Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop Security 2010 (?) fixed, now Google bad redirect


  • This topic is locked This topic is locked
16 replies to this topic

#1 brisolts

brisolts

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:03:08 PM

Posted 26 January 2010 - 08:22 PM

Hello All!
Our desktop machine came down with a virus. I was running McAfee and my wife clicked on a link to unsubscribe from what she thought was a legitimate email message. She thinks McAfee came up with a warning asking if the program could make changes and clicked 'just this time' (or whatever it says). After that a 'anti-virus' program would pop-up messages saying that the machine was infected and buy/upgrade their software.
The task manager was disabled, and I could not start the cmd prompt, and a few programs were disabled (Ms outlook express). Google links were also getting redirected at that time. Mcafee couldn't handle it so i scouted around and searched on the google links issue and my search led me to bleepingcomputer.
I can't find my notes from the fix and some of the details of what i did were fuzzy now, but I KNOW that I followed some directions and ran the "rkill.com" to stop the program from coming up. And then I ran Malwarebytes' Anti-Malware to clean it up. That fixed the virus issue GREAT!!! I re-scanned using Mcafee and thought i was all done, but the Google Misdirection of links is still there. I have since ran Spybot, AdAware, removed Mcafee and installed Microsoft Security Essentials thinking that the programs could get a piece of the REDIRECT issue and fix it. But it is still there. Until it is gone I don't feel too comfortable about using the desktop for all those great things i would like to use it for.

After reviewing some of the descriptions of the viruses, i thought the original was Desktop Security 2010 - but I can't be sure anymore sad.gif I have been running a lot of computer scans over the last few days smile.gif

any help is appreciated,
brian

This site looks really cool, I would like to spend some quality time checking out the tutorials and learning something useful!
--------------------------------------------------------------
DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 19:19:37.03 on Tue 01/26/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1215.527 [GMT -5:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\windows\System32\svchost.exe -k imgsvc
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\windows\Explorer.EXE
C:\windows\LTMSG.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://us9.hpwis.com/
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
uSearch Bar = hxxp://srch-us9.hpwis.com/
mSearch Bar = hxxp://srch-us9.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} -
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LTMSG] LTMSG.exe 7
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck /autofix /waitstart
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
Trusted Zone: healthcareforamericanow.org
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: GeoConvertCab - hxxp://www.co.jackson.mi.us/CountyGIS/GeoConvert.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.40/uploader2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127151834109
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5137/mcfscan.cab
Notify: igfxcui - igfxsrvc.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 71.4.140.20 bart.enkitec.com

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-10-9 214664]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-24 135664]
S3 ADPUSBLD;Adaptec USBXchange Firmware Installer;c:\windows\system32\drivers\Adpusbld.sys [2001-6-4 14061]
S3 ADPUSBMS;Adaptec USBXchange Mass Storage Driver;c:\windows\system32\drivers\Adpusbst.sys [2001-6-5 18560]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-10-9 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-10-9 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-10-9 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-10-9 40552]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2003-11-19 11520]

=============== Created Last 30 ================

2010-01-26 15:52:16 0 d-----w- c:\program files\Microsoft Security Essentials
2010-01-26 00:31:25 3764 ----a-w- c:\windows\system32\OEMINFO.PNF
2010-01-25 17:02:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-16 16:23:17 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-01-16 14:30:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-16 13:27:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt
2010-01-16 13:07:29 0 ----a-w- c:\windows\system32\19895.exe
2010-01-16 12:47:28 0 ----a-w- c:\windows\system32\19718.exe
2010-01-16 12:27:28 0 ----a-w- c:\windows\system32\18716.exe
2010-01-16 12:07:28 0 ----a-w- c:\windows\system32\17421.exe
2010-01-16 11:47:28 0 ----a-w- c:\windows\system32\12382.exe
2010-01-16 11:27:28 0 ----a-w- c:\windows\system32\292.exe
2010-01-16 11:07:28 0 ----a-w- c:\windows\system32\153.exe
2010-01-16 10:47:28 0 ----a-w- c:\windows\system32\3902.exe
2010-01-16 10:27:28 0 ----a-w- c:\windows\system32\14604.exe
2010-01-16 10:07:28 0 ----a-w- c:\windows\system32\32391.exe
2010-01-16 09:47:28 0 ----a-w- c:\windows\system32\5436.exe
2010-01-16 09:27:28 0 ----a-w- c:\windows\system32\4827.exe
2010-01-16 09:07:27 0 ----a-w- c:\windows\system32\11942.exe
2010-01-16 08:47:27 0 ----a-w- c:\windows\system32\2995.exe
2010-01-16 08:27:27 0 ----a-w- c:\windows\system32\491.exe
2010-01-16 08:07:27 0 ----a-w- c:\windows\system32\9961.exe
2010-01-16 07:47:27 0 ----a-w- c:\windows\system32\16827.exe
2010-01-16 07:27:27 0 ----a-w- c:\windows\system32\23281.exe
2010-01-16 07:07:27 0 ----a-w- c:\windows\system32\28145.exe
2010-01-16 06:47:27 0 ----a-w- c:\windows\system32\5705.exe
2010-01-16 06:27:27 0 ----a-w- c:\windows\system32\24464.exe
2010-01-16 06:07:27 0 ----a-w- c:\windows\system32\26962.exe
2010-01-16 05:47:27 0 ----a-w- c:\windows\system32\29358.exe
2010-01-16 05:27:26 0 ----a-w- c:\windows\system32\11478.exe
2010-01-16 05:07:26 0 ----a-w- c:\windows\system32\15724.exe
2010-01-16 04:47:26 0 ----a-w- c:\windows\system32\19169.exe
2010-01-16 04:27:26 0 ----a-w- c:\windows\system32\26500.exe
2010-01-16 00:39:35 522 ----a-w- c:\windows\hegames.ini
2010-01-16 00:39:27 0 d-----w- C:\hegames
2010-01-15 19:25:27 1 ----a-w- C:\s
2010-01-13 11:53:28 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2009-12-21 13:19:18 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-16 02:39:33 2146 ----a-w- c:\program files\USGS_24k_topo_index_with_topo_base.kmz
2005-11-14 21:43:56 948936 ----a-w- c:\program files\install_flash_player.exe
2009-06-09 06:28:38 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-08-04 07:07:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080420080805\index.dat

============= FINISH: 19:20:07.48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 PM

Posted 02 February 2010 - 06:20 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

Do you still require help?

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 brisolts

brisolts
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:03:08 PM

Posted 03 February 2010 - 07:45 PM

Hi EB !
Yes, I do require help - the only symptom that I seem to be having is that my Google links are still getting redirected. I am hoping that is the extent of the damage, but my trust/bond with my desktop has been shattered.

ALSO, Microsoft Security Essentials, did prompt me TODAY prior to running the logs to remove Trojan:Win32/Alureon.CO
I attached "CutScreenShot.GIF" so you can see the detected item and when it got removed (twice) from the system.

I usually run McAfee, as I get it for free through my cable subscriber, Comcast, but since this trouble i had uninstalled it and installed MS security essentials - any recommendations on which Virus protection program I should use?

Thank you for helping ! smile.gif
brian

---------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 19:12:12.32 on Wed 02/03/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1215.636 [GMT -5:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\windows\System32\svchost.exe -k imgsvc
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\windows\Explorer.EXE
C:\windows\LTMSG.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\windows\system32\rundll32.exe
C:\windows\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://us9.hpwis.com/
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
uSearch Bar = hxxp://srch-us9.hpwis.com/
mSearch Bar = hxxp://srch-us9.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} -
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LTMSG] LTMSG.exe 7
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck /autofix /waitstart
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
Trusted Zone: healthcareforamericanow.org
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: GeoConvertCab - hxxp://www.co.jackson.mi.us/CountyGIS/GeoConvert.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.40/uploader2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127151834109
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5137/mcfscan.cab
Notify: igfxcui - igfxsrvc.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 71.4.140.20 bart.enkitec.com

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-10-9 214664]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-24 135664]
S3 ADPUSBLD;Adaptec USBXchange Firmware Installer;c:\windows\system32\drivers\Adpusbld.sys [2001-6-4 14061]
S3 ADPUSBMS;Adaptec USBXchange Mass Storage Driver;c:\windows\system32\drivers\Adpusbst.sys [2001-6-5 18560]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-10-9 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-10-9 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-10-9 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-10-9 40552]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2003-11-19 11520]

=============== Created Last 30 ================

2010-02-01 12:53:12 282112 ----a-w- c:\windows\system32\TBD8C.tmp
2010-01-26 15:52:16 0 d-----w- c:\program files\Microsoft Security Essentials
2010-01-26 00:31:25 3764 ----a-w- c:\windows\system32\OEMINFO.PNF
2010-01-25 17:02:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-16 16:23:17 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-01-16 14:30:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-16 13:27:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt
2010-01-16 13:07:29 0 ----a-w- c:\windows\system32\19895.exe
2010-01-16 12:47:28 0 ----a-w- c:\windows\system32\19718.exe
2010-01-16 12:27:28 0 ----a-w- c:\windows\system32\18716.exe
2010-01-16 12:07:28 0 ----a-w- c:\windows\system32\17421.exe
2010-01-16 11:47:28 0 ----a-w- c:\windows\system32\12382.exe
2010-01-16 11:27:28 0 ----a-w- c:\windows\system32\292.exe
2010-01-16 11:07:28 0 ----a-w- c:\windows\system32\153.exe
2010-01-16 10:47:28 0 ----a-w- c:\windows\system32\3902.exe
2010-01-16 10:27:28 0 ----a-w- c:\windows\system32\14604.exe
2010-01-16 10:07:28 0 ----a-w- c:\windows\system32\32391.exe
2010-01-16 09:47:28 0 ----a-w- c:\windows\system32\5436.exe
2010-01-16 09:27:28 0 ----a-w- c:\windows\system32\4827.exe
2010-01-16 09:07:27 0 ----a-w- c:\windows\system32\11942.exe
2010-01-16 08:47:27 0 ----a-w- c:\windows\system32\2995.exe
2010-01-16 08:27:27 0 ----a-w- c:\windows\system32\491.exe
2010-01-16 08:07:27 0 ----a-w- c:\windows\system32\9961.exe
2010-01-16 07:47:27 0 ----a-w- c:\windows\system32\16827.exe
2010-01-16 07:27:27 0 ----a-w- c:\windows\system32\23281.exe
2010-01-16 07:07:27 0 ----a-w- c:\windows\system32\28145.exe
2010-01-16 06:47:27 0 ----a-w- c:\windows\system32\5705.exe
2010-01-16 06:27:27 0 ----a-w- c:\windows\system32\24464.exe
2010-01-16 06:07:27 0 ----a-w- c:\windows\system32\26962.exe
2010-01-16 05:47:27 0 ----a-w- c:\windows\system32\29358.exe
2010-01-16 05:27:26 0 ----a-w- c:\windows\system32\11478.exe
2010-01-16 05:07:26 0 ----a-w- c:\windows\system32\15724.exe
2010-01-16 04:47:26 0 ----a-w- c:\windows\system32\19169.exe
2010-01-16 04:27:26 0 ----a-w- c:\windows\system32\26500.exe
2010-01-16 00:39:35 522 ----a-w- c:\windows\hegames.ini
2010-01-16 00:39:27 0 d-----w- C:\hegames
2010-01-15 19:25:27 1 ----a-w- C:\s
2010-01-13 11:53:28 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2009-12-21 13:19:18 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-16 02:39:33 2146 ----a-w- c:\program files\USGS_24k_topo_index_with_topo_base.kmz
2005-11-14 21:43:56 948936 ----a-w- c:\program files\install_flash_player.exe
2009-06-09 06:28:38 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-08-04 07:07:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080420080805\index.dat

============= FINISH: 19:12:35.26 ===============

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 PM

Posted 04 February 2010 - 08:14 PM

Let's begin with Combofix.

Download and Run Combofix

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 brisolts

brisolts
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:03:08 PM

Posted 04 February 2010 - 09:53 PM

Hi EB -
Thanks for your reply! I ran combofix, I copied the log file AND attached it - didn't know which way you would like better.

thanks,
brian
--------------------------------------------------------------------------------------------
ComboFix 10-02-04.06 - Owner 02/04/2010 21:42:21.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1215.703 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\s
c:\windows\system\oeminfo.ini
c:\windows\system32\11478.exe
c:\windows\system32\11942.exe
c:\windows\system32\12382.exe
c:\windows\system32\14604.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\17421.exe
c:\windows\system32\18716.exe
c:\windows\system32\19169.exe
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\32391.exe
c:\windows\system32\3902.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5705.exe
c:\windows\system32\9961.exe
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\ps2.bat
c:\windows\system32\VB6KO.DLL
G:\autorun.inf
L:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-01-05 to 2010-02-05 )))))))))))))))))))))))))))))))
.

2010-01-26 15:52 . 2010-01-26 15:52 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-01-25 17:02 . 2010-01-14 16:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-25 03:16 . 2010-01-25 03:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-01-25 03:06 . 2010-01-27 19:11 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2010-01-25 03:06 . 2010-01-25 03:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-01-25 03:05 . 2010-01-26 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-16 16:23 . 2010-01-16 16:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-01-16 14:30 . 2010-01-16 14:30 -------- d-----w- c:\documents and settings\Brian\Application Data\Malwarebytes
2010-01-16 14:30 . 2010-01-16 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-16 14:18 . 2010-01-16 14:18 -------- d-----w- c:\documents and settings\Brian\Application Data\Ipswitch
2010-01-16 13:27 . 2010-01-16 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2010-01-16 00:39 . 2010-01-21 03:34 -------- d-----w- C:\hegames
2010-01-13 11:53 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 23:20 . 2008-09-05 06:07 -------- d-----w- c:\program files\Quicken
2010-02-04 14:58 . 2008-09-05 06:00 -------- d-----w- c:\program files\lg_fwupdate
2010-01-26 15:49 . 2008-09-05 06:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-26 15:48 . 2008-09-05 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-26 15:43 . 2008-09-05 06:00 -------- d-----w- c:\program files\Lavasoft
2010-01-26 12:45 . 2009-10-11 19:47 -------- d-----w- c:\program files\TCOYF
2010-01-26 12:39 . 2008-09-05 06:09 -------- d-----w- c:\program files\Symantec
2010-01-26 12:39 . 2008-09-05 05:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-25 17:14 . 2008-09-05 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-25 03:11 . 2008-12-11 04:22 -------- d-----w- c:\program files\Google
2010-01-22 13:05 . 2008-09-05 06:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-16 14:14 . 2010-01-16 14:14 75376 ----a-w- c:\documents and settings\Brian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 03:34 . 2008-09-05 05:56 -------- d-----w- c:\program files\CyberLink
2010-01-15 14:58 . 2008-09-05 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2009-12-21 19:14 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-03 15:01 . 2009-12-03 15:01 6725632 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181625-18178.dll
2009-12-03 14:59 . 2009-06-02 04:17 245760 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2009-11-21 15:51 . 2003-03-31 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-16 02:39 . 2009-10-16 02:39 2146 ----a-w- c:\program files\USGS_24k_topo_index_with_topo_base.kmz
2005-11-14 21:43 . 2005-11-14 21:43 948936 ----a-w- c:\program files\install_flash_player.exe
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2003-08-23 14:18 . 2003-06-19 02:19 53248 c:\hp\bin\bak\AUTOTKIT.EXE

2003-08-23 14:05 . 2003-02-12 03:02 61440 c:\hp\KBD\bak\KBD.EXE

2003-08-23 14:14 . 2005-11-04 04:14 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

2003-02-13 15:01 . 2003-02-13 15:01 155648 c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe

2005-03-21 21:19 . 2005-12-27 17:37 59040 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe

2003-06-23 04:25 . 2003-06-23 04:25 24576 c:\program files\Hewlett-Packard\Digital Imaging\bin\bak\backupnotify.exe

2002-10-07 14:23 . 2002-10-07 14:23 90112 c:\program files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe

2003-08-23 14:01 . 2003-05-23 10:03 49152 c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak\hphupd05.exe

2003-06-14 06:53 . 2003-06-14 06:53 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd.exe

2002-08-14 18:39 . 2002-09-24 21:39 147456 c:\program files\Iomega\AutoDisk\bak\ADUserMon.exe

2002-07-16 17:56 . 2002-07-16 15:55 32768 c:\program files\Iomega\DriveIcons\bak\deskup.exe

2002-07-16 17:56 . 2002-08-13 19:30 86016 c:\program files\Iomega\DriveIcons\bak\ImgIcon.exe

2007-07-31 22:44 . 2007-07-31 22:44 271672 c:\program files\iTunes\bak\iTunesHelper.exe

2006-05-16 11:19 . 2005-11-10 17:03 36975 c:\program files\Java\jre1.5.0_06\bin\bak\jusched.exe

2003-08-09 16:27 . 2003-08-09 16:27 139264 c:\program files\Multimedia Card Reader\bak\shwicon2k.exe

2007-06-29 10:24 . 2007-06-29 10:24 286720 c:\program files\QuickTime\bak\QTTask.exe
2008-05-27 14:50 . 2008-05-27 14:50 413696 c:\program files\QuickTime\QTTask.exe

2006-05-01 14:03 . 2006-05-01 14:03 100056 c:\program files\SymNetDrv\bak\SNDMon.exe
2006-05-01 14:03 . 2007-10-10 02:43 95960 c:\program files\SymNetDrv\SNDMon.exe

2003-08-23 14:34 . 2002-09-14 04:42 212992 c:\windows\SMINST\bak\RECGUARD.EXE

2007-10-07 16:54 . 2007-10-12 22:50 180 c:\windows\system\bak\hpsysdrv.DAT
2003-11-07 02:43 . 2007-10-07 16:47 1400 c:\windows\system\hpsysdrv.DAT

2003-08-23 13:27 . 1998-05-07 23:04 52736 c:\windows\system\bak\hpsysdrv.exe

2003-08-23 13:35 . 2003-04-07 14:07 114688 c:\windows\system32\bak\hkcmd.exe

2003-08-23 14:01 . 2003-05-23 09:55 483328 c:\windows\system32\bak\hphmon05.exe

2003-08-23 14:05 . 2002-10-16 23:57 81920 c:\windows\system32\bak\ps2.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-07-28 852038]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-14 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-10-10 95960]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2007-02-26 249856]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [N/A]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [N/A]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\Brian\Start Menu\Programs\Startup\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-11-7 98304]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-11-7 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\Program Files\\WS_FTP Pro\\wsftppro.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2010 10:06 PM 135664]
S3 ADPUSBLD;Adaptec USBXchange Firmware Installer;c:\windows\system32\drivers\Adpusbld.sys [6/4/2001 2:34 PM 14061]
S3 ADPUSBMS;Adaptec USBXchange Mass Storage Driver;c:\windows\system32\drivers\Adpusbst.sys [6/5/2001 6:14 PM 18560]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [11/19/2003 8:48 PM 11520]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-12-05 16:27 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 03:05]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 03:05]

2010-02-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36]

2010-02-04 c:\windows\Tasks\User_Feed_Synchronization-{FAF0C22C-43A0-401E-A7CC-1037C94C6032}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
mSearch Bar = hxxp://srch-us9.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: healthcareforamericanow.org
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: GeoConvertCab - hxxp://www.co.jackson.mi.us/CountyGIS/GeoConvert.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.40/uploader2.cab
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-342970EF-F8DF-4E9B-8477-A1A03E3E15E1 - c:\program files\WildTangent\Apps\GameChannel\Games\342970EF-F8DF-4E9B-8477-A1A03E3E15E1\Uninstall.exe
AddRemove-3D Home Architect Deluxe 3.0 - c:\progra~1\3DHOME~1\DeIsL1.isu
AddRemove-62067F4C-84A9-45B9-8573-B90468B0A3EF - c:\program files\WildTangent\Apps\GameChannel\Games\62067F4C-84A9-45B9-8573-B90468B0A3EF\Uninstall.exe
AddRemove-BFBCBAE3-8293-4215-9C4F-C2402C118EDB - c:\program files\WildTangent\Apps\GameChannel\Games\BFBCBAE3-8293-4215-9C4F-C2402C118EDB\Uninstall.exe
AddRemove-HijackThis - c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4SHWMDHM\HijackThis.exe
AddRemove-KBD - c:\hp\KBD\KBD.EXE
AddRemove-PS2 - c:\windows\system32\ps2.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 21:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys iomdisk.sys hal.dll ACPI.sys atapi.sys >>UNKNOWN [0x8930C8C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74a3b3a
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
SecurityProcedure -> ntoskrnl.exe @ 0x8059b3ed
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
SecurityProcedure -> ntoskrnl.exe @ 0x8059b3ed
NDIS: NVIDIA nForce MCP Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7845bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7852a21
SendHandler -> NDIS.sys @ 0xf783087b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\program files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2010-02-04 21:50:56
ComboFix-quarantined-files.txt 2010-02-05 02:50

Pre-Run: 16,287,084,544 bytes free
Post-Run: 16,647,196,672 bytes free

- - End Of File - - BF074945AA299C51DAD781132104B8C0

--------------------------------------------------------------------------------------------

Attached Files



#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 PM

Posted 05 February 2010 - 08:01 PM

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  7. Push
  8. A report will open. Copy and Paste that report in your next reply.
  9. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.


Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 brisolts

brisolts
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:03:08 PM

Posted 06 February 2010 - 04:01 PM

EB -
The OTL ran fine and I attached the reports. I had some problems running Kaspersky, so I had to uninstall java, reinstall and I could NOT get java enabled via IE. I could only get Kaspersky to run using Opera browser.
I copied and pasted all the files and attached them also.

Kaspersky ran for 6 hours so that was quite the effort.

thanks,
brian

-- OTListIt.txt --------------------------------------------------------------------------------------
OTL logfile created on: 2/6/2010 7:43:34 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): c:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.53 Gb Total Space | 16.20 Gb Free Space | 20.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149.01 Gb Total Space | 116.27 Gb Free Space | 78.03% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 465.65 Gb Total Space | 158.13 Gb Free Space | 33.96% Space Free | Partition Type: FAT32
Drive N: | 81.68 Gb Total Space | 78.01 Gb Free Space | 95.51% Space Free | Partition Type: NTFS
Drive O: | 56.73 Gb Total Space | 40.57 Gb Free Space | 71.50% Space Free | Partition Type: NTFS
Drive P: | 79.14 Gb Total Space | 79.08 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

Computer Name: NATHANLYDIA
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/06 07:38:15 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/09/13 18:52:50 | 001,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/07/02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/12/14 10:53:45 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/13 19:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/05 11:34:52 | 000,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/11/26 13:54:22 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/11/26 13:54:12 | 001,554,728 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/11/26 13:54:02 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2007/07/24 14:17:08 | 000,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/02/26 09:40:26 | 000,249,856 | ---- | M] (BL) -- C:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2003/07/28 13:19:00 | 000,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2003/07/14 09:52:44 | 000,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe
PRC - [2003/02/21 06:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
PRC - [2003/02/21 05:50:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
PRC - [2002/09/24 16:39:48 | 000,151,552 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\AutoDisk\ADService.exe
PRC - [2002/09/04 14:11:04 | 000,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe


========== Modules (SafeList) ==========

MOD - [2010/02/06 07:38:15 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 19:11:51 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ddraw.dll
MOD - [2008/04/13 19:11:51 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dciman32.dll
MOD - [2003/07/28 13:19:00 | 000,852,038 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nview.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Iomega Activity Disk2)
SRV - [2010/01/24 22:05:53 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/07/02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/06/21 08:06:46 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/12/05 11:34:52 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/11/26 13:54:12 | 001,554,728 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/09/17 08:36:18 | 000,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/07/24 14:17:08 | 000,229,376 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/06/27 17:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2005/04/05 10:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 13:19:00 | 000,077,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/02/21 06:07:06 | 000,068,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Softex\OmniPass\omniServ.exe -- (omniserv)
SRV - [2002/09/24 16:39:48 | 000,151,552 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\AutoDisk\ADService.exe -- (_IOMEGA_ACTIVE_DISK_SERVICE_)
SRV - [2002/09/04 14:11:04 | 000,073,728 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services)
SRV - [2001/11/12 12:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand | Stopped] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - [2009/09/16 09:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/06/18 18:48:04 | 000,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:45:33 | 000,011,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2008/04/13 13:41:00 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\ppa3.sys -- (ppa3)
DRV - [2008/02/13 03:00:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2007/11/26 13:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/11/26 13:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/11/26 13:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/05/24 16:06:49 | 000,051,392 | ---- | M] () [Kernel | Auto | Running] -- C:\windows\SYSTEM32\DRIVERS\ATNT40K.SYS -- (ATNT40K)
DRV - [2006/01/31 13:35:34 | 000,123,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/04/05 10:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/05 10:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/04/05 10:16:58 | 000,036,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005/04/05 10:16:56 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005/04/05 10:16:54 | 000,173,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005/04/05 10:16:52 | 000,011,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2004/10/22 09:41:46 | 000,413,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2004/10/22 09:38:28 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 00:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2004/02/17 05:49:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/12 18:03:10 | 000,652,689 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/08/11 12:22:54 | 000,040,228 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2003/07/28 13:19:00 | 001,341,339 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/05/06 17:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/04/21 23:18:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2003/04/15 19:40:54 | 000,113,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2003/04/15 19:40:46 | 000,078,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2003/04/15 19:39:46 | 000,090,907 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2003/04/11 10:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/03/31 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/03/31 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/03/31 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/03/31 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2003/03/20 00:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/02/20 18:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/10/01 09:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/09/04 14:11:08 | 000,030,258 | ---- | M] (Iomega Corporation) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\iomdisk.sys -- (iomdisk)
DRV - [2002/07/25 02:25:14 | 000,020,553 | R--- | M] (Thomson Multimedia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netrcacm.sys -- (netrcacm)
DRV - [2001/08/17 13:06:02 | 000,154,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Icam4USB.sys -- (Icam4USB)
DRV - [2001/06/05 18:14:16 | 000,018,560 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Adpusbst.sys -- (ADPUSBMS)
DRV - [2001/06/04 16:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2001/06/04 14:34:02 | 000,014,061 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Adpusbld.sys -- (ADPUSBLD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3138782768-834834993-1939166530-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
IE - HKU\S-1-5-21-3138782768-834834993-1939166530-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3138782768-834834993-1939166530-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3138782768-834834993-1939166530-1003\S-1-5-21-3138782768-834834993-1939166530-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3138782768-834834993-1939166530-1003\S-1-5-21-3138782768-834834993-1939166530-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2009/12/07 17:34:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2009/02/26 13:02:34 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2005/06/06 11:15:42 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 71.4.140.20 bart.enkitec.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3138782768-834834993-1939166530-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3138782768-834834993-1939166530-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3138782768-834834993-1939166530-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3138782768-834834993-1939166530-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlcxMonitor] C:\windows\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BL)
O4 - HKLM..\Run: [LTMSG] C:\windows\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SpybotSnD] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe File not found
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-21-3138782768-834834993-1939166530-1003..\Run: [NVIEW] C:\windows\System32\nview.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-3138782768-834834993-1939166530-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Brian\Start Menu\Programs\Startup\mod_sm.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\mod_sm.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3138782768-834834993-1939166530-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3138782768-834834993-1939166530-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3138782768-834834993-1939166530-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3138782768-834834993-1939166530-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3138782768-834834993-1939166530-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3138782768-834834993-1939166530-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-3138782768-834834993-1939166530-1003\..Trusted Domains: healthcareforamericanow.org ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3138782768-834834993-1939166530-1003\..Trusted Domains: turbotax.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3138782768-834834993-1939166530-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/56.40/uploader2.cab (UploadListView Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1127151834109 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec.com/techsupp/asa/SymAData.cab (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...137/mcfscan.cab (McFreeScan Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: GeoConvertCab http://www.co.jackson.mi.us/CountyGIS/GeoConvert.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\windows\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/23 07:53:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/02/14 09:32:52 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2007/10/13 04:00:32 | 000,000,000 | ---D | M] - L:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/09/05 02:00:59 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - Reg Error: Value error.
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - Reg Error: Value error.
SafeBootNet: MpfService - Service
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\windows\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\windows\system32\rundll32.exe" "C:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\windows\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\windows\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.tscc - C:\windows\System32\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Error starting restore point: 15
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010/02/06 07:38:07 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/04 21:50:59 | 000,000,000 | ---D | C] -- C:\windows\temp
[2010/02/04 21:41:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2010/02/04 21:41:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2010/02/04 21:41:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2010/02/04 21:41:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2010/02/04 21:41:11 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2010/02/04 21:40:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/02 10:08:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/26 19:27:01 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2010/01/26 10:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/01/25 20:31:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2010/01/25 13:34:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/25 13:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/01/25 12:02:06 | 000,181,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2010/01/25 11:57:54 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/01/24 22:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/24 22:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
[2010/01/24 22:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/24 22:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/01/16 11:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/01/16 09:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/16 08:27:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2010/01/15 19:39:27 | 000,000,000 | ---D | C] -- C:\hegames
[2010/01/13 06:53:28 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\aclayers.dll
[2008/11/30 13:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\McAfee
[2008/09/05 00:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2008/09/05 00:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/09/05 00:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/09/05 00:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intuit
[2008/09/05 00:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/09/05 00:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\X10 Commander
[2008/09/05 00:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[10 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/06 07:44:04 | 000,000,374 | -H-- | M] () -- C:\windows\tasks\MpIdleTask.job
[2010/02/06 07:38:15 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/06 07:20:24 | 000,461,422 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/02/06 07:20:24 | 000,409,032 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/02/06 07:20:24 | 000,065,220 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/02/06 07:17:40 | 000,000,422 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{FAF0C22C-43A0-401E-A7CC-1037C94C6032}.job
[2010/02/06 07:17:31 | 000,000,408 | -H-- | M] () -- C:\windows\tasks\MP Scheduled Scan.job
[2010/02/06 07:17:20 | 000,000,265 | ---- | M] () -- C:\windows\lgfwup.ini
[2010/02/06 07:16:59 | 000,012,674 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2010/02/06 07:16:58 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/06 07:12:30 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/02/06 07:12:09 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010/02/06 07:12:06 | 1274,466,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/06 02:44:47 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/02/06 02:44:47 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/02/06 02:11:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/04 21:48:10 | 000,000,262 | ---- | M] () -- C:\windows\system.ini
[2010/02/04 21:35:13 | 003,847,329 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/01/27 14:12:29 | 000,001,822 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/01/26 19:28:24 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2010/01/26 19:27:12 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2010/01/26 19:18:26 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/01/26 10:52:17 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/01/25 19:31:25 | 000,003,764 | ---- | M] () -- C:\windows\System32\OEMINFO.PNF
[2010/01/24 21:47:04 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/01/20 22:34:58 | 000,000,522 | ---- | M] () -- C:\windows\hegames.ini
[2010/01/14 11:12:06 | 000,181,120 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2010/01/14 03:06:52 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[10 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/06 07:24:34 | 000,000,374 | -H-- | C] () -- C:\windows\tasks\MpIdleTask.job
[2010/02/04 21:41:17 | 000,261,632 | ---- | C] () -- C:\windows\PEV.exe
[2010/02/04 21:41:17 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2010/02/04 21:41:17 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2010/02/04 21:41:17 | 000,077,312 | ---- | C] () -- C:\windows\MBR.exe
[2010/02/04 21:41:17 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2010/02/04 21:36:57 | 003,847,329 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/01/26 19:28:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2010/01/26 19:19:17 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/01/26 10:58:34 | 000,000,408 | -H-- | C] () -- C:\windows\tasks\MP Scheduled Scan.job
[2010/01/26 10:52:17 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/01/26 07:46:57 | 1274,466,304 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/25 19:31:25 | 000,003,764 | ---- | C] () -- C:\windows\System32\OEMINFO.PNF
[2010/01/24 22:11:04 | 000,001,822 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/01/24 22:06:16 | 000,000,884 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/24 22:06:16 | 000,000,880 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/24 21:47:04 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/01/15 19:39:35 | 000,000,522 | ---- | C] () -- C:\windows\hegames.ini
[2009/10/15 21:39:32 | 000,002,146 | ---- | C] () -- C:\Program Files\USGS_24k_topo_index_with_topo_base.kmz
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/02/05 20:00:22 | 000,013,408 | ---- | C] () -- C:\windows\System32\tabinst.dll
[2009/02/05 20:00:22 | 000,004,032 | ---- | C] () -- C:\windows\System32\tabins16.dll
[2008/10/26 19:11:15 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini
[2008/09/04 23:17:55 | 000,000,265 | ---- | C] () -- C:\windows\lgfwup.ini
[2007/10/13 21:01:54 | 000,054,272 | ---- | C] () -- C:\windows\System32\P2irdao.dll
[2007/10/13 21:01:54 | 000,050,176 | ---- | C] () -- C:\windows\System32\P2ctdao.dll
[2007/10/13 21:01:53 | 000,748,160 | ---- | C] () -- C:\windows\System32\Co2c40en.dll
[2007/10/11 02:04:49 | 000,000,118 | ---- | C] () -- C:\windows\System32\MRT.INI
[2007/06/01 18:24:30 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/18 15:29:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dm.ini
[2005/11/18 15:29:49 | 000,001,284 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
[2005/11/14 16:43:23 | 000,948,936 | ---- | C] () -- C:\Program Files\install_flash_player.exe
[2005/11/03 23:18:02 | 000,000,150 | ---- | C] () -- C:\windows\cdplayer.ini
[2004/12/14 09:25:59 | 000,049,152 | ---- | C] () -- C:\windows\System32\PRTSERV.dll
[2004/12/08 14:36:50 | 000,051,392 | ---- | C] () -- C:\windows\System32\drivers\atnt40k.sys
[2004/04/25 21:43:26 | 000,000,654 | ---- | C] () -- C:\windows\3DHOME.INI
[2004/02/09 22:38:36 | 000,017,920 | ---- | C] () -- C:\windows\System32\IMPLODE.DLL
[2004/02/09 20:37:02 | 000,000,048 | ---- | C] () -- C:\windows\PerWin.ini
[2003/12/03 19:12:43 | 000,000,000 | ---- | C] () -- C:\windows\asym.ini
[2003/11/10 16:29:31 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/11/08 23:05:26 | 000,000,233 | ---- | C] () -- C:\windows\qwimp.ini
[2003/11/07 10:39:39 | 000,049,152 | ---- | C] () -- C:\windows\System32\FTPStubInstUtils.dll
[2003/11/07 09:15:00 | 000,000,212 | ---- | C] () -- C:\windows\KPCMS.INI
[2003/11/07 09:14:43 | 000,210,944 | ---- | C] () -- C:\windows\System32\MSVCRT10.DLL
[2003/11/06 23:46:38 | 000,000,737 | ---- | C] () -- C:\windows\ODBC.INI
[2003/11/06 23:26:55 | 000,000,121 | ---- | C] () -- C:\windows\Winamp.ini
[2003/08/28 22:35:24 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2003/08/28 22:19:10 | 000,000,051 | ---- | C] () -- C:\windows\System32\mshrml.ini
[2003/08/23 22:36:36 | 000,167,936 | ---- | C] () -- C:\windows\System32\PCDrJNI_1_1.dll
[2003/08/23 22:33:23 | 000,026,395 | ---- | C] () -- C:\windows\System32\CHODDI.SYS
[2003/08/23 22:32:54 | 000,024,576 | ---- | C] () -- C:\windows\System32\syscontr.dll
[2003/08/23 22:32:20 | 000,045,056 | ---- | C] () -- C:\windows\System32\hpreg.dll
[2003/08/23 09:25:15 | 000,000,165 | ---- | C] () -- C:\windows\QUICKEN.INI
[2003/08/23 09:12:08 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2003/08/23 08:54:38 | 000,001,497 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/08/23 08:46:51 | 000,001,793 | ---- | C] () -- C:\windows\System32\fxsperf.ini
[2003/08/23 08:19:52 | 000,363,520 | ---- | C] () -- C:\windows\System32\psisdecd.dll
[2003/08/23 08:11:57 | 000,299,073 | ---- | C] () -- C:\windows\System32\PythonCOM22.dll
[2003/08/23 08:11:57 | 000,065,536 | ---- | C] () -- C:\windows\System32\PyWinTypes22.dll
[2003/08/23 08:11:35 | 000,016,896 | ---- | C] () -- C:\windows\System32\bcbmm.dll
[2003/08/23 07:57:05 | 000,000,802 | ---- | C] () -- C:\windows\orun32.ini
[2003/08/23 07:42:24 | 000,000,573 | ---- | C] () -- C:\windows\System32\oeminfo.ini
[2003/07/24 00:56:49 | 000,000,438 | ---- | C] () -- C:\windows\System32\1_ssetup.ini
[2003/07/24 00:56:49 | 000,000,000 | ---- | C] () -- C:\windows\System32\sunistlog.ini
[2003/06/23 20:27:16 | 000,000,000 | ---- | C] () -- C:\windows\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI
[2002/05/24 10:00:00 | 000,208,896 | ---- | C] () -- C:\windows\System32\lockout.dll
[2002/05/24 10:00:00 | 000,045,056 | ---- | C] () -- C:\windows\System32\lockres.dll
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\windows\System32\ODBCSTF.DLL
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\windows\System32\DOCOBJ.DLL
[1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- C:\windows\System32\HLINKPRX.DLL

========== LOP Check ==========

[2008/09/05 00:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\interMute
[2008/09/05 00:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2008/09/05 00:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cadsoft
[2008/10/09 10:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/09/05 00:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2008/09/05 00:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\interMute
[2008/09/05 00:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\SampleView
[2008/09/05 00:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\interMute
[2008/09/05 00:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2008/09/05 00:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\X10 Commander
[2008/09/05 00:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Active Disk
[2009/03/12 21:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2008/09/05 00:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2008/10/05 23:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OfficeUpdate12
[2008/09/05 00:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2009/10/11 14:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ovusoft
[2008/09/05 00:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2008/09/05 00:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecondLife
[2008/09/05 00:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartDraw
[2008/09/05 00:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2008/09/05 00:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2010/02/06 07:17:31 | 000,000,408 | -H-- | M] () -- C:\windows\Tasks\MP Scheduled Scan.job
[2010/02/06 07:44:04 | 000,000,374 | -H-- | M] () -- C:\windows\Tasks\MpIdleTask.job
[2010/02/06 07:17:40 | 000,000,422 | -H-- | M] () -- C:\windows\Tasks\User_Feed_Synchronization-{FAF0C22C-43A0-401E-A7CC-1037C94C6032}.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2008/09/05 00:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/09/05 00:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2008/09/05 00:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/09/05 00:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/09/05 00:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cadsoft
[2008/11/30 13:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/01/03 02:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/09/05 00:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/01/15 09:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2008/09/05 00:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ipswitch
[2010/01/26 10:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/10/09 10:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/01/16 09:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/25 12:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/01/26 10:52:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/09/05 00:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2008/09/05 00:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2008/09/05 00:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2008/10/05 23:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2008/09/05 00:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2008/09/05 00:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2008/09/05 00:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2010/01/26 10:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/01/16 08:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2008/09/05 00:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2008/09/05 00:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/09/12 21:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/12/03 09:59:48 | 000,245,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
[2009/05/26 16:53:20 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Sku\HaB\Custom\billmind.exe
[2009/05/26 16:53:20 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe
[2009/05/26 16:53:20 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Sku\RPM\Custom\billmind.exe

< %APPDATA%\*. >
[2008/09/05 00:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Active Disk
[2008/09/05 00:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2009/09/26 11:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AdobeUM
[2008/11/30 13:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ahead
[2008/09/05 00:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2008/09/05 00:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ArcSoft
[2008/12/18 23:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Google
[2008/09/05 00:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Help
[2008/09/05 00:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities
[2008/09/05 00:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2009/03/12 21:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2008/09/05 00:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2008/09/05 00:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Intuit
[2008/09/05 00:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ipswitch
[2008/09/05 00:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2010/01/16 11:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2008/09/05 00:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\McAfee
[2010/01/25 13:33:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2008/09/05 00:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2008/09/05 00:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSN6
[2008/10/05 23:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OfficeUpdate12
[2008/09/05 00:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2009/10/11 14:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ovusoft
[2008/09/05 00:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Real
[2008/09/05 00:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2008/09/05 00:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecondLife
[2008/09/05 00:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartDraw
[2008/09/05 00:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sonic
[2008/09/05 00:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun
[2008/09/05 00:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Symantec
[2008/09/05 00:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2008/09/05 00:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2008/09/12 21:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Yahoo!

< %APPDATA%\*.exe /s >
[2008/03/08 21:20:33 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
[2008/03/08 21:20:33 | 000,008,854 | R--- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
[2008/03/08 21:20:33 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
[2009/06/08 23:21:50 | 000,003,584 | R--- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
[2006/01/29 13:31:37 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}\ARPPRODUCTICON.exe
[2006/01/29 13:31:37 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}\NewShortcut3_2E7595EC4FB14E2993D49083C8A9B107.exe
[2007/03/29 22:59:13 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}\ARPPRODUCTICON.exe
[2007/03/29 22:59:13 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}\NewShortcut3_2E7595EC4FB14E2993D49083C8A9B107.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/12/17 01:46:09 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/04 00:04:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/12/17 01:46:09 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/04 00:04:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2003/03/31 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/12/17 01:46:09 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/04 00:04:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 14:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2004/12/17 01:46:09 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/04 00:04:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

-- OTListIt.txt --------------------------------------------------------------------------------------

-- Extra.txt -----------------------------------------------------------------------------------------
OTL Extras logfile created on: 2/6/2010 7:43:34 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): c:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.53 Gb Total Space | 16.20 Gb Free Space | 20.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149.01 Gb Total Space | 116.27 Gb Free Space | 78.03% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 465.65 Gb Total Space | 158.13 Gb Free Space | 33.96% Space Free | Partition Type: FAT32
Drive N: | 81.68 Gb Total Space | 78.01 Gb Free Space | 95.51% Space Free | Partition Type: NTFS
Drive O: | 56.73 Gb Total Space | 40.57 Gb Free Space | 71.50% Space Free | Partition Type: NTFS
Drive P: | 79.14 Gb Total Space | 79.08 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

Computer Name: NATHANLYDIA
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealOne Player -- (RealNetworks, Inc.)
"C:\Program Files\WS_FTP Pro\wsftppro.exe" = C:\Program Files\WS_FTP Pro\wsftppro.exe:*:Enabled:WS_FTP Pro Application -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01F9D88C-3C86-4E82-840A-101A3221F67A}" = Microsoft Money 2003
"{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}" = Microsoft Money 2003 System Pack
"{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = Easy Internet Sign-up
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{1596098A-FCEC-48F0-B7C7-08A31B771033}" = Nero 7 Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.1
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42948B02-7191-40CF-92AA-4E330869B28B}" = HPIZ Fix2
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{4FCC384C-18EA-4E25-9281-A06AE006D219}" = Weblink
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D7F0A0E-369E-46C0-9F99-FAB21A064781}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7BBD57D6-09B1-4CC3-9664-A0D53EE25247}" = PSShortcutsP
"{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}" = 3D Home Architect Design Suite Deluxe 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}" = LightScribe System Software 1.10.27.1
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter
"{E05895C5-FE97-4334-8D73-B0089FD07CE3}" = Multimedia Card Reader
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{F2AB2488-A0BF-4A9B-98A9-A88CF20FD2FF}" = Meeting Manager for Internet Explorer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass
"Active Disk" = Active Disk
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Illustrator 7.0.1" = Adobe Illustrator 7.0.1
"Adobe Illustrator 9.0" = Adobe Illustrator 9.0
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Encyclopaedia Britannica Standard Edition 2004 CD-ROM" = Encyclopaedia Britannica Standard Edition 2004 CD-ROM
"Google Chrome" = Google Chrome
"HPTOOLKIT" = toolkit
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = Easy Internet Sign-up
"InstallShield_{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}" = 3D Home Architect Design Suite Deluxe 8
"InstallShield_{E05895C5-FE97-4334-8D73-B0089FD07CE3}" = Multimedia Card Reader
"IomegaWare" = IomegaWare 4.0.2
"Java Web Start" = Java Web Start
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Netscape (7.1)" = Netscape (7.1)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Audio Driver" = NVIDIA Audio Driver
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA Ethernet Driver" = NVIDIA Ethernet Driver
"NVIDIA Gart Driver" = NVIDIA Gart Driver
"Print Server Driver" = Print Server Driver
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealPlayer
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"Scrabble" = Scrabble
"TurboTax Deluxe 2004" = TurboTax Deluxe 2004
"TurboTax Deluxe 2005" = TurboTax Deluxe 2005
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"TurboTax Home & Business 2007" = TurboTax Home & Business 2007
"TurboTax Premier Home & Business 2003" = TurboTax Premier Home & Business 2003
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WinZip Self-Extractor" = WinZip Self-Extractor
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xrv" = XRay Vision™
"Yahoo! Companion" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3138782768-834834993-1939166530-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/6/2010 8:35:44 AM | Computer Name = NATHANLYDIA | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.0.6212.0, P3 timeout, P4 1.1.5406.0, P5 unspecified, P6 NIL, P7 NIL, P8 NIL,
P9 NIL, P10 NIL.

Error - 2/6/2010 8:35:45 AM | Computer Name = NATHANLYDIA | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.0.6212.0, P3 passthrough, P4 1.1.5406.0, P5 unspecified, P6 NIL, P7 NIL, P8
NIL, P9 NIL, P10 NIL.

Error - 2/6/2010 8:35:46 AM | Computer Name = NATHANLYDIA | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.0.6212.0, P3 timeout, P4 1.1.5406.0, P5 unspecified, P6 NIL, P7 NIL, P8 NIL,
P9 NIL, P10 NIL.

Error - 2/6/2010 8:35:46 AM | Computer Name = NATHANLYDIA | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.0.6212.0, P3 passthrough, P4 1.1.5406.0, P5 unspecified, P6 NIL, P7 NIL, P8
NIL, P9 NIL, P10 NIL.

Error - 2/6/2010 8:35:47 AM | Computer Name = NATHANLYDIA | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.0.6212.0, P3 timeout, P4 1.1.5406.0, P5 unspecified, P6 NIL, P7 NIL, P8 NIL,
P9 NIL, P10 NIL.

Error - 2/6/2010 8:35:48 AM | Computer Name = NATHANLYDIA | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.0.6212.0, P3 passthrough, P4 1.1.5406.0, P5 unspecified, P6 NIL, P7 NIL, P8
NIL, P9 NIL, P10 NIL.

Error - 2/6/2010 8:35:49 AM | Computer Name = NATHANLYDIA | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.0.6212.0, P3 timeout, P4 1.1.5406.0, P5 unspecified, P6 NIL, P7 NIL, P8 NIL,
P9 NIL, P10 NIL.

Error - 2/6/2010 8:35:50 AM | Computer Name = NATHANLYDIA | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.0.6212.0, P3 passthrough, P4 1.1.5406.0, P5 unspecified, P6 NIL, P7 NIL, P8
NIL, P9 NIL, P10 NIL.

Error - 2/6/2010 8:35:50 AM | Computer Name = NATHANLYDIA | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.0.6212.0, P3 timeout, P4 1.1.5406.0, P5 unspecified, P6 NIL, P7 NIL, P8 NIL,
P9 NIL, P10 NIL.

Error - 2/6/2010 8:35:51 AM | Computer Name = NATHANLYDIA | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.0.6212.0, P3 passthrough, P4 1.1.5406.0, P5 unspecified, P6 NIL, P7 NIL, P8
NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 2/6/2010 8:29:31 AM | Computer Name = NATHANLYDIA | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 2/6/2010 8:29:31 AM | Computer Name = NATHANLYDIA | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 2/6/2010 8:29:31 AM | Computer Name = NATHANLYDIA | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 2/6/2010 8:29:31 AM | Computer Name = NATHANLYDIA | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 2/6/2010 8:35:38 AM | Computer Name = NATHANLYDIA | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 2/6/2010 8:35:38 AM | Computer Name = NATHANLYDIA | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 2/6/2010 8:35:38 AM | Computer Name = NATHANLYDIA | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 2/6/2010 8:35:38 AM | Computer Name = NATHANLYDIA | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 2/6/2010 8:35:38 AM | Computer Name = NATHANLYDIA | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 2/6/2010 8:35:38 AM | Computer Name = NATHANLYDIA | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838


< End of report >

-- Extra.txt -----------------------------------------------------------------------------------------

-- Kaspersky.txt -----------------------------------------------------------------------------------
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, February 6, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, February 06, 2010 14:02:35
Records in database: 3440093
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
E:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
O:\
P:\

Scan statistics:
Objects scanned: 189146
Threats found: 1
Infected objects found: 0
Suspicious objects found: 105
Scan duration: 06:00:50


File name / Threat / Threats count
C:\Natalie\Netscape files\gnatalie\Mail\inbox Suspicious: Exploit.HTML.Iframe.FileDownload 18
C:\Natalie\Netscape files\gnatalie\Mail\Trash Suspicious: Exploit.HTML.Iframe.FileDownload 17
C:\Program Files\Netscape\Netscape\Natalie\xgo56d1e.slt\Mail\mail.comcast-1.net\inbox Suspicious: Exploit.HTML.Iframe.FileDownload 18
C:\Program Files\Netscape\Netscape\Natalie\xgo56d1e.slt\Mail\mail.comcast-1.net\Trash Suspicious: Exploit.HTML.Iframe.FileDownload 17
C:\Program Files\Netscape\Netscape\Natalie\xgo56d1e.slt\Mail\mail.comcast.net\inbox Suspicious: Exploit.HTML.Iframe.FileDownload 18
C:\Program Files\Netscape\Netscape\Natalie\xgo56d1e.slt\Mail\mail.comcast.net\Trash Suspicious: Exploit.HTML.Iframe.FileDownload 17

Selected area has been scanned.

-- Kaspersky.txt -----------------------------------------------------------------------------------

Attached Files



#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 PM

Posted 07 February 2010 - 02:29 PM

Hello.

Okay. Let's continue, we need to replace an infected file here.

Booting into the Recovery Console

I suggest you read over the instructions on how to boot into Recovery Console and then print these instructions out or save them in Notepad because you won't have access to this page while in Recovery Console

Start in Recovery Console Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use your arrow keys to navigate and highlight Return to OS Choice Menu.
  • From there, find and select the Windows Recovery Console
  • Hit Enter.
  • Now the Recovery Console will begin loading, wait patiently as it loads.
  • At the prompt to select "Which Windows installation would you like to log onto", please press the number of the installation. This is usually 1 if you only have one windows installation on your computer. If you have more than one then type the one you use.
  • It will then prompt you for the Administrator's password, if you have one. If there is no password, simply press enter. Otherwise type in the password and then press enter to continue.
  • You will now be at the C:\Windows prompt.
  • Enter the following code line by line one at a time and pressing enter on your keyboard on each line.
  • Wait for each command to be completed before continuing with the next one. (make sure spelling and spaces are correct)
CODE
cd c:\windows\system32\drivers
ren atapi.sys atapi.old
copy C:\WINDOWS\ServicePackFiles\i386\atapi.sys c:\windows\system32\drivers

You should see a message '1 file copied'. If you did not see that message, try again and ensure there is a space after the word copy and another space between the file paths.
  • At the next prompt after it is complete, type the following without the quotes and press Enter: "exit"
Windows will reboot the machine and should now begin loading again.

Let me know how it goes and then run Combofix again. Post the log once ComboFix is done.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 brisolts

brisolts
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:03:08 PM

Posted 07 February 2010 - 11:37 PM

EB -
I had to boot from my XP install CD to get into recovery console, but I did it and i successfully replaced the file.
I ran combofix and the log file is copied below and attached.
I tried a Google search and it did not redirect the links as it had been before - that is very great! smile.gif
I am going to run another full scan tonight using MS Security Essentials and see if it finds anything.

thanks for your help!
brian

--------------------------------------------------------------------------------------------------------------
ComboFix 10-02-07.06 - Owner 02/07/2010 23:19:07.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1215.749 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2010-01-08 to 2010-02-08 )))))))))))))))))))))))))))))))
.

2010-02-06 13:04 . 2010-02-06 13:04 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-618d155d-n\decora-sse.dll
2010-02-06 13:04 . 2010-02-06 13:04 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-60244f33-n\msvcp71.dll
2010-02-06 13:04 . 2010-02-06 13:04 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-60244f33-n\jmc.dll
2010-02-06 13:04 . 2010-02-06 13:04 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-60244f33-n\msvcr71.dll
2010-02-06 13:04 . 2010-02-06 13:04 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-618d155d-n\decora-d3d.dll
2010-02-06 13:04 . 2010-02-06 14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-26 15:52 . 2010-01-26 15:52 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-01-25 17:02 . 2010-01-14 16:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-25 03:16 . 2010-01-25 03:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-01-25 03:06 . 2010-01-27 19:11 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2010-01-25 03:06 . 2010-01-25 03:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-01-25 03:05 . 2010-01-26 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-16 16:23 . 2010-01-16 16:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-01-16 14:30 . 2010-01-16 14:30 -------- d-----w- c:\documents and settings\Brian\Application Data\Malwarebytes
2010-01-16 14:30 . 2010-01-16 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-16 14:18 . 2010-01-16 14:18 -------- d-----w- c:\documents and settings\Brian\Application Data\Ipswitch
2010-01-16 13:27 . 2010-01-16 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2010-01-16 00:39 . 2010-01-21 03:34 -------- d-----w- C:\hegames
2010-01-13 11:53 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-08 04:15 . 2008-09-05 06:00 -------- d-----w- c:\program files\lg_fwupdate
2010-02-06 22:06 . 2008-09-05 05:10 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeUM
2010-02-06 14:00 . 2008-09-05 05:54 -------- d-----w- c:\program files\Common Files\Java
2010-02-06 14:00 . 2008-09-05 05:59 -------- d-----w- c:\program files\Java
2010-02-04 23:20 . 2008-09-05 06:07 -------- d-----w- c:\program files\Quicken
2010-01-26 15:49 . 2008-09-05 06:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-26 15:48 . 2008-09-05 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-26 15:43 . 2008-09-05 06:00 -------- d-----w- c:\program files\Lavasoft
2010-01-26 12:45 . 2009-10-11 19:47 -------- d-----w- c:\program files\TCOYF
2010-01-26 12:39 . 2008-09-05 06:09 -------- d-----w- c:\program files\Symantec
2010-01-26 12:39 . 2008-09-05 05:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-25 17:14 . 2008-09-05 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-25 03:11 . 2008-12-11 04:22 -------- d-----w- c:\program files\Google
2010-01-22 13:05 . 2008-09-05 06:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-16 14:14 . 2010-01-16 14:14 75376 ----a-w- c:\documents and settings\Brian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 03:34 . 2008-09-05 05:56 -------- d-----w- c:\program files\CyberLink
2010-01-15 14:58 . 2008-09-05 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2009-12-21 19:14 . 2004-08-24 00:32 916480 ------w- c:\windows\system32\wininet.dll
2009-12-03 15:01 . 2009-12-03 15:01 6725632 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181625-18178.dll
2009-12-03 14:59 . 2009-06-02 04:17 245760 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2009-11-21 15:51 . 2003-03-31 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-16 02:39 . 2009-10-16 02:39 2146 ----a-w- c:\program files\USGS_24k_topo_index_with_topo_base.kmz
2005-11-14 21:43 . 2005-11-14 21:43 948936 ----a-w- c:\program files\install_flash_player.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-02-05_02.48.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-08 04:14 . 2010-02-08 04:14 16384 c:\windows\temp\Perflib_Perfdata_6a0.dat
- 2003-08-23 12:42 . 2010-02-01 12:52 65220 c:\windows\system32\perfc009.dat
+ 2003-08-23 12:42 . 2010-02-06 12:20 65220 c:\windows\system32\perfc009.dat
+ 2004-08-04 05:59 . 2008-04-13 18:40 96512 c:\windows\system32\drivers\atapi.sys
- 2003-03-31 12:00 . 2008-04-13 18:40 96512 c:\windows\system32\drivers\atapi.sys
- 2010-02-01 13:02 . 2010-02-01 13:02 81920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll
+ 2010-02-06 14:27 . 2010-02-06 14:27 81920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll
+ 2010-02-06 12:54 . 2010-02-06 12:54 15360 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
- 2010-02-01 13:02 . 2010-02-01 13:02 15360 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
- 2010-02-01 13:02 . 2010-02-01 13:02 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
+ 2010-02-06 12:53 . 2010-02-06 12:53 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 90112 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 90112 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2003-08-23 12:42 . 2010-02-06 12:20 409032 c:\windows\system32\perfh009.dat
- 2003-08-23 12:42 . 2010-02-01 12:52 409032 c:\windows\system32\perfh009.dat
+ 2010-02-06 14:00 . 2010-02-06 14:00 153376 c:\windows\system32\javaws.exe
+ 2010-02-06 14:00 . 2010-02-06 14:00 145184 c:\windows\system32\javaw.exe
+ 2010-02-06 14:00 . 2010-02-06 14:00 145184 c:\windows\system32\java.exe
+ 2008-07-29 22:37 . 2008-07-29 22:37 911360 c:\windows\Installer\667cd.msp
+ 2008-07-29 22:33 . 2008-07-29 22:33 506368 c:\windows\Installer\667cc.msp
+ 2008-07-29 22:35 . 2008-07-29 22:35 553472 c:\windows\Installer\667ca.msp
+ 2010-02-06 14:00 . 2010-02-06 14:00 178176 c:\windows\Installer\36256.msi
+ 2010-02-06 14:00 . 2010-02-06 14:00 576000 c:\windows\Installer\3624c.msi
- 2010-02-01 13:02 . 2010-02-01 13:02 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll
+ 2010-02-06 14:30 . 2010-02-06 14:30 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll
- 2010-02-01 13:02 . 2010-02-01 13:02 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
+ 2010-02-06 14:28 . 2010-02-06 14:28 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
- 2010-02-01 13:02 . 2010-02-01 13:02 233472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
+ 2010-02-06 14:28 . 2010-02-06 14:28 233472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
- 2010-02-01 13:02 . 2010-02-01 13:02 733184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll
+ 2010-02-06 14:28 . 2010-02-06 14:28 733184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll
- 2010-02-01 13:02 . 2010-02-01 13:02 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll
+ 2010-02-06 14:28 . 2010-02-06 14:28 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll
+ 2010-02-06 14:28 . 2010-02-06 14:28 659456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
- 2010-02-01 13:02 . 2010-02-01 13:02 659456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
+ 2010-02-06 12:25 . 2010-02-06 12:25 229376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll
- 2010-02-01 12:59 . 2010-02-01 12:59 229376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll
- 2010-02-01 13:02 . 2010-02-01 13:02 512000 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll
+ 2010-02-06 14:28 . 2010-02-06 14:28 512000 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll
- 2010-02-01 13:02 . 2010-02-01 13:02 167936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll
+ 2010-02-06 14:27 . 2010-02-06 14:27 167936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll
- 2010-02-01 13:02 . 2010-02-01 13:02 876544 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll
+ 2010-02-06 12:55 . 2010-02-06 12:55 876544 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll
- 2010-02-01 13:02 . 2010-02-01 13:02 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll
+ 2010-02-06 12:54 . 2010-02-06 12:54 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll
- 2010-02-01 13:02 . 2010-02-01 13:02 884736 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll
+ 2010-02-06 12:54 . 2010-02-06 12:54 884736 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 884736 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 884736 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 933888 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 933888 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 741376 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 741376 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 671744 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 671744 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 261120 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 261120 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 483840 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 483840 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-07-29 22:31 . 2008-07-29 22:31 6083072 c:\windows\Installer\667ce.msp
+ 2008-07-29 22:43 . 2008-07-29 22:43 1013248 c:\windows\Installer\667cb.msp
+ 2008-07-29 22:39 . 2008-07-29 22:39 3403264 c:\windows\Installer\667c9.msp
+ 2008-07-29 22:41 . 2008-07-29 22:41 6487040 c:\windows\Installer\667c8.msp
+ 2008-07-29 22:29 . 2008-07-29 22:29 2926080 c:\windows\Installer\667c7.msp
+ 2008-07-29 22:45 . 2008-07-29 22:45 2543616 c:\windows\Installer\667c6.msp
- 2010-02-01 12:57 . 2010-02-01 12:57 8265728 c:\windows\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
+ 2010-02-06 12:24 . 2010-02-06 12:24 8265728 c:\windows\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
+ 2010-02-06 12:25 . 2010-02-06 12:27 5771264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
- 2010-02-01 13:00 . 2010-02-01 13:00 5771264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
+ 2010-02-06 14:30 . 2010-02-06 14:30 1986560 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
- 2010-02-01 13:02 . 2010-02-01 13:02 1986560 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
- 2010-02-01 13:02 . 2010-02-01 13:02 2342912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll
+ 2010-02-06 14:30 . 2010-02-06 14:30 2342912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll
+ 2010-02-06 12:25 . 2010-02-06 12:25 1667072 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
- 2010-02-01 12:59 . 2010-02-01 12:59 1667072 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
+ 2010-02-06 14:28 . 2010-02-06 14:28 1224704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
- 2010-02-01 13:02 . 2010-02-01 13:02 1224704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
- 2010-02-01 13:02 . 2010-02-01 13:02 1798144 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll
+ 2010-02-06 14:28 . 2010-02-06 14:28 1798144 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll
- 2010-02-01 12:58 . 2010-02-01 12:58 7049216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll
+ 2010-02-06 12:24 . 2010-02-06 12:24 7049216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll
+ 2010-02-06 14:28 . 2010-02-06 14:28 1011712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
- 2010-02-01 13:02 . 2010-02-01 13:02 1011712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
+ 2010-02-06 14:28 . 2010-02-06 14:28 1740800 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll
- 2010-02-01 13:02 . 2010-02-01 13:02 1740800 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll
- 2010-02-01 13:02 . 2010-02-01 13:02 1695744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll
+ 2010-02-06 14:27 . 2010-02-06 14:27 1695744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 3076096 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 3076096 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 2068480 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 2068480 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 5013504 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 5013504 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 5070848 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 5070848 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 5431296 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 5431296 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 3036160 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 3036160 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-02-06 12:21 . 2010-02-06 12:21 4444160 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-02-01 12:53 . 2010-02-01 12:53 4444160 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-02-06 12:25 . 2010-02-06 12:25 13193216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
- 2010-02-01 13:00 . 2010-02-01 13:00 13193216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
+ 2010-02-06 14:29 . 2010-02-06 14:29 12509184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
- 2010-02-01 13:02 . 2010-02-01 13:02 12509184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
+ 2010-02-06 12:25 . 2010-02-06 12:25 10969088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll
- 2010-02-01 12:59 . 2010-02-01 12:59 10969088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll
+ 2010-02-06 12:23 . 2010-02-06 12:23 11722752 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
- 2010-02-01 12:56 . 2010-02-01 12:56 11722752 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2003-08-23 14:18 . 2003-06-19 02:19 53248 c:\hp\bin\bak\AUTOTKIT.EXE

2003-08-23 14:05 . 2003-02-12 03:02 61440 c:\hp\KBD\bak\KBD.EXE

2003-08-23 14:14 . 2005-11-04 04:14 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

2003-02-13 15:01 . 2003-02-13 15:01 155648 c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe

2005-03-21 21:19 . 2005-12-27 17:37 59040 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe

2003-06-23 04:25 . 2003-06-23 04:25 24576 c:\program files\Hewlett-Packard\Digital Imaging\bin\bak\backupnotify.exe

2002-10-07 14:23 . 2002-10-07 14:23 90112 c:\program files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe

2003-08-23 14:01 . 2003-05-23 10:03 49152 c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak\hphupd05.exe

2003-06-14 06:53 . 2003-06-14 06:53 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd.exe

2002-08-14 18:39 . 2002-09-24 21:39 147456 c:\program files\Iomega\AutoDisk\bak\ADUserMon.exe

2002-07-16 17:56 . 2002-07-16 15:55 32768 c:\program files\Iomega\DriveIcons\bak\deskup.exe

2002-07-16 17:56 . 2002-08-13 19:30 86016 c:\program files\Iomega\DriveIcons\bak\ImgIcon.exe

2007-07-31 22:44 . 2007-07-31 22:44 271672 c:\program files\iTunes\bak\iTunesHelper.exe

2006-05-16 11:19 . 2005-11-10 17:03 36975 c:\program files\Java\jre1.5.0_06\bin\bak\jusched.exe

2003-08-09 16:27 . 2003-08-09 16:27 139264 c:\program files\Multimedia Card Reader\bak\shwicon2k.exe

2007-06-29 10:24 . 2007-06-29 10:24 286720 c:\program files\QuickTime\bak\QTTask.exe
2008-05-27 14:50 . 2008-05-27 14:50 413696 c:\program files\QuickTime\QTTask.exe

2006-05-01 14:03 . 2006-05-01 14:03 100056 c:\program files\SymNetDrv\bak\SNDMon.exe
2006-05-01 14:03 . 2007-10-10 02:43 95960 c:\program files\SymNetDrv\SNDMon.exe

2003-08-23 14:34 . 2002-09-14 04:42 212992 c:\windows\SMINST\bak\RECGUARD.EXE

2007-10-07 16:54 . 2007-10-12 22:50 180 c:\windows\system\bak\hpsysdrv.DAT
2003-11-07 02:43 . 2007-10-07 16:47 1400 c:\windows\system\hpsysdrv.DAT

2003-08-23 13:27 . 1998-05-07 23:04 52736 c:\windows\system\bak\hpsysdrv.exe

2003-08-23 13:35 . 2003-04-07 14:07 114688 c:\windows\system32\bak\hkcmd.exe

2003-08-23 14:01 . 2003-05-23 09:55 483328 c:\windows\system32\bak\hphmon05.exe

2003-08-23 14:05 . 2002-10-16 23:57 81920 c:\windows\system32\bak\ps2.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-07-28 852038]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-14 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-10-10 95960]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2007-02-26 249856]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [N/A]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [N/A]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\Brian\Start Menu\Programs\Startup\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-11-7 98304]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-11-7 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\Program Files\\WS_FTP Pro\\wsftppro.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2010 10:06 PM 135664]
S3 ADPUSBLD;Adaptec USBXchange Firmware Installer;c:\windows\system32\drivers\Adpusbld.sys [6/4/2001 2:34 PM 14061]
S3 ADPUSBMS;Adaptec USBXchange Mass Storage Driver;c:\windows\system32\drivers\Adpusbst.sys [6/5/2001 6:14 PM 18560]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [11/19/2003 8:48 PM 11520]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-12-05 16:27 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 03:05]

2010-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 03:05]

2010-02-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36]

2010-02-08 c:\windows\Tasks\User_Feed_Synchronization-{FAF0C22C-43A0-401E-A7CC-1037C94C6032}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
mSearch Bar = hxxp://srch-us9.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: healthcareforamericanow.org
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: GeoConvertCab - hxxp://www.co.jackson.mi.us/CountyGIS/GeoConvert.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.40/uploader2.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-07 23:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\program files\Softex\OmniPass\opxpgina.dll

- - - - - - - > 'explorer.exe'(1148)
c:\windows\system32\WININET.dll
c:\windows\system32\nView.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-07 23:26:04
ComboFix-quarantined-files.txt 2010-02-08 04:26
ComboFix2.txt 2010-02-05 02:50

Pre-Run: 16,754,679,808 bytes free
Post-Run: 16,843,304,960 bytes free

- - End Of File - - 79E5DC613E6FDE2658EB87EB6EE72644

Attached Files



#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 PM

Posted 08 February 2010 - 08:28 PM

Good to hear. smile.gif

Let's get an online scan.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 brisolts

brisolts
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:03:08 PM

Posted 09 February 2010 - 06:53 PM

EB -
After my last post and before your reply back, I did run MS Security Essentials scan, and it did find and disinfect a virus in atapi.old. I uploaded a screenshot of the security essentials window (MSSecurityEssentials20100209.gif). From the screenshot you will also note that in a subsequent scan it found same virus in another file.

So, i had kaspersky scan last night and copied below are the results.
thanks,
brian

--------------------------------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, February 9, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, February 09, 2010 02:54:41
Records in database: 3452810


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
A:\
C:\
E:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
O:\
P:\

Scan statistics
Objects scanned 188848
Threats found 1
Infected objects found 0
Suspicious objects found 105
Scan duration 05:58:49

File name Threat Threats count
C:\Natalie\Netscape files\gnatalie\Mail\inbox Suspicious: Exploit.HTML.Iframe.FileDownload 18

C:\Natalie\Netscape files\gnatalie\Mail\Trash Suspicious: Exploit.HTML.Iframe.FileDownload 17

C:\Program Files\Netscape\Netscape\Natalie\xgo56d1e.slt\Mail\mail.comcast-1.net\inbox Suspicious: Exploit.HTML.Iframe.FileDownload 18

C:\Program Files\Netscape\Netscape\Natalie\xgo56d1e.slt\Mail\mail.comcast-1.net\Trash Suspicious: Exploit.HTML.Iframe.FileDownload 17

C:\Program Files\Netscape\Netscape\Natalie\xgo56d1e.slt\Mail\mail.comcast.net\inbox Suspicious: Exploit.HTML.Iframe.FileDownload 18

C:\Program Files\Netscape\Netscape\Natalie\xgo56d1e.slt\Mail\mail.comcast.net\Trash Suspicious: Exploit.HTML.Iframe.FileDownload 17

Selected area has been scanned.

Attached Files



#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 PM

Posted 10 February 2010 - 04:04 PM

Hello.

Yes that "atapi.old" is the file we re-named in the Recovery Console, it's inactive.

There's some infected mails in your Inbox and Trash, I suggest you empty out some of them.

Other than that's how's the computer behaving now?

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 brisolts

brisolts
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:03:08 PM

Posted 10 February 2010 - 11:09 PM

EB -
The Netscape mail was all old so I removed each of the Kaspersky listed files that had an issue - that should be all set.

The computer is running very good. The redirect symptoms are gone.

The only other issue that seems odd to me, but don't know if it is related to viruses, is that i have 2 windows updates that keep failing .NET framework. I assume it is unrelated to virus issues and I will work through the MS supplied help related to the failures.

Windows XP Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86 Wednesday, February 10, 2010 Automatic Updates
Windows XP Microsoft .NET Framework 2.0 Service Pack 1 Security Update for Windows 2000, Windows Server 2003, and Windows XP (KB953300) Wednesday, February 10, 2010

but otherwise computer is running great!

thanks for your continued support,
brian

------------------------------------------------------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 22:57:55.06 on Wed 02/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1215.680 [GMT -5:00]

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\windows\System32\svchost.exe -k imgsvc
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\windows\Explorer.EXE
C:\windows\LTMSG.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\rundll32.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\windows\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
mSearch Bar = hxxp://srch-us9.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} -
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LTMSG] LTMSG.exe 7
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck /autofix /waitstart
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
Trusted Zone: healthcareforamericanow.org
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: GeoConvertCab - hxxp://www.co.jackson.mi.us/CountyGIS/GeoConvert.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.40/uploader2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127151834109
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5137/mcfscan.cab
Notify: igfxcui - igfxsrvc.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 71.4.140.20 bart.enkitec.com

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-10-9 214664]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-24 135664]
S3 ADPUSBLD;Adaptec USBXchange Firmware Installer;c:\windows\system32\drivers\Adpusbld.sys [2001-6-4 14061]
S3 ADPUSBMS;Adaptec USBXchange Mass Storage Driver;c:\windows\system32\drivers\Adpusbst.sys [2001-6-5 18560]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-10-9 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-10-9 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-10-9 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-10-9 40552]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2003-11-19 11520]

=============== Created Last 30 ================

2010-02-06 14:00:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-02-06 13:04:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-05 02:41:17 98816 ----a-w- c:\windows\sed.exe
2010-02-05 02:41:17 77312 ----a-w- c:\windows\MBR.exe
2010-02-05 02:41:17 261632 ----a-w- c:\windows\PEV.exe
2010-02-05 02:41:17 161792 ----a-w- c:\windows\SWREG.exe
2010-01-26 15:52:16 0 d-----w- c:\program files\Microsoft Security Essentials
2010-01-26 00:31:25 3764 ----a-w- c:\windows\system32\OEMINFO.PNF
2010-01-25 17:02:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-16 16:23:17 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-01-16 14:30:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-16 13:27:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt
2010-01-16 00:39:35 522 ----a-w- c:\windows\hegames.ini
2010-01-16 00:39:27 0 d-----w- C:\hegames
2010-01-13 11:53:28 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2010-02-08 08:27:59 96512 ----a-w- c:\windows\system32\drivers\atapi.old
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-21 13:19:18 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 17:11:44 17920 ------w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11:44 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
2009-11-27 16:07:35 8704 ------w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07:35 28672 ------w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:35 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:07:34 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 16:07:34 84992 ------w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ------w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07:34 11264 ------w- c:\windows\system32\msrle32.dll
2009-11-27 16:07:34 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2009-10-16 02:39:33 2146 ----a-w- c:\program files\USGS_24k_topo_index_with_topo_base.kmz
2005-11-14 21:43:56 948936 ----a-w- c:\program files\install_flash_player.exe
2009-06-09 06:28:38 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-08-04 07:07:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080420080805\index.dat

============= FINISH: 22:58:13.42 ===============

Attached Files



#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 PM

Posted 11 February 2010 - 08:34 PM

Hello.

Yes, logs look fine. Just remove the older versions of Java except Java 6 update 18.

--
Regarding those updates, you may wish to try manually download them off the Microsoft page. I also had trouble downloading those due to probably the server.

Please follow/read the steps below to remove the tools we used and for some more information. smile.gif


Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything assoicated with it.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

System A bit Slow? Try StartupLight

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.


Congratulations! You now appear clean! specool.gif

Now that you are clean, please follow and read some of the prevention tips below.

Preventing Infections in the Future


Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:

Some of the main things you should consider to perform/read are:
  • Disabling Autorun/Play on Flash-Drive/Removable Drives
  • Avoid gaming sites, underground web pages, pirated software sites, and Peer to Peer Programs
  • Keep Windows Updated through going to Windows Updates
  • Updating Non-Microsoft Programs
  • Keeping Security softwares updated

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck thumbup2.gif


If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks smile.gif

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 brisolts

brisolts
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:03:08 PM

Posted 12 February 2010 - 12:24 AM

Extremeboy -
I removed the old javas - had to get windows install clean up program to do it. I also removed combofix and ran OTX successfully.

The redirect issues are gone and the computer is running good, so you can close this topic and help somebody else out smile.gif

thank you very much for the time and effort, and I am already recommending bleepingcomputer. I am also going to check out the tutorials and smarten myself up !

thanks again,
brian




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users