Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.Tdss.565


  • This topic is locked This topic is locked
18 replies to this topic

#1 460 Jetboat

460 Jetboat

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 PM

Posted 24 February 2010 - 08:37 PM

I am unable to update Malwarebytes or SuperAntiSpyware in regular or safe mode.
It had the computer locked out of booting into safe mode, but Boopme helped me get past that one, and then refered me here. To see what has been done thus far:

http://www.bleepingcomputer.com/forums/t/297907/xp-unable-to-boot-into-safe-mode/

I ran Cure-it which found and deleted Backdoor.Tdss.565

I'm having to work in safe mode now.
Defogger has been run also.


DDS (Ver_09-12-01.01) - NTFSx86
Run by tndavis at 21:27:05.23 on Tue 02/23/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.84 [GMT -6:00]

AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\PROGRA~1\DrWeb\spidernt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\DrWeb\SpIDerAgent.exe
C:\PROGRA~1\DrWeb\spiderui.exe
C:\Garmin\gStart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol toolbar\aoltbServer.exe
C:\Program Files\Cobian Backup 9\cbService.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\devldr32.exe
C:\Documents and Settings\tndavis\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com
uSearchAssistant = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [gStart] c:\garmin\gStart.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SpIDerAgent] "c:\program files\drweb\SpIDerAgent.exe"
mRun: [SpIDerMail] "c:\program files\drweb\spiderml.exe"
mRun: [SpIDerNT] c:\progra~1\drweb\spiderui.exe /agent
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Cobian Backup 9 interface] "c:\program files\cobian backup 9\cbInterface.exe" -service
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: malwarebytes.org\www
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} - hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179856333312
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210097037402
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://daviscomputer.com/Remote/msrdp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.3.1/jinstall-1_3_1-windows-i586.cab
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15111/CTPID.cab
TCP: {72664019-6151-4D6F-8FDE-E9F3FEFB36D6} = 93.188.162.178,93.188.161.103
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tndavis\applic~1\mozilla\firefox\profiles\ha2tq8mk.default\
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2009-5-2 107000]
R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [2007-6-26 19507]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-9-3 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 74480]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [2007-6-26 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [2007-6-26 423454]
R2 CobianBackupAmanita;Cobian Backup 9 service;c:\program files\cobian backup 9\cbService.exe [2010-2-23 583168]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\common files\doctor web\scanning engine\dwengine.exe [2009-1-21 869688]
R2 MLPTDR_C;MLPTDR_C;c:\windows\system32\MLPTDR_C.SYS [2002-5-31 19296]
R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2009-11-18 109168]
R2 SPIDER;SpIDer Guard File System Monitor;c:\progra~1\drweb\spider.sys [2008-12-15 306464]
R2 SPIDERNT;SpIDer Guard for Windows;c:\progra~1\drweb\spidernt.exe [2008-12-15 231328]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-2-15 333328]
S0 Wingj77;Wingj77;c:\windows\system32\drivers\wingj77.sys --> c:\windows\system32\drivers\Wingj77.sys [?]
S1 sonypvd3;Sony DVD Handycam;c:\windows\system32\drivers\sonypvd3.sys [2007-6-26 64964]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-7 135664]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-4-28 52240]
S2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-2-15 36368]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]
S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2008-4-28 488768]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-4-28 648456]

=============== Created Last 30 ================

2010-02-24 03:18:14 0 d-----w- c:\program files\Cobian Backup 9
2010-02-23 19:49:39 0 d-----w- c:\program files\AOL Toolbar
2010-02-23 19:49:39 0 d-----w- c:\docume~1\alluse~1\applic~1\AOL Toolbar
2010-02-23 19:49:37 0 d-----w- c:\program files\common files\Software Update Utility
2010-02-23 19:49:36 0 d--h--w- c:\windows\msdownld.tmp
2010-02-23 19:46:58 0 dc-h--w- c:\windows\ie8
2010-02-23 07:02:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-23 07:01:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-23 05:37:46 0 d-sha-r- C:\cmdcons
2010-02-23 05:36:00 98816 ----a-w- c:\windows\sed.exe
2010-02-23 05:36:00 77312 ----a-w- c:\windows\MBR.exe
2010-02-23 05:36:00 261632 ----a-w- c:\windows\PEV.exe
2010-02-23 05:36:00 161792 ----a-w- c:\windows\SWREG.exe
2010-02-07 03:46:23 54156 ---ha-w- c:\windows\QTFont.qfn
2010-02-07 03:46:23 1409 ----a-w- c:\windows\QTFont.for
2010-02-05 22:50:50 0 d-----w- c:\program files\Microsoft MapPoint 2009
2010-02-01 04:34:42 7062 ----a-w- c:\windows\system32\audiopid.vxd
2010-02-01 04:34:31 0 d-----w- c:\program files\Creative

==================== Find3M ====================

2010-02-23 17:48:27 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-17 15:26:12 107000 ----a-w- c:\windows\system32\drivers\dwprot.sys
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll

============= FINISH: 21:27:54.60 ===============




Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:59 PM

Posted 26 February 2010 - 09:56 PM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Dr Web or Trend Micro.



We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    proquota.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


unite.jpg


#3 460 Jetboat

460 Jetboat
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 PM

Posted 27 February 2010 - 12:54 AM

Hi Syler, I'm Ken, and I really appreciate your help!

The only TrendMicro on my machine was housecalls, which I didn't think was active unless you were scanning with it... However I deleted it.
Here are the two files you asked for;

OTL TEXT
OTL logfile created on: 2/26/2010 11:40:30 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\tndavis\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 162.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 135.09 Gb Free Space | 72.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CLONE
Current User Name: tndavis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/26 23:37:39 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tndavis\Desktop\OTL.exe
PRC - [2010/02/15 08:34:21 | 000,447,728 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spideragent.exe
PRC - [2010/01/22 15:42:32 | 000,140,624 | ---- | M] (AOL Inc) -- c:\Program Files\AOL Toolbar\aoltbServer.exe
PRC - [2009/12/03 16:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2009/12/03 16:52:32 | 000,670,864 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2009/10/06 12:37:18 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2009/09/29 05:46:27 | 000,869,688 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
PRC - [2009/09/13 18:52:50 | 001,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/09/03 08:41:22 | 000,231,840 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spiderui.exe
PRC - [2009/09/03 08:41:20 | 000,231,328 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spidernt.exe
PRC - [2009/07/15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2009/07/02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/01/22 11:38:38 | 000,583,168 | ---- | M] (Luis Cobian) -- C:\Program Files\Cobian Backup 9\cbService.exe
PRC - [2009/01/22 11:38:32 | 002,749,952 | ---- | M] (Luis Cobian) -- C:\Program Files\Cobian Backup 9\cbInterface.exe
PRC - [2008/08/13 14:34:08 | 001,891,416 | ---- | M] (GARMIN Corp.) -- C:\Garmin\gStart.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/08/06 13:41:06 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2001/09/25 08:32:50 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2001/08/17 21:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010/02/26 23:37:39 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tndavis\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/01/07 05:51:28 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/12/03 16:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2009/10/06 12:37:18 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2009/09/29 05:46:27 | 000,869,688 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe -- (DrWebEngine) Dr.Web Scanning Engine (DrWebEngine)
SRV - [2009/09/03 08:41:20 | 000,231,328 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files\DrWeb\spidernt.exe -- (SPIDERNT)
SRV - [2009/07/15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2009/07/02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/03/26 04:33:59 | 000,183,280 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/01/29 20:59:43 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/22 11:38:38 | 000,583,168 | ---- | M] (Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 9\cbService.exe -- (CobianBackupAmanita)
SRV - [2008/02/15 23:58:10 | 000,648,456 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2008/02/15 23:58:10 | 000,488,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2007/12/24 16:41:06 | 000,333,064 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2001/09/25 08:32:50 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2010/02/23 11:48:27 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2010/02/17 09:26:12 | 000,107,000 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dwprot.sys -- (DwProt)
DRV - [2010/01/05 12:33:50 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/01/05 12:33:47 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/09/03 08:41:13 | 000,306,464 | ---- | M] (Doctor Web, Ltd.) [File_System | Auto | Running] -- C:\Program Files\DrWeb\spider.sys -- (SPIDER)
DRV - [2009/07/15 13:43:32 | 000,017,136 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2009/06/18 18:48:04 | 000,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2008/09/03 14:07:16 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/05/02 15:22:00 | 000,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2008/05/02 15:21:52 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2008/05/02 15:17:18 | 001,169,240 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2008/04/13 12:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/15 22:39:32 | 000,333,328 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2008/02/15 22:39:32 | 000,065,936 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2008/01/01 21:22:23 | 000,019,507 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sonypvl3.sys -- (sonypvl3)
DRV - [2007/12/24 16:37:20 | 000,052,496 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2007/12/24 16:37:12 | 000,052,240 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2007/11/29 16:30:24 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/11/13 04:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/06/12 11:27:00 | 000,011,776 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdiddcci.sys -- (pdiddcci)
DRV - [2007/02/09 12:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007/02/09 12:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2006/02/20 17:59:36 | 000,083,344 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810obex.sys -- (w810obex)
DRV - [2006/02/20 17:59:34 | 000,094,064 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810mdm.sys -- (w810mdm)
DRV - [2006/02/20 17:59:34 | 000,085,408 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810mgmt.sys -- (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM)
DRV - [2006/02/20 17:59:32 | 000,008,336 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810mdfl.sys -- (w810mdfl)
DRV - [2006/02/20 09:59:28 | 000,058,288 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM)
DRV - [2005/09/23 17:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/12/07 15:00:48 | 000,064,964 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sonypvd3.sys -- (sonypvd3)
DRV - [2004/12/06 14:26:16 | 000,423,454 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sonypvt3.sys -- (sonypvt3)
DRV - [2004/11/15 13:55:14 | 000,619,390 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sonypvf3.sys -- (sonypvf3)
DRV - [2004/11/02 08:27:20 | 000,773,565 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2004/08/04 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/03/17 15:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2002/05/31 16:04:12 | 000,019,296 | ---- | M] (Minolta Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\MLPTDR_C.SYS -- (MLPTDR_C)
DRV - [2001/09/27 10:00:26 | 000,028,396 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 12:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 11:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 11:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 11:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 11:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)


IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-606747145-573735546-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKU\S-1-5-21-606747145-573735546-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-606747145-573735546-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKU\S-1-5-21-606747145-573735546-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-606747145-573735546-839522115-1003\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
IE - HKU\S-1-5-21-606747145-573735546-839522115-1003\S-1-5-21-606747145-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0


FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\:
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2010/02/26 22:34:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2010/02/26 22:34:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/07/28 10:04:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/23 05:51:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/26 22:34:27 | 000,000,000 | ---D | M]

[2010/02/23 05:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tndavis\Application Data\Mozilla\Extensions
[2009/11/17 14:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tndavis\Application Data\Mozilla\Firefox\extensions
[2009/11/17 14:55:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tndavis\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/02/26 04:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tndavis\Application Data\Mozilla\Firefox\Profiles\ha2tq8mk.default\extensions
[2010/02/26 04:25:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/22 23:51:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-606747145-573735546-839522115-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-606747145-573735546-839522115-1003\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [Cobian Backup 9 interface] C:\Program Files\Cobian Backup 9\cbInterface.exe (Luis Cobian)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SpIDerAgent] C:\Program Files\DrWeb\SpIDerAgent.exe (Doctor Web, Ltd.)
O4 - HKLM..\Run: [SpIDerMail] C:\Program Files\DrWeb\spiderml.exe (Doctor Web, Ltd.)
O4 - HKLM..\Run: [SpIDerNT] C:\Program Files\DrWeb\spiderui.exe (Doctor Web, Ltd.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-606747145-573735546-839522115-1003..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe File not found
O4 - HKU\S-1-5-21-606747145-573735546-839522115-1003..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-606747145-573735546-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-606747145-573735546-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-606747145-573735546-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-606747145-573735546-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-606747145-573735546-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-606747145-573735546-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-606747145-573735546-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-606747145-573735546-839522115-1003\..Trusted Domains: malwarebytes.org ([www] http in Trusted sites)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} http://minitelweb.minitel.com/imin_data/ocx/MDM.cab (France Telecom MDM ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1179856333312 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1210097037402 (MUWebControl Class)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://daviscomputer.com/Remote/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.3.1/...-131_02-win.cab (Java Plug-in 1.3.1_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB (TSEasyInstallX Control)
O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.3.1/jinstall-...indows-i586.cab (Java Plug-in 1.3.1)
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/...-131_02-win.cab (Java Plug-in 1.3.1_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\tndavis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\tndavis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/26 11:27:29 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/05/22 11:23:30 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe - ()
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: PivotSoftware - hkey= - key= - C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SystemRestore not available.

========== Files/Folders - Created Within 30 Days ==========

[2010/02/26 23:37:36 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tndavis\Desktop\OTL.exe
[2010/02/26 19:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/02/26 18:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/02/26 18:46:13 | 009,034,488 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\tndavis\Desktop\mssefullinstall-x86fre-en-us-xp [Security Essentials].exe
[2010/02/26 08:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tndavis\Application Data\CyberLink
[2010/02/25 21:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/02/25 21:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2010/02/25 21:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2010/02/25 19:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2010/02/25 19:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010/02/25 07:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/02/24 20:49:14 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2010/02/23 22:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tndavis\Desktop\gmer
[2010/02/23 21:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9
[2010/02/23 20:33:48 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/02/23 13:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tndavis\Local Settings\Application Data\AOL Toolbar
[2010/02/23 13:49:39 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Toolbar
[2010/02/23 13:49:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL Toolbar
[2010/02/23 13:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/02/23 13:49:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010/02/23 13:46:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/23 10:52:21 | 005,024,871 | ---- | C] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\tndavis\Desktop\SASDEFINITIONS.EXE
[2010/02/23 01:02:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/23 01:01:58 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/23 01:00:08 | 005,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\tndavis\Desktop\mbam-setup.exe
[2010/02/23 00:54:58 | 010,314,752 | ---- | C] (Luis Cobian) -- C:\Documents and Settings\tndavis\Desktop\cbSetup.9.5.1.212.exe
[2010/02/23 00:08:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/22 23:57:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/22 23:37:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/22 23:36:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/22 23:36:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/22 23:36:00 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/22 23:36:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/21 13:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/02/15 19:39:02 | 000,175,880 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\tndavis\Desktop\TDSSKiller.exe
[2010/02/05 20:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2010/02/05 16:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft MapPoint 2009
[2010/01/31 22:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2009/12/16 20:44:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/06/13 18:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/05/08 08:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/15 08:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/11/10 16:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Help
[2008/11/10 16:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Help
[2008/11/10 04:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2008/11/10 04:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2008/11/08 00:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008/11/08 00:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/06/26 18:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2008/06/25 09:08:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/06/25 09:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/03/22 01:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/12/07 04:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities
[2007/12/07 04:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2007/12/06 02:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Real
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/26 23:37:39 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tndavis\Desktop\OTL.exe
[2010/02/26 23:01:01 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/26 22:11:05 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2010/02/26 22:04:37 | 000,000,817 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/26 20:53:40 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\tndavis\Desktop\7-Day Forecast for Latitude 37.1N and Longitude -93.49W (Elev. 1299 ft).url
[2010/02/26 20:12:22 | 000,155,648 | ---- | M] () -- C:\Documents and Settings\tndavis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/26 20:01:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/26 19:42:18 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/26 19:01:56 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/02/26 18:59:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/26 18:58:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/26 18:57:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/26 18:56:59 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\tndavis\ntuser.dat
[2010/02/26 18:56:59 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\tndavis\ntuser.ini
[2010/02/26 18:47:19 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/02/26 18:23:06 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\Dr.Web Update.job
[2010/02/26 18:00:00 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/02/26 04:14:57 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2010/02/25 21:00:26 | 000,001,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Carbonite Backup Drive.lnk
[2010/02/25 05:30:28 | 000,006,867 | ---- | M] () -- C:\Documents and Settings\tndavis\My Documents\DrWeb.csv
[2010/02/24 20:21:34 | 032,017,112 | ---- | M] () -- C:\Documents and Settings\tndavis\Desktop\launch.exe
[2010/02/23 22:14:09 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\tndavis\Desktop\Shortcut to gmer.exe.lnk
[2010/02/23 21:29:08 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\tndavis\Desktop\gmer.zip
[2010/02/23 21:25:30 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\tndavis\Desktop\dds.scr
[2010/02/23 21:19:22 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\tndavis\Desktop\cbSetup.dat
[2010/02/23 13:49:58 | 002,148,438 | -H-- | M] () -- C:\Documents and Settings\tndavis\Local Settings\Application Data\IconCache.db
[2010/02/23 11:48:27 | 000,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2010/02/23 10:52:50 | 005,024,871 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\tndavis\Desktop\SASDEFINITIONS.EXE
[2010/02/23 10:19:56 | 003,869,515 | R--- | M] () -- C:\Documents and Settings\tndavis\Desktop\Combo-Fix.exe
[2010/02/23 08:51:30 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\tndavis\Desktop\SUPERAntiSpyware Free Edition (2).lnk
[2010/02/23 05:50:52 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/23 02:03:31 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\tndavis\My Documents\Close all open Internet Explorer and Windows Explorer windows.doc
[2010/02/23 01:40:07 | 000,363,008 | ---- | M] () -- C:\Documents and Settings\tndavis\Desktop\rkill.com
[2010/02/23 01:02:08 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/23 01:00:08 | 005,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\tndavis\Desktop\mbam-setup.exe
[2010/02/23 00:54:57 | 010,314,752 | ---- | M] (Luis Cobian) -- C:\Documents and Settings\tndavis\Desktop\cbSetup.9.5.1.212.exe
[2010/02/22 23:52:22 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/22 23:51:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/22 23:38:00 | 000,000,281 | -H-- | M] () -- C:\boot.ini
[2010/02/21 21:41:46 | 000,731,035 | ---- | M] () -- C:\Documents and Settings\tndavis\Desktop\valve-dummies[1].pdf
[2010/02/21 03:32:01 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/02/20 09:42:45 | 000,000,061 | ---- | M] () -- C:\Documents and Settings\tndavis\Desktop\index.URL
[2010/02/19 18:37:24 | 000,025,408 | ---- | M] () -- C:\Documents and Settings\tndavis\Desktop\not-this-bleep-again.jpg
[2010/02/18 07:03:26 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/17 17:32:38 | 000,055,918 | ---- | M] () -- C:\Documents and Settings\tndavis\Desktop\ostrich.jpg
[2010/02/17 09:26:12 | 000,107,000 | ---- | M] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys
[2010/02/16 19:47:11 | 000,880,619 | ---- | M] () -- C:\Documents and Settings\tndavis\Desktop\DCP_0563.JPG
[2010/02/16 09:14:02 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\tndavis\My Documents\Dad.doc
[2010/02/16 09:05:16 | 063,580,164 | ---- | M] () -- C:\Documents and Settings\tndavis\Desktop\nicole..hdtv.mpg
[2010/02/15 19:39:02 | 000,175,880 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\tndavis\Desktop\TDSSKiller.exe
[2010/02/14 10:03:47 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\tndavis\Desktop\Glary Utilities.lnk
[2010/02/11 09:51:18 | 000,000,147 | ---- | M] () -- C:\Documents and Settings\tndavis\Desktop\.url
[2010/02/10 06:30:02 | 001,660,789 | ---- | M] () -- C:\Documents and Settings\tndavis\Desktop\nuvi750-GPS-Atl_OwnersManual[1].pdf
[2010/02/10 03:07:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/08 16:22:18 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\tndavis\My Documents\SS1000REP-SF.ptm
[2010/02/07 23:37:04 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\tndavis\My Documents\Lee South.ptm
[2010/02/07 23:15:22 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\tndavis\My Documents\Great Bend to Santa Fe.ptm
[2010/02/07 22:51:01 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\tndavis\My Documents\Aurora to Great Bend.ptm
[2010/02/07 21:45:07 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\tndavis\My Documents\331 W Anderson St, Republic, MO 65738 to Great Bend.ptm
[2010/02/06 06:36:59 | 000,059,248 | ---- | M] () -- C:\Documents and Settings\tndavis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/05 21:13:14 | 000,017,566 | ---- | M] () -- C:\Documents and Settings\tndavis\My Documents\GB-SF.trp
[2010/02/05 21:01:00 | 000,000,335 | ---- | M] () -- C:\WINDOWS\Trpmaker.INI
[2010/02/05 20:14:14 | 000,234,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/02 08:30:24 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\tndavis\My Documents\Kens Office Inventory '10doc.doc
[2010/02/02 08:15:24 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\tndavis\My Documents\tool inventory '10.xls
[2010/02/02 06:47:38 | 000,009,357 | ---- | M] () -- C:\Documents and Settings\tndavis\My Documents\BMW_Torque_Chart[1].pdf
[2010/01/31 20:45:40 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\tndavis\My Documents\IBAWitnessForm.doc
[2010/01/30 09:33:50 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\tndavis\Desktop\Shortcut to Internet.lnk
[2010/01/29 17:54:32 | 000,040,106 | ---- | M] () -- C:\Documents and Settings\tndavis\Desktop\Leo.jpg
[2010/01/29 12:58:40 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\tndavis\Desktop\Rick McCrea.doc
[2010/01/29 08:16:30 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\tndavis\My Documents\Riding position.doc
[2010/01/28 08:56:19 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\tndavis\My Documents\Marriottest1-28-10.doc
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/26 19:10:00 | 000,000,320 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job
[2010/02/26 18:52:38 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/26 18:47:19 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/02/25 21:00:26 | 000,001,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Carbonite Backup Drive.lnk
[2010/02/23 22:14:09 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\tndavis\Desktop\Shortcut to gmer.exe.lnk
[2010/02/23 21:29:06 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\tndavis\Desktop\gmer.zip
[2010/02/23 21:25:27 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\tndavis\Desktop\dds.scr
[2010/02/23 21:19:22 | 000,001,032 | ---- | C] () -- C:\Documents and Settings\tndavis\Desktop\cbSetup.dat
[2010/02/23 11:17:06 | 032,017,112 | ---- | C] () -- C:\Documents and Settings\tndavis\Desktop\launch.exe
[2010/02/23 10:19:56 | 003,869,515 | R--- | C] () -- C:\Documents and Settings\tndavis\Desktop\Combo-Fix.exe
[2010/02/23 08:51:30 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\tndavis\Desktop\SUPERAntiSpyware Free Edition (2).lnk
[2010/02/23 05:50:52 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/23 02:03:30 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\tndavis\My Documents\Close all open Internet Explorer and Windows Explorer windows.doc
[2010/02/23 01:40:05 | 000,363,008 | ---- | C] () -- C:\Documents and Settings\tndavis\Desktop\rkill.com
[2010/02/23 01:02:08 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/22 23:52:19 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\tndavis\Desktop\HijackThis.lnk
[2010/02/22 23:52:19 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\tndavis\Desktop\Dup Detector.lnk
[2010/02/22 23:52:19 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\tndavis\Desktop\CompuServe 7.0.lnk
[2010/02/22 23:52:19 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\tndavis\Desktop\Shortcut to Dyno2003.lnk
[2010/02/22 23:52:18 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\tndavis\Desktop\AutoSketch 9.lnk
[2010/02/22 23:37:59 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/22 23:37:51 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/22 23:36:00 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/22 23:36:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/22 23:36:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/22 23:36:00 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/22 23:36:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/21 21:41:46 | 000,731,035 | ---- | C] () -- C:\Documents and Settings\tndavis\Desktop\valve-dummies[1].pdf
[2010/02/20 09:42:45 | 000,000,061 | ---- | C] () -- C:\Documents and Settings\tndavis\Desktop\index.URL
[2010/02/19 18:37:53 | 000,025,408 | ---- | C] () -- C:\Documents and Settings\tndavis\Desktop\not-this-bleep-again.jpg
[2010/02/18 07:03:26 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/17 17:33:21 | 000,055,918 | ---- | C] () -- C:\Documents and Settings\tndavis\Desktop\ostrich.jpg
[2010/02/16 19:47:10 | 000,880,619 | ---- | C] () -- C:\Documents and Settings\tndavis\Desktop\DCP_0563.JPG
[2010/02/16 09:05:16 | 063,580,164 | ---- | C] () -- C:\Documents and Settings\tndavis\Desktop\nicole..hdtv.mpg
[2010/02/11 09:51:18 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\tndavis\Desktop\.url
[2010/02/07 23:37:03 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\tndavis\My Documents\Lee South.ptm
[2010/02/05 21:12:45 | 000,017,566 | ---- | C] () -- C:\Documents and Settings\tndavis\My Documents\GB-SF.trp
[2010/02/05 20:49:40 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\tndavis\My Documents\Great Bend to Santa Fe.ptm
[2010/02/05 20:28:55 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\tndavis\My Documents\331 W Anderson St, Republic, MO 65738 to Great Bend.ptm
[2010/02/05 20:24:22 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\tndavis\My Documents\Aurora to Great Bend.ptm
[2010/02/05 20:05:20 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\tndavis\My Documents\SS1000REP-SF.ptm
[2010/02/02 08:29:20 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\tndavis\My Documents\Kens Office Inventory '10doc.doc
[2010/02/02 08:15:24 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\tndavis\My Documents\tool inventory '10.xls
[2010/02/02 06:47:38 | 000,009,357 | ---- | C] () -- C:\Documents and Settings\tndavis\My Documents\BMW_Torque_Chart[1].pdf
[2010/01/31 22:34:42 | 000,007,062 | ---- | C] () -- C:\WINDOWS\System32\audiopid.vxd
[2010/01/31 20:45:39 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\tndavis\My Documents\IBAWitnessForm.doc
[2010/01/30 09:33:50 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\tndavis\Desktop\Shortcut to Internet.lnk
[2010/01/29 17:57:35 | 000,040,106 | ---- | C] () -- C:\Documents and Settings\tndavis\Desktop\Leo.jpg
[2010/01/29 08:16:30 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\tndavis\My Documents\Riding position.doc
[2010/01/28 08:56:19 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\tndavis\My Documents\Marriottest1-28-10.doc
[2009/09/09 18:16:35 | 000,219,136 | ---- | C] () -- C:\WINDOWS\System32\sqlite3_engine.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/01 17:30:05 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\jvgbpjt.sys
[2009/05/01 07:25:50 | 000,219,136 | ---- | C] () -- C:\WINDOWS\sqlite3_engine.dll
[2008/12/25 17:41:36 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2008/12/10 12:16:28 | 000,000,142 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/08/01 20:42:32 | 000,000,026 | ---- | C] () -- C:\WINDOWS\RECOVER.INI
[2008/07/28 05:36:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\setup_XP.ini
[2008/05/25 11:38:09 | 000,000,310 | ---- | C] () -- C:\WINDOWS\PICKLIST.INI
[2008/05/25 11:37:09 | 000,000,302 | ---- | C] () -- C:\WINDOWS\MIREPAIR.INI
[2008/05/25 11:37:09 | 000,000,058 | ---- | C] () -- C:\WINDOWS\MITCHELL.INI
[2008/05/25 11:36:59 | 000,005,247 | ---- | C] () -- C:\WINDOWS\ODWIN.INI
[2008/05/25 11:36:59 | 000,000,754 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2008/05/22 12:59:33 | 000,204,288 | ---- | C] () -- C:\WINDOWS\System32\LSXConfig.dll
[2008/04/16 13:45:16 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/03/11 21:48:13 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/02/20 16:53:01 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2007/09/10 21:21:29 | 000,000,078 | ---- | C] () -- C:\WINDOWS\psuite.ini
[2007/06/26 11:41:36 | 000,002,216 | ---- | C] () -- C:\Documents and Settings\tndavis\Application Data\ViewerApp.dat
[2007/06/11 14:24:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2007/06/11 07:04:33 | 000,000,455 | ---- | C] () -- C:\WINDOWS\3DHOME.INI
[2007/06/03 07:22:59 | 000,000,335 | ---- | C] () -- C:\WINDOWS\Trpmaker.INI
[2007/06/03 07:22:05 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PlugFile.dll
[2007/06/03 07:22:04 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2007/06/03 07:22:04 | 000,038,688 | ---- | C] () -- C:\WINDOWS\System32\Leaddib.drv
[2007/06/03 07:22:04 | 000,011,136 | ---- | C] () -- C:\WINDOWS\System32\Fprun300.dll
[2007/06/02 21:15:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/02 20:22:23 | 000,155,648 | ---- | C] () -- C:\Documents and Settings\tndavis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/04 06:00:00 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2002/05/31 16:04:12 | 000,021,388 | ---- | C] () -- C:\WINDOWS\MSTMON_C.INI
[2002/05/31 16:04:12 | 000,010,242 | ---- | C] () -- C:\WINDOWS\MSUMLT_C.INI
[2002/05/31 16:04:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MCMM___C.DLL

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 18:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2004/08/04 06:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\eventcls.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >
[2008/02/28 20:24:22 | 001,607,392 | ---- | M] () -- C:\Paint.NET.3.30.2980.Beta1.exe


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/05/06 13:56:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/05/06 13:56:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/05/06 13:56:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/05/06 13:56:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2010/02/23 11:48:27 | 000,096,512 | ---- | M] () MD5=EC04245E83AF4B7BD43E52E0F48FB871 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 06:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 18:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 18:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D786AE3
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

EXTRA.TXT
OTL Extras logfile created on: 2/26/2010 11:40:32 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\tndavis\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 162.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 135.09 Gb Free Space | 72.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CLONE
Current User Name: tndavis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_USERS\S-1-5-21-606747145-573735546-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" = C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE:*:Enabled:SUPERAntiSpyware Free Edition -- (SUPERAntiSpyware.com)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Disabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{0C543595-611C-4BBD-9A10-FCEAD3B6D42F}" = MapSource - North American City Navigator v5
"{0D2C0F74-A5A6-49B0-A07F-A9F4CFE56A9D}" = 2005 National Plumbing and HVAC Estimator Download Version
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{16009F7E-2465-4C09-A037-6531409F598C}" = 2005 National Construction Estimator Download Version
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{2722B882-AADE-45AB-93A6-E2DCAEEA8D65}" = Image Data Converter
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{2BD3661D-1384-4EF4-9E5C-DFDB8EE6E3EA}" = Dr.Web anti-virus for Windows 5.0
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{302645C7-B230-4C07-9AE9-9E0133FCE472}" = 2005 National Repair and Remodeling Estimator Download Version
"{303E11B0-99FF-43BC-AD39-AC3B0D834F3E}" = 2005 National Renovation and Insurance Repair Estimator Download Version
"{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.18
"{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader
"{32C32B46-41C3-438F-94F6-55FE150D50D8}" = ImageMixer EasyStepDVD
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}" = Image Transfer
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
"{84CF618E-71B6-4D62-B5F9-92542E0B850A}" = Wick Autosketch Blocks
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96172E04-BB14-45F6-A77B-8EE7A421B903}" = SAPI Wrapper
"{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}" = TTS Wrapper
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A360821C-6B51-4EE4-A7E5-5E14B15004CD}" = Sony DVD Handycam USB Driver 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.86
"{BAB5AFBD-EFA5-46D6-904C-18C348986A10}" = 2005 National Painting Cost Estimator Download Version
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0A25767-01F1-422F-878A-79E927E9DA66}" = 2008 CD Estimator
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C4D26D60-7B43-4CE9-AE19-A380D9DF126B}" = Garmin MapSource
"{C82185E8-C27B-4EF4-2009-1111BC2C2B6D}" = Microsoft MapPoint North America 2009
"{C9AADB43-B268-4EBB-B69E-D727879CE601}" = Wick Building Configurator
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3266608-FE54-4E95-8429-DFB384548628}" = Wick Building Configurator 1.7.0.0 Patch
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DA80700F-068D-11DF-9686-005056806466}" = Google Earth Plug-in
"{DB639F99-ED74-49D4-8FFD-5B8C34C00D64}" = AutoSketch Release 9
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E8A9B3CF-3C23-4FD3-99BA-7E39830A538B}" = 2005 National Home Improvement Estimator Download Version
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{ECAE6604-5B05-4A97-BA6A-AAA7BE4D7CEE}" = 2005 CD Estimator Heavy Download Version
"{EE68B852-C4C7-42CC-B664-92BBBFAA7FEE}" = Garmin Training Center
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"AOL Toolbar" = AOL Toolbar
"Ask Toolbar_is1" = Ask Toolbar
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Carbonite Backup" = Carbonite
"CCleaner" = CCleaner
"CobBackup9" = Cobian Backup 9
"CompuServe us" = CompuServe
"Glary Utilities_is1" = Glary Utilities 2.19.0.800
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"InstallShield_{0C543595-611C-4BBD-9A10-FCEAD3B6D42F}" = MapSource - North American City Navigator v5
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"JRE 1.3.1_02" = Java 2 Runtime Environment Standard Edition v1.3.1_02
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MGI_PHOTOSUITE_V806" = MGI PhotoSuite 8.1 (Remove Only)
"MGI_VideoWave_V1_0" = MGI VideoWave III (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MINOLTA-QMS PagePro 1250W" = MINOLTA-QMS PagePro 1250W
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer
"save2pc Light_is1" = save2pc Light 3.20
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Stellarium_is1" = Stellarium 0.9.0
"StreetFinder" = Rand McNally StreetFinder Deluxe 1999
"TripMaker" = Rand McNally TripMaker 1999
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wipe" = Wipe
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-606747145-573735546-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/26/2010 9:10:12 PM | Computer Name = CLONE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.0.6212.0,
P5 mpsigdwn.dll, P6 2.0.6212.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 2/26/2010 9:13:37 PM | Computer Name = CLONE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 2.0.6212.0,
P5 mpsigdwn.dll, P6 2.0.6212.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 2/26/2010 9:22:26 PM | Computer Name = CLONE | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 2/26/2010 9:25:37 PM | Computer Name = CLONE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 2.0.6212.0,
P5 mpsigdwn.dll, P6 2.0.6212.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 2/26/2010 9:25:43 PM | Computer Name = CLONE | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 2/26/2010 9:43:30 PM | Computer Name = CLONE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 2.0.6212.0,
P5 mpsigdwn.dll, P6 2.0.6212.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 2/26/2010 10:44:42 PM | Computer Name = CLONE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 2.0.6212.0,
P5 mpsigdwn.dll, P6 2.0.6212.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 2/26/2010 10:44:49 PM | Computer Name = CLONE | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 2/27/2010 12:15:54 AM | Computer Name = CLONE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/27/2010 12:19:22 AM | Computer Name = CLONE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 2.0.6212.0,
P5 mpsigdwn.dll, P6 2.0.6212.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 2/26/2010 10:08:34 PM | Computer Name = CLONE | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=121...DE-D861FCBCFCDE

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072efd Error description: A connection
with the server could not be established

Error - 2/26/2010 10:08:34 PM | Computer Name = CLONE | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=121...DE-D861FCBCFCDE

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072efd Error description: A connection
with the server could not be established

Error - 2/26/2010 10:08:34 PM | Computer Name = CLONE | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=121...DE-D861FCBCFCDE

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072efd Error description: A connection
with the server could not be established

Error - 2/26/2010 10:44:40 PM | Computer Name = CLONE | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%852

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efd Error description:
A connection with the server could not be established

Error - 2/26/2010 10:44:49 PM | Computer Name = CLONE | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=121...DE-D861FCBCFCDE

Signature
Type: %%800 Update Type: %%803 User: CLONE\tndavis Current Engine Version: Previous
Engine Version: 0.0.0.0 Error code: 0x80072efd Error description: A connection with
the server could not be established

Error - 2/26/2010 10:44:49 PM | Computer Name = CLONE | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=121...DE-D861FCBCFCDE

Signature
Type: %%801 Update Type: %%803 User: CLONE\tndavis Current Engine Version: Previous
Engine Version: 0.0.0.0 Error code: 0x80072efd Error description: A connection with
the server could not be established

Error - 2/26/2010 10:44:49 PM | Computer Name = CLONE | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=121...DE-D861FCBCFCDE

Signature
Type: %%800 Update Type: %%803 User: CLONE\tndavis Current Engine Version: Previous
Engine Version: 0.0.0.0 Error code: 0x80072efd Error description: A connection with
the server could not be established

Error - 2/26/2010 10:44:49 PM | Computer Name = CLONE | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=121...DE-D861FCBCFCDE

Signature
Type: %%801 Update Type: %%803 User: CLONE\tndavis Current Engine Version: Previous
Engine Version: 0.0.0.0 Error code: 0x80072efd Error description: A connection with
the server could not be established

Error - 2/27/2010 12:19:20 AM | Computer Name = CLONE | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%852

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efd Error description:
A connection with the server could not be established

Error - 2/27/2010 12:19:38 AM | Computer Name = CLONE | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183


< End of report >


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:59 PM

Posted 27 February 2010 - 03:28 PM

Hi Ken,

Can you tell me what problems you are currently having like popup, redirects, error messages etc.


Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#5 460 Jetboat

460 Jetboat
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 PM

Posted 27 February 2010 - 06:21 PM

Okay Syler, these requests I can handle!
Unable to update any AV programs. Unable to connect to email on Internet Explorer. Was unable to boot into safe mode, but that is repaired through SAS repair utility. Unable to download any windows updates.

Combofix the first time I ran it several days ago, did have to reinstall the repair utility, however this time it was good to go.
Here is the log you requested;

ComboFix 10-02-22.07 - tndavis 02/27/2010 15:57:14.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.206 [GMT -6:00]
Running from: c:\documents and settings\tndavis\Desktop\Combo-Fix.exe
AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((( Files Created from 2010-01-27 to 2010-02-27 )))))))))))))))))))))))))))))))
.

2010-02-27 12:01 . 2010-02-27 12:01 -------- d-----w- c:\windows\system32\NtmsData
2010-02-27 01:10 . 2010-02-27 01:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-02-27 00:47 . 2010-02-27 00:47 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-26 14:28 . 2010-02-26 14:28 -------- d-----w- c:\documents and settings\tndavis\Application Data\CyberLink
2010-02-26 03:56 . 2010-02-26 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-02-26 03:00 . 2010-02-26 03:00 -------- d-----w- c:\program files\Carbonite
2010-02-26 03:00 . 2010-02-26 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Carbonite
2010-02-26 01:55 . 2010-02-26 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-02-26 01:49 . 2010-02-27 04:30 -------- d-----w- c:\program files\CyberLink
2010-02-25 13:40 . 2010-02-25 13:40 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-25 13:37 . 2010-02-25 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2010-02-24 03:18 . 2010-02-24 03:18 -------- d-----w- c:\program files\Cobian Backup 9
2010-02-24 02:35 . 2010-02-24 02:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-02-23 19:53 . 2010-02-23 19:53 -------- d-----w- c:\documents and settings\tndavis\Local Settings\Application Data\AOL Toolbar
2010-02-23 19:49 . 2010-02-23 19:49 -------- d-----w- c:\program files\AOL Toolbar
2010-02-23 19:49 . 2010-02-23 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Toolbar
2010-02-23 19:49 . 2010-02-23 19:49 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-02-23 19:49 . 2010-02-23 19:49 -------- d--h--w- c:\windows\msdownld.tmp
2010-02-23 19:46 . 2010-02-23 19:48 -------- dc-h--w- c:\windows\ie8
2010-02-23 07:02 . 2009-12-30 20:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-23 07:01 . 2009-12-30 20:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-21 19:03 . 2010-02-21 19:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-06 14:14 . 2010-02-06 14:14 3724008 ----a-w- c:\documents and settings\Emm's documents\CuteWriter.exe
2010-02-05 22:50 . 2010-02-06 02:15 -------- d-----w- c:\program files\Microsoft MapPoint 2009
2010-02-01 04:34 . 2010-02-01 04:34 -------- d-----w- c:\program files\Creative

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 21:55 . 2009-05-01 04:03 -------- d-----w- c:\program files\DrWeb
2010-02-27 21:04 . 2007-12-25 18:03 -------- d-----w- c:\program files\DivX
2010-02-27 14:01 . 2009-07-31 19:42 -------- d-----w- c:\program files\CompuServe 7.0a
2010-02-27 06:53 . 2009-05-01 13:26 -------- d-----w- c:\documents and settings\tndavis\Application Data\WIPE
2010-02-27 04:30 . 2007-05-22 17:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-27 04:23 . 2007-12-29 01:22 -------- d-----w- c:\program files\Yahoo!
2010-02-27 04:19 . 2008-11-07 04:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-26 14:16 . 2008-03-12 03:51 -------- d-----w- c:\program files\CompuServe 7.0
2010-02-25 13:40 . 2008-04-14 12:00 -------- d-----w- c:\program files\Elecard
2010-02-23 20:14 . 2009-03-26 03:27 117760 ----a-w- c:\documents and settings\tndavis\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-23 17:48 . 2004-08-04 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-23 15:57 . 2009-04-30 13:51 -------- d-----w- c:\program files\XnView
2010-02-23 07:20 . 2009-05-01 12:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-17 15:26 . 2009-05-03 04:54 107000 ----a-w- c:\windows\system32\drivers\dwprot.sys
2010-02-14 16:06 . 2009-07-18 16:10 -------- d-----w- c:\program files\Glary Utilities
2010-02-06 12:36 . 2007-06-27 01:55 59248 ----a-w- c:\documents and settings\tndavis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-05 22:49 . 2008-07-08 13:09 -------- d-----w- c:\program files\MSECache
2010-02-03 02:22 . 2007-06-03 14:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-29 09:13 . 2009-10-18 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-01-24 01:42 . 2010-01-24 01:42 3519152 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\DriverCure\Temp\DriverCure Installer.exe
2010-01-24 01:42 . 2010-01-24 01:42 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2010-01-24 01:40 . 2010-01-24 01:40 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-01-24 01:40 . 2010-01-24 01:40 -------- d-----w- c:\program files\ParetoLogic
2010-01-22 21:40 . 2010-01-22 21:40 102400 ----a-w- c:\documents and settings\All Users\Application Data\AOL Toolbar\ieToolbar\resources\en-US\aoltbres.dll
2010-01-18 03:12 . 2010-01-18 03:12 152576 ----a-w- c:\documents and settings\tndavis\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-18 03:10 . 2010-01-18 03:10 79488 ----a-w- c:\documents and settings\tndavis\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-12 02:22 . 2010-01-12 02:22 -------- d-----w- c:\program files\Garmin GPS Plugin
2010-01-07 11:51 . 2007-09-09 19:20 -------- d-----w- c:\program files\Google
2010-01-05 18:35 . 2010-01-05 18:35 52224 ----a-w- c:\documents and settings\tndavis\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-05 18:26 . 2009-05-01 13:25 -------- d-----w- c:\program files\Wipe
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2007-05-22 17:20 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2004-08-04 12:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-04 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

------- Sigcheck -------

[-] 2010-02-23 17:48 . EC04245E83AF4B7BD43E52E0F48FB871 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

c:\windows\System32\ctfmon.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 23:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-12-03 22:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-12-03 22:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-12-03 22:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpIDerAgent"="c:\program files\DrWeb\SpIDerAgent.exe" [2010-02-15 447728]
"SpIDerMail"="c:\program files\DrWeb\spiderml.exe" [2009-07-02 644336]
"SpIDerNT"="c:\progra~1\DrWeb\spiderui.exe" [2009-09-03 231840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Cobian Backup 9 interface"="c:\program files\Cobian Backup 9\cbInterface.exe" [2009-01-22 2749952]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-12-03 670864]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-14 1048392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-01-05 18:33 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
backup=c:\windows\pss\Image Transfer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 06:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]
2007-02-09 18:17 694008 ----a-w- c:\program files\Portrait Displays\Pivot Software\wpCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-07-28 16:03 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"DT HPW"=c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPW
"SoundMan"=SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=

P2 SPIDERNT;SpIDer Guard for Windows;c:\progra~1\DrWeb\spidernt.exe [12/15/2008 1:09 PM 231328]
R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [5/2/2009 10:54 PM 107000]
R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [6/26/2007 11:26 AM 19507]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 2:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 2:07 PM 74480]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [6/26/2007 11:26 AM 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [6/26/2007 11:26 AM 423454]
R2 CobianBackupAmanita;Cobian Backup 9 service;c:\program files\Cobian Backup 9\cbService.exe [2/23/2010 9:18 PM 583168]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [1/21/2009 3:09 PM 869688]
R2 MLPTDR_C;MLPTDR_C;c:\windows\system32\MLPTDR_C.SYS [5/31/2002 4:04 PM 19296]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [11/18/2009 12:26 PM 109168]
R2 SPIDER;SpIDer Guard File System Monitor;c:\progra~1\DrWeb\spider.sys [12/15/2008 1:09 PM 306464]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2/15/2008 10:39 PM 333328]
S0 Wingj77;Wingj77;c:\windows\system32\Drivers\Wingj77.sys --> c:\windows\system32\Drivers\Wingj77.sys [?]
S1 sonypvd3;Sony DVD Handycam;c:\windows\system32\drivers\sonypvd3.sys [6/26/2007 11:26 AM 64964]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2010 5:51 AM 135664]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [4/28/2008 6:33 PM 52240]
S2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2/15/2008 10:39 PM 36368]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 2:07 PM 7408]
S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [4/28/2008 6:33 PM 488768]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [4/28/2008 6:34 PM 648456]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder

2009-05-03 c:\windows\Tasks\Dr.Web Daily scan.job
- c:\program files\DrWeb\DrWeb32w.exe [2009-03-25 14:24]

2010-02-27 c:\windows\Tasks\Dr.Web Update.job
- c:\program files\DrWeb\DrWebUpW.exe [2009-03-02 14:34]

2010-02-26 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2010-02-27 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-07-18 05:01]

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 11:51]

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 11:51]

2010-02-27 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 20:28]

2010-02-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 23:36]

2010-02-27 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-02-21 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
uSearchAssistant = hxxp://www.google.com/ie
Trusted Zone: malwarebytes.org\www
TCP: {72664019-6151-4D6F-8FDE-E9F3FEFB36D6} = 93.188.162.178,93.188.161.103
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} - hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cab
FF - ProfilePath - c:\documents and settings\tndavis\Application Data\Mozilla\Firefox\Profiles\ha2tq8mk.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-27 16:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c016\6&15b517ed&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(2848)
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-27 16:08:36
ComboFix-quarantined-files.txt 2010-02-27 22:08
ComboFix2.txt 2010-02-23 05:57
ComboFix3.txt 2008-05-11 15:34
ComboFix4.txt 2008-05-11 00:40
ComboFix5.txt 2010-02-27 21:56

Pre-Run: 145,073,860,608 bytes free
Post-Run: 145,057,452,032 bytes free

- - End Of File - - 1F840FA93024DCB57ADACA2DB3D95278


#6 460 Jetboat

460 Jetboat
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 PM

Posted 27 February 2010 - 06:21 PM

Okay Syler, these requests I can handle!
Unable to update any AV programs. Unable to connect to email on Internet Explorer. Was unable to boot into safe mode, but that is repaired through SAS repair utility. Unable to download any windows updates.

Combofix the first time I ran it several days ago, did have to reinstall the repair utility, however this time it was good to go.
Here is the log you requested;

ComboFix 10-02-22.07 - tndavis 02/27/2010 15:57:14.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.206 [GMT -6:00]
Running from: c:\documents and settings\tndavis\Desktop\Combo-Fix.exe
AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((( Files Created from 2010-01-27 to 2010-02-27 )))))))))))))))))))))))))))))))
.

2010-02-27 12:01 . 2010-02-27 12:01 -------- d-----w- c:\windows\system32\NtmsData
2010-02-27 01:10 . 2010-02-27 01:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-02-27 00:47 . 2010-02-27 00:47 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-26 14:28 . 2010-02-26 14:28 -------- d-----w- c:\documents and settings\tndavis\Application Data\CyberLink
2010-02-26 03:56 . 2010-02-26 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-02-26 03:00 . 2010-02-26 03:00 -------- d-----w- c:\program files\Carbonite
2010-02-26 03:00 . 2010-02-26 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Carbonite
2010-02-26 01:55 . 2010-02-26 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-02-26 01:49 . 2010-02-27 04:30 -------- d-----w- c:\program files\CyberLink
2010-02-25 13:40 . 2010-02-25 13:40 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-25 13:37 . 2010-02-25 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2010-02-24 03:18 . 2010-02-24 03:18 -------- d-----w- c:\program files\Cobian Backup 9
2010-02-24 02:35 . 2010-02-24 02:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-02-23 19:53 . 2010-02-23 19:53 -------- d-----w- c:\documents and settings\tndavis\Local Settings\Application Data\AOL Toolbar
2010-02-23 19:49 . 2010-02-23 19:49 -------- d-----w- c:\program files\AOL Toolbar
2010-02-23 19:49 . 2010-02-23 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Toolbar
2010-02-23 19:49 . 2010-02-23 19:49 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-02-23 19:49 . 2010-02-23 19:49 -------- d--h--w- c:\windows\msdownld.tmp
2010-02-23 19:46 . 2010-02-23 19:48 -------- dc-h--w- c:\windows\ie8
2010-02-23 07:02 . 2009-12-30 20:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-23 07:01 . 2009-12-30 20:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-21 19:03 . 2010-02-21 19:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-06 14:14 . 2010-02-06 14:14 3724008 ----a-w- c:\documents and settings\Emm's documents\CuteWriter.exe
2010-02-05 22:50 . 2010-02-06 02:15 -------- d-----w- c:\program files\Microsoft MapPoint 2009
2010-02-01 04:34 . 2010-02-01 04:34 -------- d-----w- c:\program files\Creative

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 21:55 . 2009-05-01 04:03 -------- d-----w- c:\program files\DrWeb
2010-02-27 21:04 . 2007-12-25 18:03 -------- d-----w- c:\program files\DivX
2010-02-27 14:01 . 2009-07-31 19:42 -------- d-----w- c:\program files\CompuServe 7.0a
2010-02-27 06:53 . 2009-05-01 13:26 -------- d-----w- c:\documents and settings\tndavis\Application Data\WIPE
2010-02-27 04:30 . 2007-05-22 17:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-27 04:23 . 2007-12-29 01:22 -------- d-----w- c:\program files\Yahoo!
2010-02-27 04:19 . 2008-11-07 04:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-26 14:16 . 2008-03-12 03:51 -------- d-----w- c:\program files\CompuServe 7.0
2010-02-25 13:40 . 2008-04-14 12:00 -------- d-----w- c:\program files\Elecard
2010-02-23 20:14 . 2009-03-26 03:27 117760 ----a-w- c:\documents and settings\tndavis\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-23 17:48 . 2004-08-04 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-23 15:57 . 2009-04-30 13:51 -------- d-----w- c:\program files\XnView
2010-02-23 07:20 . 2009-05-01 12:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-17 15:26 . 2009-05-03 04:54 107000 ----a-w- c:\windows\system32\drivers\dwprot.sys
2010-02-14 16:06 . 2009-07-18 16:10 -------- d-----w- c:\program files\Glary Utilities
2010-02-06 12:36 . 2007-06-27 01:55 59248 ----a-w- c:\documents and settings\tndavis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-05 22:49 . 2008-07-08 13:09 -------- d-----w- c:\program files\MSECache
2010-02-03 02:22 . 2007-06-03 14:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-29 09:13 . 2009-10-18 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-01-24 01:42 . 2010-01-24 01:42 3519152 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\DriverCure\Temp\DriverCure Installer.exe
2010-01-24 01:42 . 2010-01-24 01:42 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2010-01-24 01:40 . 2010-01-24 01:40 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-01-24 01:40 . 2010-01-24 01:40 -------- d-----w- c:\program files\ParetoLogic
2010-01-22 21:40 . 2010-01-22 21:40 102400 ----a-w- c:\documents and settings\All Users\Application Data\AOL Toolbar\ieToolbar\resources\en-US\aoltbres.dll
2010-01-18 03:12 . 2010-01-18 03:12 152576 ----a-w- c:\documents and settings\tndavis\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-18 03:10 . 2010-01-18 03:10 79488 ----a-w- c:\documents and settings\tndavis\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-12 02:22 . 2010-01-12 02:22 -------- d-----w- c:\program files\Garmin GPS Plugin
2010-01-07 11:51 . 2007-09-09 19:20 -------- d-----w- c:\program files\Google
2010-01-05 18:35 . 2010-01-05 18:35 52224 ----a-w- c:\documents and settings\tndavis\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-05 18:26 . 2009-05-01 13:25 -------- d-----w- c:\program files\Wipe
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2007-05-22 17:20 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2004-08-04 12:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-04 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

------- Sigcheck -------

[-] 2010-02-23 17:48 . EC04245E83AF4B7BD43E52E0F48FB871 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

c:\windows\System32\ctfmon.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 23:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-12-03 22:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-12-03 22:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-12-03 22:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpIDerAgent"="c:\program files\DrWeb\SpIDerAgent.exe" [2010-02-15 447728]
"SpIDerMail"="c:\program files\DrWeb\spiderml.exe" [2009-07-02 644336]
"SpIDerNT"="c:\progra~1\DrWeb\spiderui.exe" [2009-09-03 231840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Cobian Backup 9 interface"="c:\program files\Cobian Backup 9\cbInterface.exe" [2009-01-22 2749952]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-12-03 670864]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-14 1048392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-01-05 18:33 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
backup=c:\windows\pss\Image Transfer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 06:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]
2007-02-09 18:17 694008 ----a-w- c:\program files\Portrait Displays\Pivot Software\wpCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-07-28 16:03 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"DT HPW"=c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPW
"SoundMan"=SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=

P2 SPIDERNT;SpIDer Guard for Windows;c:\progra~1\DrWeb\spidernt.exe [12/15/2008 1:09 PM 231328]
R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [5/2/2009 10:54 PM 107000]
R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [6/26/2007 11:26 AM 19507]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 2:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 2:07 PM 74480]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [6/26/2007 11:26 AM 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [6/26/2007 11:26 AM 423454]
R2 CobianBackupAmanita;Cobian Backup 9 service;c:\program files\Cobian Backup 9\cbService.exe [2/23/2010 9:18 PM 583168]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [1/21/2009 3:09 PM 869688]
R2 MLPTDR_C;MLPTDR_C;c:\windows\system32\MLPTDR_C.SYS [5/31/2002 4:04 PM 19296]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [11/18/2009 12:26 PM 109168]
R2 SPIDER;SpIDer Guard File System Monitor;c:\progra~1\DrWeb\spider.sys [12/15/2008 1:09 PM 306464]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2/15/2008 10:39 PM 333328]
S0 Wingj77;Wingj77;c:\windows\system32\Drivers\Wingj77.sys --> c:\windows\system32\Drivers\Wingj77.sys [?]
S1 sonypvd3;Sony DVD Handycam;c:\windows\system32\drivers\sonypvd3.sys [6/26/2007 11:26 AM 64964]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2010 5:51 AM 135664]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [4/28/2008 6:33 PM 52240]
S2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2/15/2008 10:39 PM 36368]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 2:07 PM 7408]
S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [4/28/2008 6:33 PM 488768]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [4/28/2008 6:34 PM 648456]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder

2009-05-03 c:\windows\Tasks\Dr.Web Daily scan.job
- c:\program files\DrWeb\DrWeb32w.exe [2009-03-25 14:24]

2010-02-27 c:\windows\Tasks\Dr.Web Update.job
- c:\program files\DrWeb\DrWebUpW.exe [2009-03-02 14:34]

2010-02-26 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2010-02-27 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-07-18 05:01]

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 11:51]

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 11:51]

2010-02-27 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 20:28]

2010-02-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 23:36]

2010-02-27 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-02-21 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
uSearchAssistant = hxxp://www.google.com/ie
Trusted Zone: malwarebytes.org\www
TCP: {72664019-6151-4D6F-8FDE-E9F3FEFB36D6} = 93.188.162.178,93.188.161.103
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} - hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cab
FF - ProfilePath - c:\documents and settings\tndavis\Application Data\Mozilla\Firefox\Profiles\ha2tq8mk.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-27 16:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c016\6&15b517ed&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(2848)
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-27 16:08:36
ComboFix-quarantined-files.txt 2010-02-27 22:08
ComboFix2.txt 2010-02-23 05:57
ComboFix3.txt 2008-05-11 15:34
ComboFix4.txt 2008-05-11 00:40
ComboFix5.txt 2010-02-27 21:56

Pre-Run: 145,073,860,608 bytes free
Post-Run: 145,057,452,032 bytes free

- - End Of File - - 1F840FA93024DCB57ADACA2DB3D95278


#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:59 PM

Posted 27 February 2010 - 06:44 PM

It appears you have now installed Microsoft Security Essentials, you need to uninstall this, as I said before you should not have more than
one antivirus installed as it can cause problems and often does.

Uninstall MSE then run OTL to clean up the leftovers form Trend Micro.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    SRV - [2008/02/15 23:58:10 | 000,648,456 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
    SRV - [2008/02/15 23:58:10 | 000,488,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
    SRV - [2007/12/24 16:41:06 | 000,333,064 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
    DRV - [2008/05/02 15:22:00 | 000,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
    DRV - [2008/05/02 15:21:52 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
    DRV - [2008/05/02 15:17:18 | 001,169,240 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
    DRV - [2008/02/15 22:39:32 | 000,333,328 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
    DRV - [2008/02/15 22:39:32 | 000,065,936 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
    DRV - [2007/12/24 16:37:20 | 000,052,496 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
    DRV - [2007/12/24 16:37:12 | 000,052,240 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
    IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
    O4 - HKU\S-1-5-21-606747145-573735546-839522115-1003..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB (Reg Error: Key error.)
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
    :Commands
    [purity]
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

unite.jpg


#8 460 Jetboat

460 Jetboat
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 PM

Posted 27 February 2010 - 08:12 PM

Syler,
Yes, however it Security Essentials was never updated, and said that it was not active because of this....anyway it's deleted.

Now, When I copy and paste your code into OTL, the program freezes, and all the icons dissappear from the desktop. OTL quits responding.
I'm able to reboot by C/A/Delete.

I'll wait to hear from you again.
Ken

#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:59 PM

Posted 27 February 2010 - 08:20 PM

Let's do this then first.
  • Go to Start >> Run
  • Copy and paste the following command line into the Run box, then click OK.
CMD /K COPY c:\windows\erdnt\cache\atapi.sys c:\atapi.sys
  • The command prompt should pop up and say 1 file(s) copied, if it doesn't please let me know before continuing.



Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

CODE
Files to move:
c:\atapi.sys | c:\windows\system32\drivers\atapi.sys


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Script Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
  • Avenger will Restart your computer, after the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt

unite.jpg


#10 460 Jetboat

460 Jetboat
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 PM

Posted 27 February 2010 - 08:40 PM

here it is Syler:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "c:\atapi.sys|c:\windows\system32\drivers\atapi.sys" completed successfully.

Completed script processing.

*******************

Finished! Terminate.


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:59 PM

Posted 27 February 2010 - 08:44 PM

Looks like that went well, can you try running that OTL fix again and post the log, if it doesn't crash.

Thanks

unite.jpg


#12 460 Jetboat

460 Jetboat
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 PM

Posted 27 February 2010 - 09:10 PM

Syler, It crashes. I tried it twice, and upon Ctl/Alt/Del it says OTL is not responding. I'm pasting the following in the text box:
:OTL
SRV - [2008/02/15 23:58:10 | 000,648,456 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2008/02/15 23:58:10 | 000,488,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2007/12/24 16:41:06 | 000,333,064 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
DRV - [2008/05/02 15:22:00 | 000,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2008/05/02 15:21:52 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2008/05/02 15:17:18 | 001,169,240 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2008/02/15 22:39:32 | 000,333,328 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2008/02/15 22:39:32 | 000,065,936 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2007/12/24 16:37:20 | 000,052,496 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2007/12/24 16:37:12 | 000,052,240 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O4 - HKU\S-1-5-21-606747145-573735546-839522115-1003..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
:Commands
[purity]
[emptytemp]


I'm not sure if i SHOULD be pasting the :OTL at the beginning.....

Ken

#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:59 PM

Posted 27 February 2010 - 09:22 PM

Copying :OTL is correct, please try it with just the following code.

CODE
:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O4 - HKU\S-1-5-21-606747145-573735546-839522115-1003..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
:Commands
[purity]
[emptytemp]

Edited by syler, 27 February 2010 - 09:22 PM.

unite.jpg


#14 460 Jetboat

460 Jetboat
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 PM

Posted 27 February 2010 - 09:30 PM

Well it worked that time it did. It did!

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry value HKEY_USERS\S-1-5-21-606747145-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:Explorer.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Emm's documents

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 1582 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: tndavis
->Temp folder emptied: 765907 bytes
->Temporary Internet Files folder emptied: 14571593 bytes
->FireFox cache emptied: 51361860 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 15360 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35505 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 64.00 mb


OTL by OldTimer - Version 3.1.30.3 log created on 02272010_202240

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_c40.dat not found!

Registry entries deleted on Reboot...

Next?

#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:59 PM

Posted 27 February 2010 - 10:04 PM

Looks like the TrendMicro leftovers were what was causing the problem, we will try and take them out another way.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
File::
c:\windows\system32\drivers\TM_CFW.sys
c:\windows\system32\drivers\tmpreflt.sys
c:\windows\system32\drivers\tmevtmgr.sys
Folder::
c:\program files\Trend Micro
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=-
Driver::
Wingj77
tmevtmgr
tmpreflt
TmPfw
tmproxy
tmcfw
RegLock::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c016\6&15b517ed&0&0000\LogConf]
MIA::
c:\windows\System32\ctfmon.exe
SecCenter::
AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users