point of Service Log Service;c:\program files\epson\epson advanced printer driver 4\EpsonPHLog.exe [2008-11-28 290816]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 NasPmService;NAS PM Service;c:\program files\buffalo\nasnavi\nassvc.exe -service_execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> c:\program files\buffalo\nasnavi\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
R2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb18 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-29 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091216.052\NAVENG.SYS [2009-12-17 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091216.052\NAVEX15.SYS [2009-12-17 1323568]
S2 gupdate1c9e6b67a3223f4;Google Update Service (gupdate1c9e6b67a3223f4);c:\program files\google\update\GoogleUpdate.exe [2009-6-6 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-1-13 1245064]

=============== Created Last 30 ================

2009-12-16 16:46:24 7900 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-16 16:44:04 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-12-16 16:44:03 7167 ----a-w- c:\windows\system32\atifglpf.xml
2009-12-16 16:44:03 479232 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-12-16 16:44:03 18618 ----a-w- c:\windows\atiogl.xml
2009-12-16 16:44:02 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-12-16 16:44:02 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-12-16 16:44:02 195855 ----a-w- c:\windows\system32\atiicdxx.dat
2009-12-16 16:43:42 0 d-----w- c:\program files\ATI
2009-12-16 16:05:04 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-12-16 16:05:04 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-12-16 16:05:04 368480 ----a-w- c:\windows\system32\ativvaxx.cap
2009-12-16 16:05:04 3526656 ----a-w- c:\windows\system32\aticaldd.dll
2009-12-16 16:05:04 118784 ----a-w- c:\windows\system32\atibtmon.exe
2009-12-16 16:05:03 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-12-16 16:05:03 13000704 ----a-w- c:\windows\system32\atioglxx.dll
2009-12-16 16:03:13 0 d-----w- C:\ATI
2009-12-16 14:54:54 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-12-16 14:54:48 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-16 14:54:48 0 d-----w- c:\docume~1\kevin\applic~1\SUPERAntiSpyware.com
2009-12-16 14:35:17 0 d-----w- c:\docume~1\kevin\applic~1\Malwarebytes
2009-12-16 14:35:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-16 14:35:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-15 18:48:41 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-15 18:48:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-15 14:38:54 0 d-----w- c:\docume~1\kevin\applic~1\HeidiSQL
2009-12-09 15:09:52 0 d-----w- c:\program files\SpeedFan
2009-12-09 15:09:51 45 ----a-w- c:\windows\system32\initdebug.nfo
2009-12-03 17:51:24 0 d-----w- c:\program files\Light-O-Rama
2009-12-03 17:51:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Light-O-Rama
2009-12-02 14:48:30 0 d-----w- C:\_AcroTemp

==================== Find3M ====================

2009-11-04 19:40:12 90112 ----a-w- c:\windows\system32\ccrpTmr6.dll
2009-11-04 16:15:30 4423168 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-11-04 15:44:14 300032 ----a-w- c:\windows\system32\ati2dvag.dll
2009-11-04 15:29:44 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-04 15:29:28 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-04 15:29:16 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-11-04 15:29:08 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-04 15:28:54 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-11-04 15:27:40 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-11-04 15:26:18 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-11-04 15:18:50 3518304 ----a-w- c:\windows\system32\ati3duag.dll
2009-11-04 15:05:10 2135680 ----a-w- c:\windows\system32\ativvaxx.dll
2009-11-04 14:51:08 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-04 14:47:16 565248 ----a-w- c:\windows\system32\atikvmag.dll
2009-11-04 14:45:30 172032 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-04 14:45:04 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-11-04 14:44:48 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2009-11-04 14:44:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-04 14:39:26 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-11-02 15:55:41 9232 ----a-w- c:\documents and settings\kevin\mqdmmdfl.sys
2009-11-02 15:55:41 92064 ----a-w- c:\documents and settings\kevin\mqdmmdm.sys
2009-11-02 15:55:41 79328 ----a-w- c:\documents and settings\kevin\mqdmserd.sys
2009-11-02 15:55:41 66656 ----a-w- c:\documents and settings\kevin\mqdmbus.sys
2009-11-02 15:55:41 6208 ----a-w- c:\documents and settings\kevin\mqdmcmnt.sys
2009-11-02 15:55:41 5936 ----a-w- c:\documents and settings\kevin\mqdmwhnt.sys
2009-11-02 15:55:41 4048 ----a-w- c:\documents and settings\kevin\mqdmcr.sys
2009-11-02 15:55:41 25600 ----a-w- c:\documents and settings\kevin\usbsermptxp.sys
2009-11-02 15:55:41 22768 ----a-w- c:\documents and settings\kevin\usbsermpt.sys
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-03-30 20:31:13 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009033020090331\index.dat

============= FINISH: 11:15:12.41 ===============

Attached Files



#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:08 PM

Posted 29 December 2009 - 09:16 PM

Hello, and :( to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. :(
  • As I am in the final stages of training an Expert Coach will also oversee your fix. Your benefit will be two people helping you instead of just one, but responses may be somewhat delayed so please be patient!!!!
Please give me a little time to go through your logs. My instructions will be forthcoming.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:08 PM

Posted 30 December 2009 - 06:34 PM

Hello MindTrik

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you wish to format and reinstall please stop here and let me know. If you wish to continue cleaning, read on and complete the following steps, but please acknowledge that you have read this in your next reply.

***************************************************

Download Combofix from any of the links below but rename it to renamed.exe before saving it to your desktop.


Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
  • Double click on renamed.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


~Blade


In your next reply, please include the following:
Acknowledgement that you have read the Backdoor Warning above
ComboFix log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:08 PM

Posted 03 January 2010 - 04:24 AM

Do you still need assistance?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#8 MindTrik

MindTrik
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 04 January 2010 - 10:28 AM

Sorry for the delay....not sure why I didn't see the email. I have followed your instructions and have attached the log.txt file. Could you please tell me what I was infected with and where in the log files it was listed...just so I know what I was dealing with?

Attached Files

  • Attached File  log.txt   23.62KB   14 downloads

Edited by MindTrik, 04 January 2010 - 11:03 AM.


#9 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:08 PM

Posted 05 January 2010 - 03:13 PM

Hello MindTrik.

In the future, please paste the contents of requested logs directly into the body of your reply. This makes them much easier for me to read. You should only attach them if the board software notifies you that your post is too large.

Sorry for the delay....not sure why I didn't see the email.

That's alright. The email notification system here can be unreliable occasionally. I recommend checking this topic once a day for replies in addition to the email system :(

We need to run another scan please.
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under the "Custom scans and fixes" section paste in the below in bold


    /md5start
    atapi.sys
    /md5stop

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
~Blade

In your next reply, please include the following:
OTL.txt
Extras.Txt
How is the computer running now?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#10 MindTrik

MindTrik
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 06 January 2010 - 08:23 AM

OTL logfile created on: 1/6/2010 8:15:31 AM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.16 Gb Total Space | 538.02 Gb Free Space | 90.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 74.52 Gb Total Space | 36.16 Gb Free Space | 48.53% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 879.74 Gb Total Space | 878.11 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Drive Z: | 923.76 Gb Total Space | 833.57 Gb Free Space | 90.24% Space Free | Partition Type: NTFS

Computer Name: CYC-ASSTMGR
Current User Name: Kevin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kevin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
PRC - C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe ()
PRC - C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
PRC - C:\Program Files\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe (Memeo Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
PRC - C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe (iAnywhere Solutions, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Kevin\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (gupdate1c9e6b67a3223f4) Google Update Service (gupdate1c9e6b67a3223f4) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (EpsonPOSLog) -- C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe (SEIKO EPSON CORPORATION)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (LiveUpdate Notice) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NasPmService) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (QuickBooksDB18) -- C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe (iAnywhere Solutions, Inc.)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100105.053\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100105.053\NAVENG.SYS (Symantec Corporation)
DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20091230.001\SymIDSco.sys (Symantec Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (adfs) -- C:\WINDOWS\system32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam S5500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (amdide) -- C:\WINDOWS\system32\DRIVERS\amdide.sys (Advanced Micro Devices)
DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys (Symantec Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {7CEA821D-3DAB-4238-B424-BF7324531750}:0.4.8
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6


FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/01 02:00:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/15 12:13:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/05 09:17:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/05 09:17:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/02 11:22:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/11/02 11:22:29 | 00,000,000 | ---D | M]

[2009/01/14 11:56:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions
[2009/01/14 11:56:10 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/01/05 14:37:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\nheonbmg.default\extensions
[2009/11/02 09:29:04 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\nheonbmg.default\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
[2009/08/26 17:01:28 | 00,000,945 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\nheonbmg.default\searchplugins\youtube-video-search.xml
[2010/01/05 14:37:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/05 09:17:20 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/15 12:13:16 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/07/04 16:55:35 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/12/02 09:17:58 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/12/02 09:17:59 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/03/31 21:47:26 | 00,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2009/01/23 04:19:34 | 00,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2009/01/23 04:19:38 | 00,126,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2009/01/23 04:22:14 | 00,027,976 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atsc3cls.dll
[2009/01/23 04:19:40 | 00,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2009/01/23 04:19:50 | 00,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2009/05/21 10:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/12/02 09:18:00 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2008/06/11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/11/02 11:22:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/11/02 11:22:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/11/02 11:22:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/11/02 11:22:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/11/02 11:22:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/11/02 11:22:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/11/02 11:22:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/12/02 02:38:29 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/12/02 02:38:29 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/12/02 02:38:29 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/12/02 02:38:29 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/12/02 02:38:29 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/12/02 02:38:29 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/12/02 02:38:29 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [IFXBackup] C:\Program Files\IFXBackup\ifxbackup.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TGDTJ] C:\Program Files\The Gun Dog Training Journal\TGDTJ.exe (Home)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe ()
O4 - Startup: C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Kevin\Application Data\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk = C:\Documents and Settings\Kevin\Application Data\Microsoft\Installer\{BD1F8143-C678-43CD-A296-A3A32A8C2976}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: cyc-server ([]file in Local intranet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://gjonassupport.webex.com/client/T26L...ort/ieatgpc.cab (GpcContainer Class)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/13 16:00:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/05/16 22:44:23 | 00,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/06 08:09:59 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2010/01/05 09:16:39 | 08,086,544 | ---- | C] (Mozilla) -- C:\Documents and Settings\Kevin\Desktop\Firefox Setup 3.5.6.exe
[2010/01/04 14:53:15 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/04 10:40:45 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/04 10:39:06 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/04 10:39:06 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/04 10:39:06 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/04 10:39:06 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/04 10:38:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/04 10:38:27 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/17 11:57:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/12/16 11:44:03 | 00,479,232 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2009/12/16 11:44:02 | 00,311,296 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2009/12/16 11:43:42 | 00,000,000 | ---D | C] -- C:\Program Files\ATI
[2009/12/16 11:05:04 | 03,526,656 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticaldd.dll
[2009/12/16 11:05:04 | 00,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atibtmon.exe
[2009/12/16 11:05:04 | 00,065,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\atimpc32.dll
[2009/12/16 11:05:04 | 00,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalrt.dll
[2009/12/16 11:05:03 | 13,000,704 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atioglxx.dll
[2009/12/16 11:05:03 | 00,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalcl.dll
[2009/12/16 11:03:13 | 00,000,000 | ---D | C] -- C:\ATI
[2009/12/16 11:02:07 | 44,436,541 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Kevin\Desktop\9-11_xp32_dd_ccc_wdm_enu(2).exe
[2009/12/16 09:54:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/12/16 09:54:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\SUPERAntiSpyware.com
[2009/12/16 09:54:48 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/12/16 09:53:58 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Kevin\Recent
[2009/12/16 09:35:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\Malwarebytes
[2009/12/16 09:35:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/16 09:35:09 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/15 13:48:41 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/15 13:48:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/12/15 09:38:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\HeidiSQL
[2009/12/10 10:59:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\com_phocaguestbook_v1.3.2
[2009/12/09 10:09:52 | 00,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2009/10/10 14:57:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/31 02:00:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/06/30 21:56:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/06/06 09:52:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/05/17 12:05:56 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/05/04 14:55:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Xerox
[2009/02/11 03:09:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2009/01/13 16:03:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/01/25 10:47:00 | 00,217,088 | ---- | C] ( ) -- C:\Documents and Settings\Kevin\Local Settings\Application Data\Interop.Microsoft.Office.Core.dll
[2007/08/09 14:50:38 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Kevin\Local Settings\Application Data\stdole.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Kevin\My Documents\*.tmp files -> C:\Documents and Settings\Kevin\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/06 08:10:01 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2010/01/06 08:08:29 | 00,000,352 | ---- | M] () -- C:\WINDOWS\JONAS.INI
[2010/01/06 08:06:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/06 00:06:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/05 13:53:10 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/05 09:17:22 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/05 09:16:45 | 08,086,544 | ---- | M] (Mozilla) -- C:\Documents and Settings\Kevin\Desktop\Firefox Setup 3.5.6.exe
[2010/01/04 16:22:20 | 00,028,529 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\jrsailingsyllabus.html
[2010/01/04 15:40:40 | 00,037,838 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\Kevin.docx
[2010/01/04 13:57:39 | 00,105,375 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\JOINED.xlsx
[2010/01/04 11:49:56 | 00,550,400 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Purser.xls
[2010/01/04 11:05:54 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/01/04 10:55:09 | 00,002,449 | ---- | M] () -- C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
[2010/01/04 10:54:42 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/04 10:54:27 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/04 10:54:22 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/04 10:53:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/04 10:53:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/04 10:52:18 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Kevin\NTUSER.DAT
[2010/01/04 10:52:18 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Kevin\ntuser.ini
[2010/01/04 10:40:51 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/12/16 11:46:24 | 00,007,900 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/16 11:02:46 | 44,436,541 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Kevin\Desktop\9-11_xp32_dd_ccc_wdm_enu(2).exe
[2009/12/16 10:10:46 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\dds.scr
[2009/12/15 09:55:00 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Kevin\PUTTY.RND
[2009/12/11 12:19:28 | 00,020,598 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\2009PrivatePartyTotals.xlsx
[2009/12/10 14:01:59 | 00,013,852 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\default.php
[2009/12/10 12:42:43 | 00,013,379 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\creditcardusage.xlsx
[2009/12/10 11:47:54 | 00,003,525 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\chmod.php
[2009/12/10 10:58:35 | 00,447,349 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\com_phocaguestbook_v1.3.2.zip
[2009/12/10 10:44:41 | 01,114,935 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\xmas.psd
[2009/12/10 10:24:11 | 00,032,702 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\2009-2010 CYC Board.pdf
[2009/12/10 09:59:11 | 01,572,743 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\2009Christmas.ai
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/12/09 16:24:16 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Kevin\Desktop\~$w member labels.doc
[2009/12/09 15:47:47 | 00,000,468 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2009/12/09 10:09:53 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\SpeedFan.lnk
[2009/12/09 10:09:52 | 00,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2009/12/09 09:59:33 | 00,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/09 09:59:33 | 00,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/09 09:59:32 | 00,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/08 16:37:08 | 00,064,512 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Initiation report 2009.xls
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Kevin\My Documents\*.tmp files -> C:\Documents and Settings\Kevin\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/04 15:32:38 | 00,037,838 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\Kevin.docx
[2010/01/04 12:05:08 | 00,105,375 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\JOINED.xlsx
[2010/01/04 11:49:21 | 00,550,400 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Purser.xls
[2010/01/04 11:05:54 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/01/04 10:40:51 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/04 10:40:47 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/04 10:39:06 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/04 10:39:06 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/04 10:39:06 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/04 10:39:06 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/04 10:39:06 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/29 10:56:11 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\dds.scr
[2009/12/16 11:46:24 | 00,007,900 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/16 11:44:04 | 00,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/12/16 11:44:03 | 00,018,618 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2009/12/16 11:44:03 | 00,007,167 | ---- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2009/12/16 11:44:02 | 00,195,855 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/12/16 11:44:02 | 00,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/12/16 11:05:04 | 00,368,480 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009/12/11 11:57:48 | 00,020,598 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\2009PrivatePartyTotals.xlsx
[2009/12/10 13:32:00 | 00,013,852 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\default.php
[2009/12/10 12:41:30 | 00,013,379 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\creditcardusage.xlsx
[2009/12/10 11:34:37 | 00,003,525 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\chmod.php
[2009/12/10 10:58:35 | 00,447,349 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\com_phocaguestbook_v1.3.2.zip
[2009/12/10 10:44:40 | 01,114,935 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\xmas.psd
[2009/12/10 10:24:10 | 00,032,702 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\2009-2010 CYC Board.pdf
[2009/12/09 16:24:16 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Kevin\Desktop\~$w member labels.doc
[2009/12/09 10:09:53 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\SpeedFan.lnk
[2009/12/09 10:09:51 | 00,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2009/12/09 10:06:34 | 01,138,688 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Memtest86_3.5.iso
[2009/12/08 16:08:40 | 00,064,512 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Initiation report 2009.xls
[2009/10/16 09:30:50 | 00,000,545 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\AutoGK.ini
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/09 18:37:50 | 00,000,230 | ---- | C] () -- C:\WINDOWS\zw.ini
[2009/07/02 20:30:20 | 00,000,038 | ---- | C] () -- C:\WINDOWS\camcodec100.ini
[2009/06/04 16:51:59 | 00,081,110 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/03/25 14:27:07 | 00,000,468 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/03/25 14:27:07 | 00,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/03/25 14:26:42 | 00,001,132 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/03/25 14:26:42 | 00,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/03/25 14:24:56 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2009/03/25 14:24:56 | 00,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/03/25 14:24:55 | 00,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/03/25 14:24:54 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/03/25 14:23:17 | 00,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/03/14 17:34:11 | 00,000,615 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/03/14 17:33:41 | 00,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/01/25 16:10:48 | 00,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/14 17:26:55 | 00,000,183 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/01/14 16:47:56 | 00,011,776 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/14 12:09:36 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/14 11:11:08 | 00,000,352 | ---- | C] () -- C:\WINDOWS\JONAS.INI
[2009/01/13 16:16:21 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/01/13 16:16:21 | 00,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/01/13 16:16:19 | 00,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/01/13 16:16:19 | 00,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/01/13 16:13:50 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/01/13 16:13:39 | 00,031,653 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/01/13 16:13:39 | 00,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/01/08 18:01:22 | 00,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/16 20:58:54 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 20:50:56 | 00,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/03/11 22:50:02 | 00,013,308 | ---- | C] () -- C:\WINDOWS\UN060501.INI
[2008/03/10 15:23:58 | 00,004,697 | ---- | C] () -- C:\WINDOWS\UN080307.INI
[2007/03/16 16:00:00 | 00,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2002/10/15 17:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[1999/01/22 13:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/04/03 14:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/04/24 12:32:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/01/14 15:29:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/02/19 16:10:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Epson
[2009/12/03 12:51:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Light-O-Rama
[2009/04/30 11:08:52 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2009/07/04 16:10:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/03/25 14:23:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/08/03 10:17:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/13 16:48:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/11/02 11:24:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/04 10:56:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Dropbox
[2009/02/19 16:10:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\EPSON
[2009/01/14 15:43:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\FlashFXP
[2009/12/15 09:38:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\HeidiSQL
[2009/03/07 15:47:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\IFXBackup
[2009/07/25 09:42:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ImgBurn
[2009/06/04 16:53:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Leadertech
[2009/01/16 15:40:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\OfficeUpdate12
[2009/03/25 15:41:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\PC-FAX TX
[2009/01/29 13:39:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Reel Logix
[2009/03/25 14:35:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ScanSoft
[2009/08/22 13:52:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\SecondLife
[2009/07/04 16:47:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Subversion
[2010/01/04 10:56:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\TGDTJ
[2009/01/13 16:18:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Thunderbird
[2009/04/13 14:07:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Xerox

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2007/07/27 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2007/07/27 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2007/07/27 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:335CB24A
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCD39382
< End of report >



OTL Extras logfile created on: 1/6/2010 8:15:32 AM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.16 Gb Total Space | 538.02 Gb Free Space | 90.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 74.52 Gb Total Space | 36.16 Gb Free Space | 48.53% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 879.74 Gb Total Space | 878.11 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Drive Z: | 923.76 Gb Total Space | 833.57 Gb Free Space | 90.24% Space Free | Partition Type: NTFS

Computer Name: CYC-ASSTMGR
Current User Name: Kevin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"7562:TCP" = 7562:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"7562:TCP" = 7562:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\HP_P2055_full_solution\setup\hppniprint01.exe" = C:\HP_P2055_full_solution\setup\hppniprint01.exe:*:Enabled:hppniprint01.exe -- (Hewlett-Packard)
"C:\HP_P2055_full_solution\setup\hppniprint64.exe" = C:\HP_P2055_full_solution\setup\hppniprint64.exe:*:Enabled:hppniprint64.exe -- (Hewlett-Packard)
"C:\HP_P2055_full_solution\setup\hppnicifs01.exe" = C:\HP_P2055_full_solution\setup\hppnicifs01.exe:*:Enabled:hppnicifs01.exe -- ()
"C:\HP_P2055_full_solution\setup\CustomPrnDnld\hppcstpg.exe" = C:\HP_P2055_full_solution\setup\CustomPrnDnld\hppcstpg.exe:*:Enabled:hppcstpg.exe -- (Hewlett Packard)
"C:\HP_P2055_full_solution\setup\hpbtpg.exe" = C:\HP_P2055_full_solution\setup\hpbtpg.exe:*:Enabled:hpbtpg.exe -- (Hewlet-Packard)
"C:\HP_P2055_full_solution\setup\LaunchApp.exe" = C:\HP_P2055_full_solution\setup\LaunchApp.exe:*:Enabled:launchapp.exe -- (Hewlett Packard)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe" = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe:*:Enabled:BUFFALO NASNavigator2 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0241E073-A1C3-857F-7DA3-9A5DC6C4F60B}" = Catalyst Control Center Graphics Light
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC05C1A-B808-AFAC-7829-CD8901687377}" = Catalyst Control Center Graphics Full Existing
"{0F55F69B-FB6C-5157-A5DC-B8AC58048A1A}" = ATI Catalyst Install Manager
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1927BED2-C503-B243-F29E-C8B09878F026}" = CCC Help English
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20820A45-02A1-144C-21A3-A1812C5DDE23}" = Catalyst Control Center InstallProxy
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 14
"{2771E3A5-918E-530F-FECD-48D5881C9F23}" = Catalyst Control Center Graphics Full New
"{28E92AEE-3D02-9504-6A85-90BBEC8947F2}" = CCC Help Turkish
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3143DA02-D491-4C34-B7D2-0F9EA76486CB}" = RealWorld Icon Editor
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{337445D4-2204-4373-AF01-7C45FDAC5147}" = MagSwipe Configuration Utility
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{377FD9B9-8377-49B9-A052-17BEFFEEE4A2}" = Adobe Creative Suite 4 Web Premium
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3BC1954F-F5C9-4ED2-BB2A-BAEEF4DAC74D}" = TortoiseSVN 1.6.3.16613 (32 bit)
"{3CCE085E-255D-BBEE-7D51-D46FF3E13B1F}" = Catalyst Control Center HydraVision Full
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4BB82AD9-0CF6-4E14-BD75-C1AB657C2914}" = EPSON APD4 Point and Print Support
"{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C5FACB1-ACCA-2D6E-0ADD-6CFF82A131E6}" = ccc-utility
"{5EA59D29-F46A-42E4-9680-DE373D29238D}_is1" = The Gun Dog Training Journal 1.0.4
"{6087F45E-358C-4173-8CB1-DE0AE26FFAE1}" = Catalyst Control Center - Branding
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A7C42A3-02F9-C4E2-3A2B-BED15343DB4E}" = ccc-utility
"{6C32ACBF-B9CA-4d53-BB71-C4FA97582286}_is1" = Sothink DHTML Menu 9
"{6D9306D4-668D-F7B5-30A8-0D20B5D898A0}" = Catalyst Control Center Core Implementation
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7A5029B2-B9EE-BD2F-D1C2-20A89933BC7B}" = Catalyst Control Center Graphics Full New
"{7AAC4B2B-C3D2-465C-9F2C-B9DCF0D7FDB8}" = Adobe Setup
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86C1A488-24AD-42F0-BCEF-FDB11FC2BEFA}" = NetZero For Riverdeep
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D10A452-6509-2774-6F54-249695C1E5EF}" = Catalyst Control Center Graphics Light
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904668DD-4E22-481F-A3A8-0CBA18A91072}_is1" = Sothink Tree Menu
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92DA85CE-37FD-4804-3CE3-438F3FF45C42}" = Catalyst Control Center Graphics Previews Common
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97742B6D-C00A-103C-8633-BB50480D7763}" = Catalyst Control Center Core Implementation
"{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models
"{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5E86ABA-C49F-0D98-038A-2BFF8CC14DDE}" = ccc-core-static
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Franšais, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B262A8C0-9313-4A00-B0EA-B52582AE3FFE}" = SymNet
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B35FDD04-48FD-4D3D-B0EB-088C5137CD42}" = Adobe CS4 Japanese Speech Analysis Models
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD1F8143-C678-43CD-A296-A3A32A8C2976}" = Memeo AutoBackup
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4C2BA9A-E0BE-B4AC-2858-30ED109AAB39}" = CCC Help English
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6769946-D9AA-4D80-8BEB-EF32AA467237}" = w3JMail4
"{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}" = Brother MFL-Pro Suite
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CC03804C-5D9E-B6F5-D2D6-2E8D11CE7C22}" = Catalyst Control Center Graphics Previews Common
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D407F7C0-579E-4CCB-91FD-855CE5084E86}" = Microsoft Visual Studio 2005 Standard Edition - ENU
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DA7F5E9A-F4A8-409B-93BC-923F8CF131A3}" = WebEx Support Manager for Firefox/Netscape/Chrome
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E744BFEA-E027-441E-83A2-36202F661E31}" = Light-O-Rama
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E95130D6-49DA-418C-BEB3-0F4E75F04A15}" = Calendar Creator
"{EDC70B5D-1F84-CC02-5E02-77EA27952209}" = ccc-core-preinstall
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE6A0D54-A89C-542A-3C0F-7DE1DFC0F3A2}" = Catalyst Control Center Graphics Full Existing
"{FE7ADD14-5576-C865-AB6A-84BBC94C883B}" = ccc-core-preinstall
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"Adobe_4db064343401efd6449f33f8411c14b" = Adobe Creative Suite 4 Web Premium
"ATI Display Driver" = ATI Display Driver
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"BadCopy Pro" = BadCopy Pro
"CamStudio" = CamStudio
"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IFXBackup_is1" = IFXBackup 1.0
"ImgBurn" = ImgBurn
"Inno Setup 5_is1" = Inno Setup version 5.2.3
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Standard Edition - ENU" = Microsoft Visual Studio 2005 Standard Edition - ENU
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"PROR" = Microsoft Office Professional 2007
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SecondLife" = SecondLife (remove only)
"Shop for HP Supplies" = Shop for HP Supplies
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = St. Pete Scorer for Lasers
"ST6UNST #2" = St. Pete Scorer
"ST6UNST #3" = ZW
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"UN060501" = BUFFALO NAS Navigator
"UN080307" = BUFFALO LinkStation(LS-WTGL/R1) Setup Guide
"VobSub" = VobSub v2.23 (Remove Only)
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"InstallShield_{BD1F8143-C678-43CD-A296-A3A32A8C2976}" = Memeo AutoBackup

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/5/2010 2:12:13 PM | Computer Name = CYC-ASSTMGR | Source = QuickBooks | ID = 4
Description =

Error - 1/5/2010 2:12:23 PM | Computer Name = CYC-ASSTMGR | Source = QuickBooks | ID = 4
Description =

Error - 1/5/2010 2:12:23 PM | Computer Name = CYC-ASSTMGR | Source = QuickBooks | ID = 4
Description =

Error - 1/5/2010 2:12:23 PM | Computer Name = CYC-ASSTMGR | Source = QuickBooks | ID = 4
Description =

Error - 1/5/2010 2:12:23 PM | Computer Name = CYC-ASSTMGR | Source = QuickBooks | ID = 4
Description =

Error - 1/5/2010 2:12:23 PM | Computer Name = CYC-ASSTMGR | Source = QuickBooks | ID = 4
Description =

Error - 1/5/2010 2:12:23 PM | Computer Name = CYC-ASSTMGR | Source = QuickBooks | ID = 4
Description =

Error - 1/5/2010 2:12:23 PM | Computer Name = CYC-ASSTMGR | Source = QuickBooks | ID = 4
Description =

Error - 1/5/2010 2:12:30 PM | Computer Name = CYC-ASSTMGR | Source = QuickBooks | ID = 4
Description =

Error - 1/5/2010 2:12:40 PM | Computer Name = CYC-ASSTMGR | Source = QuickBooks | ID = 4
Description =

[ System Events ]
Error - 12/2/2009 6:43:34 PM | Computer Name = CYC-ASSTMGR | Source = Service Control Manager | ID = 7023
Description = The Terminal Services service terminated with the following error:
%%193

Error - 12/2/2009 6:43:34 PM | Computer Name = CYC-ASSTMGR | Source = Service Control Manager | ID = 7001
Description = The Fast User Switching Compatibility service depends on the Terminal
Services service which failed to start because of the following error: %%193

Error - 12/2/2009 6:43:37 PM | Computer Name = CYC-ASSTMGR | Source = Service Control Manager | ID = 7001
Description = The Fast User Switching Compatibility service depends on the Terminal
Services service which failed to start because of the following error: %%193

Error - 12/2/2009 6:43:37 PM | Computer Name = CYC-ASSTMGR | Source = Service Control Manager | ID = 7023
Description = The Terminal Services service terminated with the following error:
%%193

Error - 12/2/2009 6:43:38 PM | Computer Name = CYC-ASSTMGR | Source = Service Control Manager | ID = 7023
Description = The Terminal Services service terminated with the following error:
%%193

Error - 12/16/2009 1:23:51 PM | Computer Name = CYC-ASSTMGR | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 12/29/2009 11:57:19 AM | Computer Name = CYC-ASSTMGR | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 1/4/2010 11:33:35 AM | Computer Name = CYC-ASSTMGR | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 1/4/2010 11:39:05 AM | Computer Name = CYC-ASSTMGR | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/4/2010 11:46:18 AM | Computer Name = CYC-ASSTMGR | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).


< End of report >




Computer seems to be running better...now I know this started about one to two weeks ago. My system would just freeze up. Total lock up and I would have to reboot. Once I ran your scan the last time and it rebooted, I haven't had an issue with lock ups.

#11 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:08 PM

Posted 07 January 2010 - 05:05 PM

Hello MindTrik

1. Open notepad and copy/paste the text in the codebox below into it:

ADS::
C:\Documents and Settings\All Users\Application Data\TEMP

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-

Save this as CFScript.txt, in the same location as renamed.exe

2. Close any open browsers.

3. VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.

Posted Image

Refering to the picture above, drag CFScript into renamed.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

***************************************************

Please go to the Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply .
~Blade


In your next reply, please include the following:
ComboFix Log
Kaspersky Online Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#12 MindTrik

MindTrik
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 08 January 2010 - 03:16 PM

ComboFix 10-01-04.01 - Kevin 01/08/2010 10:09:18.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2249 [GMT -5:00]
Running from: c:\documents and settings\Kevin\Desktop\renamed.exe
Command switches used :: c:\documents and settings\Kevin\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.
ADS - TEMP: deleted 403 bytes in 2 streams.

((((((((((((((((((((((((( Files Created from 2009-12-08 to 2010-01-08 )))))))))))))))))))))))))))))))
.

2010-01-04 16:09 . 2009-09-09 18:10 223600 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\NortonProtectionMemo.exe
2009-12-17 16:57 . 2009-12-17 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-12-16 16:46 . 2009-12-16 16:46 7900 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-16 16:44 . 2009-11-04 15:04 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-12-16 16:44 . 2009-11-04 15:45 479232 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-12-16 16:44 . 2009-11-04 15:28 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-12-16 16:44 . 2009-11-04 15:04 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-12-16 16:44 . 2009-09-01 20:55 195855 ----a-w- c:\windows\system32\atiicdxx.dat
2009-12-16 16:43 . 2009-12-16 16:43 10134 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{20820A45-02A1-144C-21A3-A1812C5DDE23}\ARPPRODUCTICON.exe
2009-12-16 16:43 . 2009-12-17 16:57 -------- d-----w- c:\program files\ATI
2009-12-16 16:05 . 2009-11-04 14:51 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-12-16 16:05 . 2009-11-04 14:46 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-12-16 16:05 . 2009-11-04 14:45 3526656 ----a-w- c:\windows\system32\aticaldd.dll
2009-12-16 16:05 . 2009-05-11 22:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2009-12-16 16:05 . 2009-11-04 15:17 13000704 ----a-w- c:\windows\system32\atioglxx.dll
2009-12-16 16:05 . 2009-11-04 14:46 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-12-16 16:03 . 2009-12-16 16:03 -------- d-----w- C:\ATI
2009-12-16 14:55 . 2009-12-16 14:55 117760 ----a-w- c:\documents and settings\Kevin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-16 14:54 . 2009-12-16 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-16 14:54 . 2009-12-16 17:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-16 14:54 . 2009-12-16 14:54 -------- d-----w- c:\documents and settings\Kevin\Application Data\SUPERAntiSpyware.com
2009-12-16 14:35 . 2009-12-16 14:35 -------- d-----w- c:\documents and settings\Kevin\Application Data\Malwarebytes
2009-12-16 14:35 . 2009-12-16 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-16 14:35 . 2009-12-17 14:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-15 18:48 . 2009-12-16 17:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-15 18:48 . 2009-12-16 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-15 14:38 . 2009-12-15 14:38 -------- d-----w- c:\documents and settings\Kevin\Application Data\HeidiSQL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 15:11 . 2009-01-13 21:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-07 20:48 . 2009-01-13 21:18 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-04 16:09 . 2009-01-13 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-04 16:05 . 2009-05-29 12:44 -------- d-----w- c:\program files\Google
2010-01-04 15:56 . 2009-06-30 03:20 -------- d-----w- c:\documents and settings\Kevin\Application Data\TGDTJ
2010-01-04 15:56 . 2009-01-26 15:25 -------- d-----w- c:\documents and settings\Kevin\Application Data\Dropbox
2009-12-16 16:43 . 2009-01-13 21:15 -------- d-----w- c:\program files\ATI Technologies
2009-12-09 15:10 . 2009-12-09 15:09 -------- d-----w- c:\program files\SpeedFan
2009-12-09 14:48 . 2009-05-05 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-04 15:54 . 2009-01-13 21:13 320112 ----a-w- c:\documents and settings\Kevin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-03 18:24 . 2009-12-03 18:24 152576 ----a-w- c:\documents and settings\Kevin\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-03 18:24 . 2009-12-03 18:24 79488 ----a-w- c:\documents and settings\Kevin\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-03 17:51 . 2009-12-03 17:51 -------- d-----w- c:\program files\Light-O-Rama
2009-12-03 17:51 . 2009-12-03 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Light-O-Rama
2009-12-02 14:48 . 2009-01-13 22:15 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-17 16:26 . 2009-08-28 20:45 -------- d-----w- c:\documents and settings\Kevin\Application Data\HpUpdate
2009-11-04 16:15 . 2008-04-23 04:35 4423168 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-11-04 15:44 . 2008-04-23 03:11 300032 ----a-w- c:\windows\system32\ati2dvag.dll
2009-11-04 15:29 . 2008-04-23 03:02 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-04 15:29 . 2008-04-23 03:02 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-04 15:29 . 2008-04-23 03:02 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-11-04 15:29 . 2008-04-23 03:01 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-04 15:28 . 2008-04-23 03:01 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-11-04 15:27 . 2008-04-23 03:00 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-11-04 15:26 . 2008-04-23 02:58 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-11-04 15:18 . 2008-04-23 02:49 3518304 ----a-w- c:\windows\system32\ati3duag.dll
2009-11-04 15:05 . 2008-04-23 02:39 2135680 ----a-w- c:\windows\system32\ativvaxx.dll
2009-11-04 14:51 . 2008-04-23 02:25 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-04 14:47 . 2008-04-23 02:21 565248 ----a-w- c:\windows\system32\atikvmag.dll
2009-11-04 14:45 . 2008-04-23 02:20 172032 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-04 14:45 . 2008-04-23 02:20 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-11-04 14:44 . 2008-04-23 03:06 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2009-11-04 14:44 . 2008-04-23 02:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-04 14:39 . 2008-04-23 02:13 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-11-02 16:16 . 2009-11-02 16:16 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 07:45 . 2007-07-27 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2007-07-27 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2007-07-27 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2007-07-27 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2007-07-27 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2007-07-27 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2007-07-27 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-04-01 02:47 . 2009-01-14 16:28 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-01-23 09:19 . 2009-01-23 09:19 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-01-23 09:19 . 2009-01-23 09:19 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-01-23 09:22 . 2009-01-23 09:22 27976 ----a-w- c:\program files\mozilla firefox\plugins\atsc3cls.dll
2009-01-23 09:19 . 2009-01-23 09:19 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\documents and settings\Kevin\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\documents and settings\Kevin\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\documents and settings\Kevin\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IFXBackup"="c:\program files\IFXBackup\IFXBackup.exe" [2006-06-30 978944]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-06 39408]
"TGDTJ"="c:\program files\The Gun Dog Training Journal\TGDTJ.exe" [2009-07-05 794624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-11-13 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-05 630784]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-11-07 65536]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]

c:\documents and settings\Kevin\Start Menu\Programs\Startup\
BUFFALO NAS Navigator.lnk - c:\program files\BUFFALO\NASNAVI\NasNavi.exe [2009-4-30 1238432]
Dropbox.lnk - c:\documents and settings\Kevin\Application Data\Dropbox\bin\Dropbox.exe [2009-8-29 26784939]
Memeo AutoBackup Launcher.lnk - c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{BD1F8143-C678-43CD-A296-A3A32A8C2976}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2009-4-30 73728]
NAS Scheduler.lnk - c:\program files\BUFFALO\NASNAVI\nassche.exe [2009-4-30 200704]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-10-22 972064]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\HP_P2055_full_solution\\setup\\hppniprint01.exe"=
"c:\\HP_P2055_full_solution\\setup\\hppniprint64.exe"=
"c:\\HP_P2055_full_solution\\setup\\hppnicifs01.exe"=
"c:\\HP_P2055_full_solution\\setup\\CustomPrnDnld\\hppcstpg.exe"=
"c:\\HP_P2055_full_solution\\setup\\hpbtpg.exe"=
"c:\\HP_P2055_full_solution\\setup\\LaunchApp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"7562:TCP"= 7562:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3246:TCP"= 3246:TCP:Services

R2 EpsonPOSLog;Epson Point of Service Log Service;c:\program files\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe [11/28/2008 11:30 PM 290816]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 2:37 PM 149352]
R2 NasPmService;NAS PM Service;c:\program files\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> c:\program files\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
R2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/29/2009 12:24 PM 102448]
S2 gupdate1c9e6b67a3223f4;Google Update Service (gupdate1c9e6b67a3223f4);c:\program files\Google\Update\GoogleUpdate.exe [6/6/2009 9:52 AM 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 9:32 PM 23888]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-01-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-29 14:52]

2010-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-06 14:52]

2010-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-06 14:52]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {603335CE-18CB-4D99-9876-CEE37272D857} = 24.25.5.148,24.25.5.147
FF - ProfilePath - c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\nheonbmg.default\
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-08 10:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(1080)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(21108)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\documents and settings\Kevin\Application Data\Dropbox\bin\DropboxExt.3.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-08 10:17:31
ComboFix-quarantined-files.txt 2010-01-08 15:17
ComboFix2.txt 2010-01-04 16:00

Pre-Run: 576,065,720,320 bytes free
Post-Run: 576,027,320,320 bytes free

- - End Of File - - 093AC5A5EAD14C354400273EE5536D4B






--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, January 8, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, January 08, 2010 16:20:19
Records in database: 3318712
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\
J:\
Z:\

Scan statistics:
Objects scanned: 304940
Threats found: 17
Infected objects found: 31
Suspicious objects found: 11
Scan duration: 03:51:31


File name / Threat / Threats count
C:\Documents and Settings\Kevin\Application Data\Thunderbird\Profiles\9wma2npx.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.HTML.Citifraud.ag 2
C:\Documents and Settings\Kevin\Application Data\Thunderbird\Profiles\9wma2npx.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.HTML.Citifraud.ay 2
C:\Documents and Settings\Kevin\Application Data\Thunderbird\Profiles\9wma2npx.default\Mail\Local Folders\Inbox Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\Kevin\Application Data\Thunderbird\Profiles\9wma2npx.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.HTML.Citifraud.bs 1
C:\Documents and Settings\Kevin\Application Data\Thunderbird\Profiles\9wma2npx.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.HTML.Bankfraud.aq 1
C:\Documents and Settings\Kevin\Application Data\Thunderbird\Profiles\9wma2npx.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.HTML.Bankfraud.hu 1
C:\Documents and Settings\Kevin\Application Data\Thunderbird\Profiles\9wma2npx.default\Mail\Local Folders\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 2
C:\Documents and Settings\Kevin\Application Data\Thunderbird\Profiles\9wma2npx.default\Mail\Local Folders\Sent Infected: Trojan-Spy.HTML.Bankfraud.hu 1
C:\Documents and Settings\Kevin\Application Data\Thunderbird\Profiles\9wma2npx.default\Mail\Local Folders\Sent Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 8
C:\Documents and Settings\Kevin\Application Data\Thunderbird\Profiles\9wma2npx.default\Mail\Local Folders\SPAM Infected: Trojan-Spy.HTML.Sunfraud.ai 1
C:\Documents and Settings\Kevin\Application Data\Thunderbird\Profiles\9wma2npx.default\Mail\Local Folders\SPAM Infected: Trojan-Spy.HTML.Sunfraud.ax 1
C:\Documents and Settings\Kevin\Application Data\Thunderbird\Profiles\9wma2npx.default\Mail\Local Folders\SPAM Infected: Trojan-Spy.HTML.Bankfraud.cm 6
C:\Documents and Settings\Kevin\Application Data\Thunderbird\Profiles\9wma2npx.default\Mail\Local Folders\SPAM Infected: Trojan-Spy.HTML.Wamufraud.au 2
C:\Documents and Settings\Kevin\Application Data\Thunderbird\Profiles\9wma2npx.default\Mail\Local Folders\SPAM Suspicious: Exploit.HTML.Iframe.FileDownload 5
C:\Documents and Settings\Kevin\Application Data\Thunderbird\Profiles\9wma2npx.default\Mail\Local Folders\SPAM Suspicious: Trojan-Spy.HTML.Fraud.gen 2
C:\Documents and Settings\Kevin\Application Data\Thunderbird\Profiles\9wma2npx.default\Mail\Local Folders\SPAM Infected: Net-Worm.Win32.Afire.b 1
C:\Documents and Settings\Kevin\Application Data\Thunderbird\Profiles\9wma2npx.default\Mail\Local Folders\SPAM Infected: Trojan-Spy.HTML.Paylap.dl 1
C:\Documents and Settings\Kevin\Application Data\Thunderbird\Profiles\9wma2npx.default\Mail\Local Folders\SPAM Infected: Net-Worm.Win32.Allaple.a 1
C:\Documents and Settings\Kevin\Application Data\Thunderbird\Profiles\9wma2npx.default\Mail\Local Folders\SPAM Infected: Trojan-Downloader.Win32.Small.byc 1
C:\Documents and Settings\Kevin\Application Data\Thunderbird\Profiles\9wma2npx.default\Mail\Local Folders\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Kevin\Application Data\Thunderbird\Profiles\9wma2npx.default\Mail\Local Folders\Trash Infected: Trojan.Win32.Buzus.haz 1

Scanning stopped by the user.


I stopped the scanner because it moved to the other drive, which is a storage drive. Not sure why it is picking up trogans in my email and it would be nice to know WHAT emails to look at so I can delete them...I think some of the email stuff might be false positives.

#13 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:08 PM

Posted 10 January 2010 - 11:12 AM

Hello MindTrik.

I stopped the scanner because it moved to the other drive, which is a storage drive.

Some malware can move between drives on a machine. You may wish to redo the scan to ensure this hasn't happened.

***************************************************

Not sure why it is picking up trogans in my email and it would be nice to know WHAT emails to look at so I can delete them...I think some of the email stuff might be false positives.


Some malware spreads via infected email using a variety of means. While it's possible that some of the hits Kaspersky reported were false positives, the number and variations of the detections leave little doubt in my mind that most of them are accurate.

You need to empty your Spam and Deleted Items (Trash) folders in Thunderbird. You should also go through your inbox and delete any suspicious messages. After doing this, you will need to compress Thunderbird's storage folders to permanently remove the deleted messages. To do this, click the account on the left, and then click File > Compact Folders. Compacting an account may take from a few seconds to 10 minutes or more, depending on how much mail you have and how recently you last compacted the folders. Thunderbird may become non-responsive during this process. . . but should recover when compacting is complete.

***************************************************

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 17.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

~Blade


In your next reply, please include the following:
How is your computer running now?
Any further questions?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#14 MindTrik

MindTrik
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 12 January 2010 - 11:23 AM

I have done the above and the computer seems to be running fine. I appreciate all of your help on this!

#15 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:08 PM

Posted 12 January 2010 - 10:01 PM

Hello MindTrik
  • Click on Start>Run
  • Now type combofix /Uninstall in the runbox and click OK. Notice the space between the "x" and "/".
  • You will then recieve a message letting you know that Combofix was uninstalled Successfully.
This will remove files/folders assoicated with combofix and uninstall it.

***************************************************

Your machine appears to be clean!

I suggest you visit the following additional information listed below:I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache! Posted Image
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

For a nice list of freeware programs in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.

Another recommendation, is to download HostsMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Updates" in the submenu
    • Out of the three, select at least one of them (I have MVPS Host as my main one)
    • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      Posted Image
  • Click the X to exit the program.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users