Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Windows Vista Antispyware 2010


  • This topic is locked This topic is locked
29 replies to this topic

#1 charliefell

charliefell

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 10 March 2010 - 11:05 PM

About a week ago I started getting popups telling me that Windows Vista Antispyware 2010 had found a virus on my computer. I googled the program name and quickly learned what a rogue virus is. I then started following tutorials from sites I trust to try to remove the virus. I used Malwarebytes, Spybot, Avast, Ad-Aware, Windows Defender, and Windows Security Essentials to scan my computer. NONE of the programs found a single trace of infection.

The popups stopped, but now my computer only lasts about 5 minutes when booted up normally before freezing. It does boot in safe mode.



DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by Jess at 21:47:59.98 on Wed 03/10/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2046.1132 [GMT -5:00]

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Microsoft Security Essentials *disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDE}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! Antivirus *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Jess\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jess\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jess\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jess\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Users\Jess\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\FirewallControlPanel.exe
C:\Users\Jess\Desktop\bleeping computer forum files.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\jess\appdata\roaming\mozilla\firefox\profiles\d8h7rphw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\users\jess\appdata\roaming\mozilla\firefox\profiles\d8h7rphw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\users\jess\appdata\roaming\mozilla\firefox\profiles\d8h7rphw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-8 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2007-11-2 18176]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-1-23 7680]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-8 162512]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-8 19024]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-3-8 51792]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-8 40384]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
S2 lxcq_device;lxcq_device;c:\windows\system32\lxcqcoms.exe -service --> c:\windows\system32\lxcqcoms.exe -service [?]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-4-27 1153368]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-8 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-8 40384]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-13 30192]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 42368]

=============== Created Last 30 ================

2010-03-09 00:28:48 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-09 00:23:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-03-09 00:22:18 0 d-----w- c:\program files\Lavasoft
2010-03-08 17:29:14 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-03-08 16:47:14 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-08 16:30:50 0 d-----w- c:\program files\CCleaner
2010-03-08 15:36:41 1905 ----a-w- c:\windows\diagwrn.xml
2010-03-08 15:36:41 1905 ----a-w- c:\windows\diagerr.xml
2010-03-08 06:49:28 1048576 --sha-w- c:\users\jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms
2010-03-08 06:49:27 65536 --sha-w- c:\users\jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf
2010-03-08 06:49:27 1048576 --sha-w- c:\users\jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms
2010-03-08 06:49:27 1048576 --sha-w- c:\users\jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms
2010-03-07 05:51:23 0 d-sh--w- C:\$RECYCLE.BIN
2010-03-07 04:09:55 0 d-----w- c:\program files\ESET
2010-03-07 02:07:44 98816 ----a-w- c:\windows\sed.exe
2010-03-07 02:07:44 77312 ----a-w- c:\windows\MBR.exe
2010-03-07 02:07:44 261632 ----a-w- c:\windows\PEV.exe
2010-03-07 02:07:44 161792 ----a-w- c:\windows\SWREG.exe
2010-03-07 01:57:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-07 01:57:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-07 01:57:42 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-03 13:54:19 0 d-----w- c:\programdata\Office Genuine Advantage
2010-03-02 23:04:48 0 d-----w- c:\programdata\Carbonite
2010-03-02 23:04:48 0 d-----w- c:\program files\Carbonite
2010-03-01 19:18:15 0 d-----w- c:\users\jess\appdata\roaming\Malwarebytes
2010-03-01 19:18:05 0 d-----w- c:\programdata\Malwarebytes
2010-03-01 06:35:46 0 d-----w- c:\programdata\Alwil Software
2010-03-01 06:09:53 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-01 06:04:51 0 d-----w- c:\program files\Microsoft Security Essentials
2010-02-24 10:11:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 10:09:39 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 10:09:39 472576 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 10:09:38 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 10:09:38 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 10:09:38 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 10:09:38 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 10:09:37 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 10:09:37 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 10:09:37 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-10 22:03:15 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 22:03:15 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 22:03:08 3467848 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 22:03:07 3502168 ----a-w- c:\windows\system32\ntkrnlpa.exe

==================== Find3M ====================

2010-03-09 01:50:28 160488 ----a-w- c:\programdata\nvModes.dat
2010-01-30 16:27:59 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-01-13 03:23:25 85240 ----a-w- c:\users\jess\appdata\roaming\GDIPFONTCACHEV1.DAT
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-30 02:10:35 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-30 02:10:34 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-12-30 02:10:12 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-28 12:36:21 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35:48 1327616 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:34:31 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:34:29 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:34:29 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:34:24 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:33:24 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:32:52 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:30:47 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:30:47 65024 ----a-w- c:\windows\system32\avicap32.dll
2008-12-11 14:49:49 174 --sha-w- c:\program files\desktop.ini
2008-06-12 07:10:04 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-13 12:08:52 76 --sh--r- c:\windows\CT4CET.bin
2009-11-27 22:50:40 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2009-11-27 22:50:40 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2009-11-27 22:50:40 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2008-06-11 02:17:28 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-06-11 02:17:28 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-06-11 02:17:28 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-08-13 19:48:09 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 21:50:16.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:50 AM

Posted 13 March 2010 - 03:19 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 charliefell

charliefell
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 14 March 2010 - 10:06 AM


DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by Jess at 10:18:41.10 on Sun 03/14/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2046.1318 [GMT -4:00]

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Microsoft Security Essentials *disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDE}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! Antivirus *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Jess\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jess\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Jess\Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\jess\appdata\roaming\mozilla\firefox\profiles\d8h7rphw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\users\jess\appdata\roaming\mozilla\firefox\profiles\d8h7rphw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\users\jess\appdata\roaming\mozilla\firefox\profiles\d8h7rphw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-8 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-8 162512]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-8 19024]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-3-8 51792]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-8 40384]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
S2 lxcq_device;lxcq_device;c:\windows\system32\lxcqcoms.exe -service --> c:\windows\system32\lxcqcoms.exe -service [?]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-4-28 1153368]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-8 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-8 40384]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-13 30192]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2007-11-2 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-1-23 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 42368]

=============== Created Last 30 ================

2010-03-11 02:56:34 366809015 ----a-w- c:\windows\MEMORY.DMP
2010-03-09 00:28:48 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-09 00:23:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-03-09 00:22:18 0 d-----w- c:\program files\Lavasoft
2010-03-08 17:29:14 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-03-08 16:47:14 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-08 16:30:50 0 d-----w- c:\program files\CCleaner
2010-03-08 15:36:41 1905 ----a-w- c:\windows\diagwrn.xml
2010-03-08 15:36:41 1905 ----a-w- c:\windows\diagerr.xml
2010-03-08 06:49:28 1048576 --sha-w- c:\users\jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms
2010-03-08 06:49:27 65536 --sha-w- c:\users\jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf
2010-03-08 06:49:27 1048576 --sha-w- c:\users\jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms
2010-03-08 06:49:27 1048576 --sha-w- c:\users\jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms
2010-03-07 05:51:23 0 d-sh--w- C:\$RECYCLE.BIN
2010-03-07 04:09:55 0 d-----w- c:\program files\ESET
2010-03-07 02:07:44 98816 ----a-w- c:\windows\sed.exe
2010-03-07 02:07:44 77312 ----a-w- c:\windows\MBR.exe
2010-03-07 02:07:44 261632 ----a-w- c:\windows\PEV.exe
2010-03-07 02:07:44 161792 ----a-w- c:\windows\SWREG.exe
2010-03-07 01:57:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-07 01:57:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-07 01:57:42 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-03 13:54:19 0 d-----w- c:\programdata\Office Genuine Advantage
2010-03-02 23:04:48 0 d-----w- c:\programdata\Carbonite
2010-03-02 23:04:48 0 d-----w- c:\program files\Carbonite
2010-03-01 19:18:15 0 d-----w- c:\users\jess\appdata\roaming\Malwarebytes
2010-03-01 19:18:05 0 d-----w- c:\programdata\Malwarebytes
2010-03-01 06:35:46 0 d-----w- c:\programdata\Alwil Software
2010-03-01 06:09:53 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-01 06:04:51 0 d-----w- c:\program files\Microsoft Security Essentials
2010-02-24 10:11:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 10:09:39 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 10:09:39 472576 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 10:09:38 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 10:09:38 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 10:09:38 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 10:09:38 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 10:09:37 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 10:09:37 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 10:09:37 154112 ----a-w- c:\windows\system32\secproc_ssp.dll

==================== Find3M ====================

2010-03-13 01:24:39 160488 ----a-w- c:\programdata\nvModes.dat
2010-01-30 16:27:59 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-01-13 03:23:25 85240 ----a-w- c:\users\jess\appdata\roaming\GDIPFONTCACHEV1.DAT
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-30 02:10:35 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-30 02:10:34 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-12-30 02:10:12 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-28 12:36:21 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35:48 1327616 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:34:31 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:34:29 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:34:29 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:34:24 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:33:24 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:32:52 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:30:47 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:30:47 65024 ----a-w- c:\windows\system32\avicap32.dll
2008-12-11 14:49:49 174 --sha-w- c:\program files\desktop.ini
2008-06-12 07:10:04 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-13 12:08:52 76 --sh--r- c:\windows\CT4CET.bin
2009-11-27 22:50:40 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2009-11-27 22:50:40 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2009-11-27 22:50:40 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2008-06-11 02:17:28 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-06-11 02:17:28 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-06-11 02:17:28 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-08-13 19:48:09 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 10:20:40.50 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 8/13/2007 7:55:18 AM
System Uptime: 3/14/2010 10:14:16 AM (0 hours ago)

Motherboard: Dell Inc. | | 0UW306
Processor: Intel® Core™2 Duo CPU T7300 @ 2.00GHz | Microprocessor | 1994/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 136 GiB total, 73.124 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.978 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Acrobat 6.0 Professional
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.1.3
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Software Update
ArcSoft MediaImpression for Kodak
AutoUpdate
avast! Free Antivirus
Avery Easy Peel Label Sorter
Banctec Service Agreement
BitTornado 0.3.18
CA Pest Patrol Realtime Protection
Carbonite
CCleaner
Comcast Toolbar 3.0
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Dell DataSafe Online
Dell Photo AIO Printer 926
Dell Support Center (Support Software)
Dell System Customization Wizard
Dell Touchpad
DELL Webcam Center
DELL Webcam Manager
DellSupport
Digital Line Detect
DivX Codec
EA Download Manager
Endpoint Integrity Agent
ESET Online Scanner v3
Fax Solutions
Games, Music, & Photos Launcher
Google Chrome
Google Desktop
Google Earth
Google Gmail Notifier
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Internet Service Offers Launcher
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 14
Java™ SE Runtime Environment 6
Laptop Integrated Webcam Driver (1.00.10.0320)
Lexmark 5200 Series
Lexmark 9300 Series
Lexmark Toolbar
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office Word Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft WSE 3.0 Runtime
Modem Diagnostic Tool
Motorola Driver Installation 3.2.0
Mozilla Firefox (2.0.0.2)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OutlookAddinSetup
PDF Settings
PokerStars
Presto! Forms 3.50.02
Presto! PageManager 7.12.10
PreviewIt for GoogleDesktop 0.1a
Pro Tracks Plus 2.2
Product Documentation Launcher
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Skype web features
Skype™ 4.1
Sonic Activation Module
Sony Noise Reduction Plug-In 2.0h
Sony Sound Forge 9.0
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Star Wars® Knights of the Old Republic® II: The Sith Lords™
Tassman DXi SE 2.0
The Sims™ 3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
URL Assistant
User's Guides
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WIDCOMM Bluetooth Software 6.0.1.3100
WinRAR archiver

==== Event Viewer Messages From Past Week ========

3/9/2010 9:41:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.77.326.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
3/8/2010 9:34:32 PM, Error: EventLog [6008] - The previous system shutdown at 9:33:13 PM on 3/8/2010 was unexpected.
3/8/2010 9:23:57 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.77.326.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
3/8/2010 9:07:40 AM, Error: EventLog [6008] - The previous system shutdown at 9:06:38 AM on 3/8/2010 was unexpected.
3/8/2010 8:53:55 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/8/2010 8:52:30 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/8/2010 8:52:24 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/8/2010 8:52:19 AM, Error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 3 time(s).
3/8/2010 8:51:41 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/8/2010 8:51:36 AM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
3/8/2010 8:51:25 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/8/2010 8:48:41 AM, Error: EventLog [6008] - The previous system shutdown at 2:00:16 AM on 3/8/2010 was unexpected.
3/8/2010 7:23:06 PM, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/8/2010 7:17:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSP aswTdi MpFilter spldr Wanarpv6
3/8/2010 7:16:20 PM, Error: EventLog [6008] - The previous system shutdown at 7:13:42 PM on 3/8/2010 was unexpected.
3/8/2010 6:58:09 PM, Error: EventLog [6008] - The previous system shutdown at 5:32:16 PM on 3/8/2010 was unexpected.
3/8/2010 12:49:27 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
3/8/2010 12:49:27 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2010 12:49:27 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2010 12:49:27 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2010 12:49:27 AM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2010 12:49:27 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2010 12:49:27 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2010 12:49:27 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2010 12:49:27 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2010 12:49:27 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2010 12:49:27 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2010 12:49:27 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2010 12:49:27 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2010 12:49:27 AM, Error: Service Control Manager [7001] - The IP Traffic Filter Driver service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2010 12:49:27 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2010 12:49:27 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2010 12:49:27 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2010 12:49:27 AM, Error: Service Control Manager [7001] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2010 12:48:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/8/2010 12:48:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/8/2010 12:47:58 AM, Error: EventLog [6008] - The previous system shutdown at 12:46:02 AM on 3/8/2010 was unexpected.
3/8/2010 12:39:23 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.4 for the Network Card with network address 001B7792C1C1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
3/8/2010 12:24:47 PM, Error: EventLog [6008] - The previous system shutdown at 12:21:21 PM on 3/8/2010 was unexpected.
3/8/2010 11:52:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}
3/8/2010 11:52:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
3/8/2010 11:42:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/8/2010 10:19:08 AM, Error: EventLog [6008] - The previous system shutdown at 10:04:40 AM on 3/8/2010 was unexpected.
3/8/2010 1:53:16 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
3/8/2010 1:52:38 AM, Error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).
3/8/2010 1:52:33 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/8/2010 1:49:22 AM, Error: EventLog [6008] - The previous system shutdown at 1:47:56 AM on 3/8/2010 was unexpected.
3/8/2010 1:46:57 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/8/2010 1:46:51 AM, Error: Service Control Manager [7034] - The SigmaTel Audio Service service terminated unexpectedly. It has done this 1 time(s).
3/8/2010 1:46:23 AM, Error: Service Control Manager [7034] - The lxcq_device service terminated unexpectedly. It has done this 1 time(s).
3/8/2010 1:46:18 AM, Error: Service Control Manager [7034] - The lxbt_device service terminated unexpectedly. It has done this 1 time(s).
3/8/2010 1:46:03 AM, Error: Service Control Manager [7034] - The dlcx_device service terminated unexpectedly. It has done this 1 time(s).
3/8/2010 1:45:23 AM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/8/2010 1:45:13 AM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/8/2010 1:42:59 AM, Error: EventLog [6008] - The previous system shutdown at 1:41:14 AM on 3/8/2010 was unexpected.
3/8/2010 1:33:30 AM, Error: EventLog [6008] - The previous system shutdown at 1:32:10 AM on 3/8/2010 was unexpected.
3/8/2010 1:31:20 AM, Error: EventLog [6008] - The previous system shutdown at 1:29:09 AM on 3/8/2010 was unexpected.
3/8/2010 1:25:57 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/8/2010 1:23:52 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/8/2010 1:23:42 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error: An instance of the service is already running.
3/8/2010 1:23:40 AM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
3/8/2010 1:23:35 AM, Error: Service Control Manager [7034] - The SupportSoft Sprocket Service (dellsupportcenter) service terminated unexpectedly. It has done this 1 time(s).
3/8/2010 1:23:24 AM, Error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
3/8/2010 1:23:19 AM, Error: Service Control Manager [7034] - The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 1 time(s).
3/8/2010 1:23:13 AM, Error: Service Control Manager [7034] - The Comcast AntiSpyware service terminated unexpectedly. It has done this 1 time(s).
3/8/2010 1:23:02 AM, Error: Service Control Manager [7034] - The CA Pest Patrol Realtime Protection Service service terminated unexpectedly. It has done this 1 time(s).
3/8/2010 1:22:46 AM, Error: Service Control Manager [7034] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated unexpectedly. It has done this 1 time(s).
3/8/2010 1:22:42 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/8/2010 1:22:34 AM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).
3/8/2010 1:20:20 AM, Error: EventLog [6008] - The previous system shutdown at 1:17:49 AM on 3/8/2010 was unexpected.
3/7/2010 2:18:16 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.77.326.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
3/7/2010 2:18:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/7/2010 12:57:45 AM, Error: Print [19] - The print spooler failed to share printer Dell Photo AIO Printer 926 with shared resource name Dell Photo AIO Printer 926. Error 2114. The printer cannot be used by others on the network.
3/7/2010 12:57:45 AM, Error: Print [19] - The print spooler failed to share printer Dell PC Fax with shared resource name Dell PC Fax. Error 2114. The printer cannot be used by others on the network.
3/7/2010 12:57:45 AM, Error: Print [19] - The print spooler failed to share printer ArcSoft Virtual Image Printer with shared resource name ArcSoft Virtual Image Printer. Error 2114. The printer cannot be used by others on the network.
3/7/2010 12:57:42 AM, Error: Print [19] - The print spooler failed to share printer PageManager PDF Writer with shared resource name PageManager PDF Writer. Error 2114. The printer cannot be used by others on the network.
3/7/2010 12:57:42 AM, Error: Print [19] - The print spooler failed to share printer Lexmark 9300 Series with shared resource name Lexmark 9300 Series. Error 2114. The printer cannot be used by others on the network.
3/7/2010 12:57:42 AM, Error: Print [19] - The print spooler failed to share printer Fax Lexmark 9300 Series with shared resource name Fax Lexmark 9300 Series. Error 2114. The printer cannot be used by others on the network.
3/7/2010 12:57:42 AM, Error: Print [19] - The print spooler failed to share printer Dell Photo AIO Printer 926 (Copy 1) with shared resource name Dell Photo AIO Printer 926 (Copy 1). Error 2114. The printer cannot be used by others on the network.
3/7/2010 12:57:17 AM, Error: EventLog [6008] - The previous system shutdown at 12:53:48 AM on 3/7/2010 was unexpected.
3/7/2010 12:38:47 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/7/2010 12:38:36 AM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
3/7/2010 12:35:08 AM, Error: Service Control Manager [7034] - The Roxio Hard Drive Watcher 9 service terminated unexpectedly. It has done this 1 time(s).
3/7/2010 10:11:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/7/2010 10:11:24 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001B7792C1C1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
3/7/2010 10:07:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter spldr Wanarpv6
3/7/2010 10:07:31 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/7/2010 10:06:04 PM, Error: EventLog [6008] - The previous system shutdown at 4:34:52 PM on 3/7/2010 was unexpected.
3/7/2010 1:54:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/7/2010 1:54:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
3/7/2010 1:54:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/7/2010 1:53:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/7/2010 1:53:22 AM, Error: EventLog [6008] - The previous system shutdown at 1:04:08 AM on 3/7/2010 was unexpected.
3/13/2010 11:51:19 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.77.863.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
3/12/2010 9:58:34 AM, Error: EventLog [6008] - The previous system shutdown at 9:56:19 AM on 3/12/2010 was unexpected.
3/12/2010 9:48:09 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB905866 (Update) into Resolved(Resolved) state
3/12/2010 9:40:09 AM, Error: EventLog [6008] - The previous system shutdown at 9:31:25 AM on 3/12/2010 was unexpected.
3/12/2010 8:42:54 PM, Error: EventLog [6008] - The previous system shutdown at 8:35:18 PM on 3/12/2010 was unexpected.
3/12/2010 10:22:56 AM, Error: EventLog [6008] - The previous system shutdown at 10:15:32 AM on 3/12/2010 was unexpected.
3/12/2010 10:13:47 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
3/11/2010 10:35:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
3/10/2010 9:57:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
3/10/2010 9:57:02 PM, Error: EventLog [6008] - The previous system shutdown at 9:55:24 PM on 3/10/2010 was unexpected.
3/10/2010 9:41:22 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.77.691.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
3/10/2010 11:07:33 PM, Error: EventLog [6008] - The previous system shutdown at 11:05:56 PM on 3/10/2010 was unexpected.
3/10/2010 10:12:27 PM, Error: EventLog [6008] - The previous system shutdown at 10:10:39 PM on 3/10/2010 was unexpected.

==== End Of File ===========================


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-14 10:56:06
Windows 6.0.6000
Running: gmer.exe; Driver: C:\Users\Jess\AppData\Local\Temp\fxrdypoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)

Device \FileSystem\fastfat \Fat 9961F9F6

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26f3cf94
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001c26f3cf94 (not active ControlSet)

---- EOF - GMER 1.0.15 ----


#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:50 AM

Posted 14 March 2010 - 12:56 PM

Hello, charliefell
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.






Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 charliefell

charliefell
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 14 March 2010 - 02:48 PM

ComboFix 10-03-14.01 - Jess 03/14/2010 15:36:46.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2046.1243 [GMT -4:00]
Running from: c:\users\Jess\Desktop\bleeping computer forum files\schrauber.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Microsoft Security Essentials *disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDE}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-02-14 to 2010-03-14 )))))))))))))))))))))))))))))))
.

2010-03-14 19:45 . 2010-03-14 19:46 -------- d-----w- c:\users\Jess\AppData\Local\temp
2010-03-14 19:45 . 2010-03-14 19:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-14 19:45 . 2010-03-14 19:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-14 19:35 . 2010-03-14 19:36 -------- d-----w- C:\32788R22FWJFW
2010-03-14 19:29 . 2010-03-14 19:29 -------- d-----w- C:\schrauber
2010-03-09 00:23 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-03-09 00:22 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-03-09 00:22 . 2010-03-09 00:22 -------- d-----w- c:\program files\Lavasoft
2010-03-08 16:47 . 2010-03-09 00:22 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-08 16:30 . 2010-03-08 16:30 -------- d-----w- c:\program files\CCleaner
2010-03-07 04:09 . 2010-03-07 04:09 -------- d-----w- c:\program files\ESET
2010-03-07 01:57 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-07 01:57 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-07 01:57 . 2010-03-07 01:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-03 13:54 . 2010-03-03 13:54 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-03-02 23:04 . 2010-03-02 23:04 -------- d-----w- c:\programdata\Carbonite
2010-03-02 23:04 . 2010-03-02 23:04 -------- d-----w- c:\program files\Carbonite
2010-03-01 19:18 . 2010-03-01 19:18 -------- d-----w- c:\users\Jess\AppData\Roaming\Malwarebytes
2010-03-01 19:18 . 2010-03-01 19:18 -------- d-----w- c:\programdata\Malwarebytes
2010-03-01 06:35 . 2010-03-14 19:29 -------- d-----w- c:\programdata\Alwil Software
2010-03-01 06:35 . 2010-03-01 06:35 -------- d-----w- c:\program files\Alwil Software
2010-03-01 06:09 . 2010-02-24 14:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-01 06:04 . 2010-03-01 06:05 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-27 09:04 . 2010-02-27 09:04 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-24 10:11 . 2010-01-23 08:05 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 10:09 . 2010-01-25 12:58 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 10:09 . 2010-01-25 12:58 472576 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 10:09 . 2010-01-25 08:36 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 10:09 . 2010-01-25 08:36 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 10:09 . 2010-01-25 08:36 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 10:09 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 10:09 . 2010-01-25 12:58 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 10:09 . 2010-01-25 12:58 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 10:09 . 2010-01-25 12:56 312320 ----a-w- c:\windows\system32\msdrm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-13 01:24 . 2009-07-01 02:29 160488 ----a-w- c:\programdata\nvModes.dat
2010-03-12 15:02 . 2007-09-13 01:55 1356 ----a-w- c:\users\Jess\AppData\Local\d3d9caps.dat
2010-03-09 00:23 . 2007-08-13 11:54 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-09 00:22 . 2008-07-29 13:39 -------- d-----w- c:\programdata\Lavasoft
2010-03-08 17:12 . 2009-08-20 02:05 -------- d-----w- c:\users\Jess\AppData\Roaming\CallingID
2010-03-08 16:33 . 2008-07-29 13:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-06 13:17 . 2007-08-13 12:14 -------- d-----w- c:\programdata\McAfee
2010-03-06 13:17 . 2007-08-13 12:14 -------- d-----w- c:\program files\McAfee
2010-03-05 02:56 . 2007-09-09 01:54 -------- d-----w- c:\program files\AIM
2010-03-05 02:55 . 2007-09-09 06:11 -------- d-----w- c:\program files\DivX
2010-03-02 17:10 . 2010-01-30 16:09 -------- d-----w- c:\users\Jess\AppData\Roaming\Skype
2010-03-02 16:41 . 2007-08-28 04:57 -------- d-----w- c:\program files\Lx_cats
2010-02-26 17:23 . 2007-09-12 23:37 85808 ----a-w- c:\users\Jess\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-15 17:19 . 2007-08-13 12:20 -------- d-----w- c:\program files\Google
2010-02-15 05:02 . 2010-01-30 16:27 -------- d-----w- c:\users\Jess\AppData\Roaming\skypePM
2010-02-11 08:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-30 16:27 . 2010-01-30 16:27 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-01-30 16:08 . 2010-01-30 16:08 -------- d-----r- c:\program files\Skype
2010-01-30 16:08 . 2010-01-30 16:08 -------- d-----w- c:\program files\Common Files\Skype
2010-01-30 16:08 . 2010-01-30 16:08 -------- d-----w- c:\programdata\Skype
2010-01-14 04:25 . 2009-04-28 04:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-02 06:38 . 2010-01-22 10:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 10:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 10:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 10:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 12:36 . 2010-02-10 22:02 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 22:02 1327616 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:34 . 2010-02-10 22:02 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:34 . 2010-02-10 22:02 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:34 . 2010-02-10 22:02 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:34 . 2010-02-10 22:02 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:33 . 2010-02-10 22:02 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:32 . 2010-02-10 22:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:30 . 2010-02-10 22:02 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:30 . 2010-02-10 22:02 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-02-12 04:28 . 2010-02-12 04:28 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-02-21 21:51 . 2007-09-09 06:12 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-02-21 21:51 . 2007-09-09 06:12 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-02-21 21:51 . 2007-09-09 06:12 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-02-21 21:51 . 2007-09-09 06:12 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-02-21 21:51 . 2007-09-09 06:12 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2007-08-13 12:08 . 2007-08-13 12:08 76 --sh--r- c:\windows\CT4CET.bin
2007-08-13 19:48 . 2007-08-13 19:45 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-03-07_05.49.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-13 12:30 . 2010-03-13 01:27 63066 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-03-13 01:27 70030 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-08-23 17:28 . 2010-03-13 01:27 12852 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1507719816-2895807198-2696347523-1000_UserData.bin
+ 2010-03-09 00:23 . 2010-02-04 15:53 64288 c:\windows\System32\DRVSTORE\lbd_B425E86B28F27CC7F4A0CAF275F9F2789F3C6909\Lbd.sys
+ 2010-03-09 00:28 . 2010-03-09 00:28 95024 c:\windows\System32\drivers\SBREDrv.sys
+ 2007-08-23 17:25 . 2010-03-14 19:32 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-08-23 17:25 . 2010-03-07 05:33 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-08-23 17:25 . 2010-03-14 19:32 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-08-23 17:25 . 2010-03-07 05:33 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-09 00:22 . 2010-03-09 00:22 29926 c:\windows\Installer\{338F08AB-C262-42C7-B000-34DE1A475273}\_6FEFF9B68218417F98F549.exe
- 2010-03-07 05:32 . 2010-03-07 05:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-03-14 19:30 . 2010-03-14 19:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-03-07 05:32 . 2010-03-07 05:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-14 19:30 . 2010-03-14 19:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-03-14 19:35 291020 c:\windows\System32\perfc009.dat
- 2009-03-23 01:25 . 2010-03-07 05:33 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-03-23 01:25 . 2010-03-14 14:58 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2007-08-23 17:25 . 2010-03-07 05:33 360448 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-23 17:25 . 2010-03-14 19:32 360448 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-09 00:22 . 2010-03-09 00:22 167424 c:\windows\Installer\25035.msi
+ 2006-11-02 10:22 . 2010-03-12 14:18 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2010-03-02 15:02 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:33 . 2010-03-14 19:35 1171494 c:\windows\System32\perfh009.dat
+ 2006-11-02 12:47 . 2010-03-12 14:01 1680712 c:\windows\System32\FNTCACHE.DAT
- 2006-11-02 12:47 . 2010-02-25 08:21 1680712 c:\windows\System32\FNTCACHE.DAT
+ 2010-03-09 00:13 . 2010-03-09 00:13 1861632 c:\windows\Installer\3f470.msi
+ 2010-03-09 00:22 . 2010-03-09 00:22 1858560 c:\windows\Installer\2502f.msi
+ 2009-05-22 07:04 . 2010-03-12 14:48 119523777 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-12-03 670864]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 18:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastAntispyClient]
2009-06-17 17:48 1587672 ----a-w- c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-08-13 22:32 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCXCATS]
2006-10-16 05:31 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\dlcxtime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
2007-01-12 16:57 292336 ----a-w- c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2007-05-03 08:53 103344 ----a-w- c:\program files\Lexmark 5200 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2006-11-03 22:09 312200 ----a-w- c:\program files\Dell PC Fax\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-02-12 04:28 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-21 16:43 133104 ----atw- c:\users\Jess\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 9300 Series Fax Server]
2006-12-05 09:36 304048 ----a-w- c:\program files\Lexmark 9300 Series\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBTCATS]
2007-02-22 10:46 73728 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxbttime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbtmon.exe]
2007-05-03 08:50 230320 ----a-w- c:\program files\Lexmark 5200 Series\lxbtmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCQCATS]
2006-11-21 12:27 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcqtime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcqmon.exe]
2007-01-11 13:57 291760 ----a-w- c:\program files\Lexmark 9300 Series\lxcqmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2006-11-03 22:04 304008 ----a-w- c:\program files\Dell Photo AIO Printer 926\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-02-21 10:03 1093208 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-06-09 11:23 13543968 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2008-06-09 11:23 96800 ----a-w- c:\windows\System32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-06-09 11:23 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2008-06-09 11:23 608800 ----a-w- c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-04-16 21:10 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-06-25 05:17 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 18:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-15 04:15 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-04-28 00:35 857648 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2007-08-13 19:46 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 532480]
R2 lxcq_device;lxcq_device;c:\windows\system32\lxcqcoms.exe [2006-12-05 537520]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-12 30192]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-09 1229232]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-03-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 00:28]

2010-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1507719816-2895807198-2696347523-1000Core.job
- c:\users\Jess\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-21 16:43]

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1507719816-2895807198-2696347523-1000UA.job
- c:\users\Jess\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-21 16:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\d8h7rphw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\d8h7rphw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\d8h7rphw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 15:46
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(892)
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
Completion time: 2010-03-14 15:48:11
ComboFix-quarantined-files.txt 2010-03-14 19:48
ComboFix2.txt 2010-03-07 05:53
ComboFix3.txt 2010-03-07 02:20

Pre-Run: 78,655,524,864 bytes free
Post-Run: 79,186,071,552 bytes free

- - End Of File - - C5DF7BB00808CBE9BAFB936CF040D6BA


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:50 AM

Posted 15 March 2010 - 03:20 PM

Hi,

Please navigate to C:\Qoobox and post back with the content of

Combofix2.txt
Combofix3.txt
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 charliefell

charliefell
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 15 March 2010 - 04:21 PM

ComboFix 10-03-06.04 - Jess 03/07/2010 0:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2046.1144 [GMT -5:00]
Running from: c:\combofix\ComboFix.exe
Command switches used :: ComboFix
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: Microsoft Security Essentials *disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDE}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.

2010-03-07 05:49 . 2010-03-07 05:49 -------- d-----w- c:\users\Jess\AppData\Local\temp
2010-03-07 05:49 . 2010-03-07 05:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-07 05:49 . 2010-03-07 05:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-07 05:37 . 2010-03-07 05:38 -------- d-----w- C:\32788R22FWJFW
2010-03-07 04:09 . 2010-03-07 04:09 -------- d-----w- c:\program files\ESET
2010-03-07 01:57 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-07 01:57 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-07 01:57 . 2010-03-07 01:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-03 13:54 . 2010-03-03 13:54 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-03-02 23:04 . 2010-03-02 23:04 -------- d-----w- c:\programdata\Carbonite
2010-03-02 23:04 . 2010-03-02 23:04 -------- d-----w- c:\program files\Carbonite
2010-03-01 19:18 . 2010-03-01 19:18 -------- d-----w- c:\users\Jess\AppData\Roaming\Malwarebytes
2010-03-01 19:18 . 2010-03-01 19:18 -------- d-----w- c:\programdata\Malwarebytes
2010-03-01 06:35 . 2010-03-01 06:35 -------- d-----w- c:\programdata\Alwil Software
2010-03-01 06:35 . 2010-03-01 06:35 -------- d-----w- c:\program files\Alwil Software
2010-03-01 06:09 . 2010-02-24 14:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-01 06:04 . 2010-03-01 06:05 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-27 09:04 . 2010-02-27 09:04 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-24 10:11 . 2010-01-23 08:05 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 10:09 . 2010-01-25 12:58 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 10:09 . 2010-01-25 12:58 472576 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 10:09 . 2010-01-25 08:36 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 10:09 . 2010-01-25 08:36 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 10:09 . 2010-01-25 08:36 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 10:09 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 10:09 . 2010-01-25 12:58 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 10:09 . 2010-01-25 12:58 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 10:09 . 2010-01-25 12:56 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-02-10 22:03 . 2009-12-11 12:15 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 22:03 . 2009-12-11 12:15 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 22:03 . 2009-12-08 20:54 3467848 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 22:03 . 2009-12-08 20:54 3502168 ----a-w- c:\windows\system32\ntkrnlpa.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 05:33 . 2009-07-01 02:29 160488 ----a-w- c:\programdata\nvModes.dat
2010-03-06 13:17 . 2007-08-13 12:14 -------- d-----w- c:\programdata\McAfee
2010-03-06 13:17 . 2007-08-13 12:14 -------- d-----w- c:\program files\McAfee
2010-03-06 13:03 . 2007-08-13 11:54 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-06 07:05 . 2007-09-13 01:55 1356 ----a-w- c:\users\Jess\AppData\Local\d3d9caps.dat
2010-03-06 02:01 . 2009-05-01 02:26 -------- dc-h--w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2010-03-06 02:01 . 2009-05-01 02:26 -------- d-----w- c:\program files\Lavasoft
2010-03-06 02:01 . 2008-07-29 13:39 -------- d-----w- c:\programdata\Lavasoft
2010-03-05 02:56 . 2007-09-09 01:54 -------- d-----w- c:\program files\AIM
2010-03-05 02:55 . 2007-09-09 06:11 -------- d-----w- c:\program files\DivX
2010-03-02 17:10 . 2010-01-30 16:09 -------- d-----w- c:\users\Jess\AppData\Roaming\Skype
2010-03-02 16:41 . 2007-08-28 04:57 -------- d-----w- c:\program files\Lx_cats
2010-02-26 17:23 . 2007-09-12 23:37 85808 ----a-w- c:\users\Jess\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-15 17:19 . 2007-08-13 12:20 -------- d-----w- c:\program files\Google
2010-02-15 05:02 . 2010-01-30 16:27 -------- d-----w- c:\users\Jess\AppData\Roaming\skypePM
2010-02-11 08:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-30 16:27 . 2010-01-30 16:27 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-01-30 16:08 . 2010-01-30 16:08 -------- d-----r- c:\program files\Skype
2010-01-30 16:08 . 2010-01-30 16:08 -------- d-----w- c:\program files\Common Files\Skype
2010-01-30 16:08 . 2010-01-30 16:08 -------- d-----w- c:\programdata\Skype
2010-01-14 04:25 . 2009-04-28 04:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-08 06:10 . 2009-06-26 03:04 -------- d--h--w- c:\programdata\ArcSoft
2010-01-02 06:38 . 2010-01-22 10:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 10:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 10:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 10:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 12:36 . 2010-02-10 22:02 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 22:02 1327616 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:34 . 2010-02-10 22:02 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:34 . 2010-02-10 22:02 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:34 . 2010-02-10 22:02 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:34 . 2010-02-10 22:02 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:33 . 2010-02-10 22:02 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:32 . 2010-02-10 22:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:30 . 2010-02-10 22:02 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:30 . 2010-02-10 22:02 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-08 20:19 . 2010-02-10 22:02 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-12-08 17:58 . 2010-02-10 22:02 813568 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:57 . 2010-02-10 22:02 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-02-12 04:28 . 2010-02-12 04:28 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-02-21 21:51 . 2007-09-09 06:12 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-02-21 21:51 . 2007-09-09 06:12 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-02-21 21:51 . 2007-09-09 06:12 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-02-21 21:51 . 2007-09-09 06:12 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-02-21 21:51 . 2007-09-09 06:12 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2007-08-13 12:08 . 2007-08-13 12:08 76 --sh--r- c:\windows\CT4CET.bin
2007-08-13 19:48 . 2007-08-13 19:45 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-12-03 670864]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 18:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastAntispyClient]
2009-06-17 17:48 1587672 ----a-w- c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-08-13 22:32 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCXCATS]
2006-10-16 05:31 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\dlcxtime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
2007-01-12 16:57 292336 ----a-w- c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2007-05-03 08:53 103344 ----a-w- c:\program files\Lexmark 5200 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2006-11-03 22:09 312200 ----a-w- c:\program files\Dell PC Fax\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-02-12 04:28 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-21 16:43 133104 ----atw- c:\users\Jess\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 9300 Series Fax Server]
2006-12-05 09:36 304048 ----a-w- c:\program files\Lexmark 9300 Series\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBTCATS]
2007-02-22 10:46 73728 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxbttime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbtmon.exe]
2007-05-03 08:50 230320 ----a-w- c:\program files\Lexmark 5200 Series\lxbtmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCQCATS]
2006-11-21 12:27 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcqtime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcqmon.exe]
2007-01-11 13:57 291760 ----a-w- c:\program files\Lexmark 9300 Series\lxcqmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2006-11-03 22:04 304008 ----a-w- c:\program files\Dell Photo AIO Printer 926\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-02-21 10:03 1093208 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-06-09 11:23 13543968 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2008-06-09 11:23 96800 ----a-w- c:\windows\System32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-06-09 11:23 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2008-06-09 11:23 608800 ----a-w- c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-04-16 21:10 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-06-25 05:17 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 18:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-15 04:15 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-04-28 00:35 857648 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2007-08-13 19:46 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-12 30192]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 532480]
S2 lxcq_device;lxcq_device;c:\windows\system32\lxcqcoms.exe [2006-12-05 537520]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1507719816-2895807198-2696347523-1000Core.job
- c:\users\Jess\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-21 16:43]

2010-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1507719816-2895807198-2696347523-1000UA.job
- c:\users\Jess\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-21 16:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\d8h7rphw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\d8h7rphw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\d8h7rphw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 00:49
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll

- - - - - - - > 'Explorer.exe'(1296)
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
Completion time: 2010-03-07 00:53:14
ComboFix-quarantined-files.txt 2010-03-07 05:52
ComboFix2.txt 2010-03-07 02:20

Pre-Run: 78,470,406,144 bytes free
Post-Run: 75,276,996,608 bytes free

- - End Of File - - 2ED576E2FCB04001EACFD8A73F1DEDD7


ComboFix 10-03-05.06 - Jess 03/06/2010 21:08:38.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2046.1512 [GMT -5:00]
Running from: e:\anti\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: Microsoft Security Essentials *disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDE}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-1507719816-2895807198-2696347523-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\programdata\ntuser.dat{16fa2cb8-b88d-11dc-8acf-001c26f3cf94}.TMContainer00000000000000000001.regtrans-ms
c:\programdata\ntuser.dat{16fa2cc7-b88d-11dc-8acf-001c26f3cf94}.TMContainer00000000000000000001.regtrans-ms
c:\windows\system32\ini
c:\windows\system32\ini\DTYPE.CPG
c:\windows\system32\ini\DTYPE.FLS
c:\windows\system32\ini\DTYPE.PAT
c:\windows\system32\ini\DTYPE.PHY
c:\windows\system32\ini\DTYPE.STL
c:\windows\system32\ini\gs002.gsl
c:\windows\system32\ini\gs004.gsl
c:\windows\system32\ini\gs006.gsl
c:\windows\system32\ini\gs016.gsl
c:\windows\system32\ini\gs256.gsl
c:\windows\system32\ini\gssqrt.gsl
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.

2010-03-07 02:17 . 2010-03-07 02:17 -------- d-----w- c:\users\Jess\AppData\Local\temp
2010-03-07 02:17 . 2010-03-07 02:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-07 01:57 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-07 01:57 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-07 01:57 . 2010-03-07 01:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-03 13:54 . 2010-03-03 13:54 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-03-02 23:04 . 2010-03-02 23:04 -------- d-----w- c:\programdata\Carbonite
2010-03-02 23:04 . 2010-03-02 23:04 -------- d-----w- c:\program files\Carbonite
2010-03-01 19:18 . 2010-03-01 19:18 -------- d-----w- c:\users\Jess\AppData\Roaming\Malwarebytes
2010-03-01 19:18 . 2010-03-01 19:18 -------- d-----w- c:\programdata\Malwarebytes
2010-03-01 06:35 . 2010-03-01 06:35 -------- d-----w- c:\programdata\Alwil Software
2010-03-01 06:35 . 2010-03-01 06:35 -------- d-----w- c:\program files\Alwil Software
2010-03-01 06:09 . 2010-02-24 14:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-01 06:04 . 2010-03-01 06:05 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-27 09:04 . 2010-02-27 09:04 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-24 10:11 . 2010-01-23 08:05 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 10:09 . 2010-01-25 12:58 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 10:09 . 2010-01-25 12:58 472576 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 10:09 . 2010-01-25 08:36 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 10:09 . 2010-01-25 08:36 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 10:09 . 2010-01-25 08:36 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 10:09 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 10:09 . 2010-01-25 12:58 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 10:09 . 2010-01-25 12:58 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 10:09 . 2010-01-25 12:56 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-02-10 22:03 . 2009-12-11 12:15 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 22:03 . 2009-12-11 12:15 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 22:03 . 2009-12-08 20:54 3467848 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 22:03 . 2009-12-08 20:54 3502168 ----a-w- c:\windows\system32\ntkrnlpa.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 01:42 . 2009-07-01 02:29 160488 ----a-w- c:\programdata\nvModes.dat
2010-03-06 13:17 . 2007-08-13 12:14 -------- d-----w- c:\programdata\McAfee
2010-03-06 13:17 . 2007-08-13 12:14 -------- d-----w- c:\program files\McAfee
2010-03-06 13:03 . 2007-08-13 11:54 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-06 07:05 . 2007-09-13 01:55 1356 ----a-w- c:\users\Jess\AppData\Local\d3d9caps.dat
2010-03-06 02:01 . 2009-05-01 02:26 -------- dc-h--w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2010-03-06 02:01 . 2009-05-01 02:26 -------- d-----w- c:\program files\Lavasoft
2010-03-06 02:01 . 2008-07-29 13:39 -------- d-----w- c:\programdata\Lavasoft
2010-03-05 02:56 . 2007-09-09 01:54 -------- d-----w- c:\program files\AIM
2010-03-05 02:55 . 2007-09-09 06:11 -------- d-----w- c:\program files\DivX
2010-03-02 17:10 . 2010-01-30 16:09 -------- d-----w- c:\users\Jess\AppData\Roaming\Skype
2010-03-02 16:41 . 2007-08-28 04:57 -------- d-----w- c:\program files\Lx_cats
2010-02-26 17:23 . 2007-09-12 23:37 85808 ----a-w- c:\users\Jess\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-15 17:19 . 2007-08-13 12:20 -------- d-----w- c:\program files\Google
2010-02-15 05:02 . 2010-01-30 16:27 -------- d-----w- c:\users\Jess\AppData\Roaming\skypePM
2010-02-11 08:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-30 16:27 . 2010-01-30 16:27 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-01-30 16:08 . 2010-01-30 16:08 -------- d-----r- c:\program files\Skype
2010-01-30 16:08 . 2010-01-30 16:08 -------- d-----w- c:\program files\Common Files\Skype
2010-01-30 16:08 . 2010-01-30 16:08 -------- d-----w- c:\programdata\Skype
2010-01-14 04:25 . 2009-04-28 04:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-08 06:10 . 2009-06-26 03:04 -------- d--h--w- c:\programdata\ArcSoft
2010-01-02 06:38 . 2010-01-22 10:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 10:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 10:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 10:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 12:36 . 2010-02-10 22:02 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 22:02 1327616 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:34 . 2010-02-10 22:02 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:34 . 2010-02-10 22:02 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:34 . 2010-02-10 22:02 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:34 . 2010-02-10 22:02 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:33 . 2010-02-10 22:02 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:32 . 2010-02-10 22:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:30 . 2010-02-10 22:02 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:30 . 2010-02-10 22:02 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-08 20:19 . 2010-02-10 22:02 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-12-08 17:58 . 2010-02-10 22:02 813568 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:57 . 2010-02-10 22:02 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-02-12 04:28 . 2010-02-12 04:28 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-02-21 21:51 . 2007-09-09 06:12 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-02-21 21:51 . 2007-09-09 06:12 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-02-21 21:51 . 2007-09-09 06:12 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-02-21 21:51 . 2007-09-09 06:12 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-02-21 21:51 . 2007-09-09 06:12 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2007-08-13 12:08 . 2007-08-13 12:08 76 --sh--r- c:\windows\CT4CET.bin
2007-08-13 19:48 . 2007-08-13 19:45 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-12-03 670864]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 18:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastAntispyClient]
2009-06-17 17:48 1587672 ----a-w- c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-08-13 22:32 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCXCATS]
2006-10-16 05:31 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\dlcxtime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
2007-01-12 16:57 292336 ----a-w- c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2007-05-03 08:53 103344 ----a-w- c:\program files\Lexmark 5200 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2006-11-03 22:09 312200 ----a-w- c:\program files\Dell PC Fax\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-02-12 04:28 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-21 16:43 133104 ----atw- c:\users\Jess\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 9300 Series Fax Server]
2006-12-05 09:36 304048 ----a-w- c:\program files\Lexmark 9300 Series\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBTCATS]
2007-02-22 10:46 73728 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxbttime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbtmon.exe]
2007-05-03 08:50 230320 ----a-w- c:\program files\Lexmark 5200 Series\lxbtmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCQCATS]
2006-11-21 12:27 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcqtime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcqmon.exe]
2007-01-11 13:57 291760 ----a-w- c:\program files\Lexmark 9300 Series\lxcqmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2006-11-03 22:04 304008 ----a-w- c:\program files\Dell Photo AIO Printer 926\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-02-21 10:03 1093208 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-06-09 11:23 13543968 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2008-06-09 11:23 96800 ----a-w- c:\windows\System32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-06-09 11:23 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2008-06-09 11:23 608800 ----a-w- c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-04-16 21:10 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-06-25 05:17 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 18:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-15 04:15 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-04-28 00:35 857648 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2007-08-13 19:46 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 532480]
R2 lxcq_device;lxcq_device;c:\windows\system32\lxcqcoms.exe [2006-12-05 537520]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-12 30192]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1507719816-2895807198-2696347523-1000Core.job
- c:\users\Jess\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-21 16:43]

2010-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1507719816-2895807198-2696347523-1000UA.job
- c:\users\Jess\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-21 16:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\d8h7rphw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\d8h7rphw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\d8h7rphw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-AIM - c:\program files\AIM\aim.exe
MSConfigStartUp-avast5 - c:\progra~1\ALWILS~1\Avast5\avastUI.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-MskAgentexe - c:\program files\McAfee\MSK\MskAgent.exe
AddRemove-Warn Find Bat - c:\progra~2\AIMPHO~1\ByteGreyPoll.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-06 21:17
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1388)
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
Completion time: 2010-03-06 21:20:09
ComboFix-quarantined-files.txt 2010-03-07 02:19

Pre-Run: 72,297,406,464 bytes free
Post-Run: 72,219,193,344 bytes free

- - End Of File - - 85F7AD1ED2936E4546A57F5DCB9A0190


#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:50 AM

Posted 15 March 2010 - 04:48 PM

Hi,

Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile.


  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 charliefell

charliefell
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 15 March 2010 - 07:22 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3872
Windows 6.0.6000 (Safe Mode)
Internet Explorer 8.0.6001.18882

3/15/2010 8:08:43 PM
mbam-log-2010-03-15 (20-08-43).txt

Scan type: Quick Scan
Objects scanned: 109673
Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL logfile created on: 3/15/2010 8:09:59 PM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Users\Jess\Documents\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.44 Gb Total Space | 73.68 Gb Free Space | 54.00% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.98 Gb Free Space | 59.78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JESSTOP
Current User Name: Jess
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/15 20:09:15 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Users\Jess\Documents\Downloads\OTL.exe
PRC - [2010/03/08 20:28:21 | 000,815,184 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/08 20:28:20 | 001,229,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/05 14:36:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Users\Jess\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/15 20:09:15 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Users\Jess\Documents\Downloads\OTL.exe
MOD - [2006/11/02 05:46:13 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll
MOD - [2006/11/02 05:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.dll
MOD - [2006/11/02 05:46:07 | 002,095,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2006/11/02 05:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/08 20:28:20 | 001,229,232 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/12 00:28:51 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Stopped] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2009/09/28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () [Auto | Stopped] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/11/27 02:12:08 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Stopped] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2007/08/13 15:46:19 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/25 01:17:00 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/05/03 04:48:52 | 000,537,520 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxbtcoms.exe -- (lxbt_device)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/12/05 05:36:10 | 000,537,520 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxcqcoms.exe -- (lxcq_device)
SRV - [2006/10/11 17:48:50 | 000,532,480 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/12 22:21:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/12 00:28:51 | 000,000,000 | ---D | M]

[2009/01/07 19:22:50 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\d8h7rphw.default\extensions
[2009/01/07 19:22:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\d8h7rphw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/01/07 19:22:50 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\d8h7rphw.default\extensions\staged-xpis
[2009/07/15 00:17:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/09/09 02:12:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\divx@partners.mozilla.com
[2007/09/09 02:12:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2007/02/21 17:51:11 | 000,066,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2007/02/21 17:51:16 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2007/02/21 17:51:21 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2007/02/21 17:51:26 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2007/02/21 17:51:32 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2008/12/01 12:50:26 | 000,004,946 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\comcast.xml

O1 HOSTS File: ([2010/03/05 22:18:13 | 000,380,346 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13105 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\RunOnce: [] File not found
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jess\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jess\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2006/11/02 07:18:47 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/03/14 15:48:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/03/14 15:48:13 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Local\temp
[2010/03/14 15:47:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/03/14 15:35:47 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/03/14 15:29:05 | 000,000,000 | ---D | C] -- C:\schrauber
[2010/03/12 16:31:41 | 000,000,000 | ---D | C] -- C:\Users\Jess\Desktop\spaghetti dinner
[2010/03/10 22:51:46 | 000,000,000 | ---D | C] -- C:\Users\Jess\Desktop\bleeping computer forum files
[2010/03/08 20:28:48 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/03/08 20:23:39 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/03/08 20:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/03/08 12:47:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/08 12:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/08 12:28:42 | 000,000,000 | ---D | C] -- C:\Users\Jess\Desktop\ANTIVIRUS
[2010/03/07 00:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/03/06 22:07:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/03/06 22:07:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/06 22:07:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/06 22:07:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/03/06 22:07:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/06 22:05:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/06 21:57:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/06 21:57:43 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/06 21:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/03 21:27:48 | 000,000,000 | ---D | C] -- C:\Users\Jess\Desktop\josh archive
[2010/03/03 09:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/03/02 19:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Carbonite
[2010/03/02 19:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2009/12/29 22:03:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbtinpa.dll
[2009/12/29 22:03:44 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxbthcp.dll
[2009/12/29 22:03:43 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbtiesc.dll
[2009/12/29 22:03:42 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbtusb1.dll
[2009/12/29 22:03:41 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbtserv.dll
[2009/12/29 22:03:41 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbtprox.dll
[2009/12/29 22:03:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbtpmui.dll
[2009/12/29 22:03:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbtpplc.dll
[2009/12/29 22:03:39 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbtlmpm.dll
[2009/12/29 22:03:37 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbthbn3.dll
[2009/12/29 22:03:35 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbtcomc.dll
[2009/12/29 22:03:35 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbtcomm.dll
[2009/01/07 18:19:44 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcxhcp.dll
[2007/09/05 01:36:53 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCQhcp.dll
[2006/11/06 12:37:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcqpmui.dll
[2006/11/06 12:35:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcqserv.dll
[2006/11/06 12:28:08 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcqcomm.dll
[2006/11/06 12:26:14 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcqlmpm.dll
[2006/11/06 12:24:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcqiesc.dll
[2006/11/06 12:21:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcqpplc.dll
[2006/11/06 12:20:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcqcomc.dll
[2006/11/06 12:20:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcqprox.dll
[2006/11/06 12:12:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcqinpa.dll
[2006/11/06 12:11:58 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcqusb1.dll
[2006/11/06 12:07:04 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcqhbn3.dll
[2006/05/18 16:54:20 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2006/05/18 16:53:04 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2006/05/18 16:47:36 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2006/05/18 16:39:18 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2006/05/18 16:37:06 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2006/05/18 16:36:20 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2006/05/18 16:35:28 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2006/05/18 16:34:44 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2006/05/18 16:32:06 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2006/05/18 16:28:16 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2006/05/18 16:27:22 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[8 C:\Users\Jess\Documents\*.tmp files -> C:\Users\Jess\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/15 20:02:16 | 007,077,888 | -HS- | M] () -- C:\Users\Jess\ntuser.dat
[2010/03/15 00:49:47 | 000,001,356 | ---- | M] () -- C:\Users\Jess\AppData\Local\d3d9caps.dat
[2010/03/15 00:49:40 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/03/15 00:49:40 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2010/03/14 15:46:03 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/03/14 15:35:33 | 001,171,494 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/14 15:35:33 | 000,291,020 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/14 15:35:33 | 000,005,058 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/14 15:32:37 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/03/14 15:30:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/14 10:57:37 | 355,639,223 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/13 16:31:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/13 16:31:22 | 000,160,488 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/13 16:31:15 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/13 16:31:15 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/12 21:24:39 | 000,160,488 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/12 10:01:26 | 001,680,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/09 10:43:54 | 000,027,648 | ---- | M] () -- C:\Users\Jess\Desktop\josh interview_3-8-10.doc.dot
[2010/03/08 20:28:46 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/03/08 20:23:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/03/08 20:22:29 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/03/08 18:36:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1507719816-2895807198-2696347523-1000UA.job
[2010/03/08 13:29:14 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/03/08 12:42:07 | 000,227,678 | ---- | M] () -- C:\Users\Jess\Documents\reg backup 2.8.10.reg
[2010/03/08 12:30:52 | 000,001,672 | ---- | M] () -- C:\Users\Jess\Desktop\CCleaner.lnk
[2010/03/08 11:39:04 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/03/08 11:39:04 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/03/08 02:49:28 | 001,048,576 | -HS- | M] () -- C:\Users\Jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms
[2010/03/08 02:49:27 | 001,048,576 | -HS- | M] () -- C:\Users\Jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms
[2010/03/08 02:49:27 | 001,048,576 | -HS- | M] () -- C:\Users\Jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms
[2010/03/08 02:49:27 | 000,065,536 | -HS- | M] () -- C:\Users\Jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf
[2010/03/08 01:36:36 | 000,293,376 | ---- | M] () -- C:\Users\Jess\Desktop\3y819ssl.exe
[2010/03/07 00:09:46 | 002,672,312 | ---- | M] () -- C:\Users\Jess\Desktop\esetsmartinstaller_enu.exe
[2010/03/06 21:57:49 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/06 12:38:33 | 000,363,008 | ---- | M] () -- C:\Users\Jess\Desktop\rkill.pif
[2010/03/05 22:18:13 | 000,380,346 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/03/05 15:23:17 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1507719816-2895807198-2696347523-1000Core.job
[2010/03/04 22:57:16 | 000,023,552 | ---- | M] () -- C:\Users\Jess\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/02 19:05:12 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\Carbonite Backup Drive.lnk
[2010/03/02 12:49:23 | 000,025,088 | ---- | M] () -- C:\Users\Jess\Desktop\Design Principlesproject3value.doc
[2010/03/02 12:49:13 | 000,025,088 | ---- | M] () -- C:\Users\Jess\Documents\Design Principlesproject3value.doc
[2010/03/02 00:37:20 | 000,380,346 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100305-211813.backup
[8 C:\Users\Jess\Documents\*.tmp files -> C:\Users\Jess\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/15 00:49:40 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2010/03/15 00:49:40 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2010/03/12 11:00:47 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/03/10 22:56:34 | 355,639,223 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/03/09 10:43:54 | 000,027,648 | ---- | C] () -- C:\Users\Jess\Desktop\josh interview_3-8-10.doc.dot
[2010/03/08 20:22:29 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/03/08 12:41:55 | 000,227,678 | ---- | C] () -- C:\Users\Jess\Documents\reg backup 2.8.10.reg
[2010/03/08 12:30:52 | 000,001,672 | ---- | C] () -- C:\Users\Jess\Desktop\CCleaner.lnk
[2010/03/08 11:36:41 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/03/08 11:36:41 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/03/08 02:49:28 | 001,048,576 | -HS- | C] () -- C:\Users\Jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms
[2010/03/08 02:49:27 | 001,048,576 | -HS- | C] () -- C:\Users\Jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms
[2010/03/08 02:49:27 | 001,048,576 | -HS- | C] () -- C:\Users\Jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms
[2010/03/08 02:49:27 | 000,065,536 | -HS- | C] () -- C:\Users\Jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf
[2010/03/08 01:36:36 | 000,293,376 | ---- | C] () -- C:\Users\Jess\Desktop\3y819ssl.exe
[2010/03/07 00:09:46 | 002,672,312 | ---- | C] () -- C:\Users\Jess\Desktop\esetsmartinstaller_enu.exe
[2010/03/06 22:07:44 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/06 22:07:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/06 22:07:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/06 22:07:44 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/06 22:07:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/06 22:05:02 | 000,363,008 | ---- | C] () -- C:\Users\Jess\Desktop\rkill.pif
[2010/03/06 21:57:49 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/02 19:05:12 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\Carbonite Backup Drive.lnk
[2010/03/02 12:49:23 | 000,025,088 | ---- | C] () -- C:\Users\Jess\Desktop\Design Principlesproject3value.doc
[2010/01/30 12:27:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/29 22:03:45 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxbtinst.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/30 22:29:34 | 000,160,488 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/30 22:29:34 | 000,160,488 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/05/31 17:48:18 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/01/07 18:19:44 | 000,274,432 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2009/01/07 18:18:33 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2009/01/07 18:15:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2009/01/07 18:15:30 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2008/01/06 00:29:12 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{16fa2cc7-b88d-11dc-8acf-001c26f3cf94}.TMContainer00000000000000000002.regtrans-ms
[2008/01/06 00:29:12 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{16fa2cc7-b88d-11dc-8acf-001c26f3cf94}.TM.blf
[2008/01/06 00:29:10 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{16fa2cb8-b88d-11dc-8acf-001c26f3cf94}.TMContainer00000000000000000002.regtrans-ms
[2008/01/06 00:29:10 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2008/01/06 00:29:10 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{16fa2cb8-b88d-11dc-8acf-001c26f3cf94}.TM.blf
[2008/01/06 00:29:10 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2008/01/06 00:29:10 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2007/11/05 01:42:31 | 000,000,570 | ---- | C] () -- C:\Users\Jess\AppData\Roaming\wklnhst.dat
[2007/10/07 00:15:32 | 000,023,552 | ---- | C] () -- C:\Users\Jess\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/12 22:04:32 | 000,129,712 | ---- | C] () -- C:\Users\Jess\AppData\Roaming\nvModes.001
[2007/09/12 21:55:22 | 000,129,712 | ---- | C] () -- C:\Users\Jess\AppData\Roaming\nvModes.dat
[2007/09/12 21:55:12 | 000,001,356 | ---- | C] () -- C:\Users\Jess\AppData\Local\d3d9caps.dat
[2007/09/05 01:37:04 | 000,000,031 | ---- | C] () -- C:\Windows\System32\lxcqrwrd.ini
[2007/09/05 01:36:54 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCQinst.dll
[2007/09/05 01:35:58 | 000,045,056 | ---- | C] () -- C:\Windows\System32\lxcqpmon.dll
[2007/09/05 01:35:58 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXCQFXPU.DLL
[2007/09/05 01:31:57 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcqcoin.dll
[2007/08/28 00:52:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL
[2007/08/28 00:51:16 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll
[2007/08/28 00:50:57 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2007/08/27 18:50:41 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/08/25 02:02:49 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/08/25 02:02:44 | 000,000,158 | ---- | C] () -- C:\Windows\wininit.ini
[2007/08/20 20:26:52 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2007/08/20 20:26:52 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2007/08/15 18:33:14 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/08/15 18:30:26 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/08/13 15:48:29 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/08/13 15:48:19 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/02/22 19:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbtcoin.dll
[2006/11/13 05:30:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\lxcqgrd.dll
[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/23 10:54:08 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcqdrs.dll
[2006/09/29 03:28:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcqcaps.dll
[2006/09/22 08:42:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/09/06 07:13:14 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll
[2006/08/08 16:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2006/06/29 00:22:40 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2006/06/29 00:22:32 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2006/06/29 00:22:04 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2006/06/29 00:21:00 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2006/06/29 00:20:54 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2006/06/29 00:20:42 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2006/06/29 00:20:38 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2006/06/29 00:19:02 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2006/06/29 00:18:36 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2006/05/09 06:10:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcqcnv4.dll
[2006/03/19 20:03:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll
[2005/08/18 07:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbtvs.dll
[2005/07/08 04:11:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2005/06/23 22:37:48 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcqvs.dll
[2005/05/25 10:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbtcnv4.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2007/09/06 15:01:52 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\.BitTornado
[2008/02/26 13:28:08 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\9300 Series
[2007/09/08 21:55:22 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Aim
[2010/03/08 13:12:03 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\CallingID
[2008/01/09 11:25:34 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\MusicNet
[2008/07/25 10:15:43 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\NewSoft
[2007/09/11 03:01:48 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\PeerNetworking
[2009/02/14 16:14:32 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Sony
[2007/08/24 12:06:08 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Template
[2007/08/23 15:08:14 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\tmp
[2010/03/14 15:32:37 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/03/12 09:58:14 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2007/08/13 15:45:11 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\ERDNT\cache\AGP440.sys
[2007/08/13 15:45:11 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2007/08/13 15:45:11 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007/08/13 15:45:11 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007/08/13 15:45:10 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/08/13 15:45:43 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/08/13 15:45:36 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2007/08/13 15:45:36 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2007/08/13 15:45:43 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/08/13 15:45:43 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/02/13 04:05:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 04:05:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 04:05:28 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\ERDNT\cache\atapi.sys
[2008/02/13 04:05:28 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\drivers\atapi.sys
[2008/02/13 04:05:28 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/02/13 04:05:28 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/02/12 17:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Drivers\storage\R154200\iastor.sys
[2007/02/12 17:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007/02/12 17:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys
[2007/02/12 17:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\ERDNT\cache\netlogon.dll
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\ERDNT\cache\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


OTL Extras logfile created on: 3/15/2010 8:09:59 PM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Users\Jess\Documents\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.44 Gb Total Space | 73.68 Gb Free Space | 54.00% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.98 Gb Free Space | 59.78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JESSTOP
Current User Name: Jess
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Jess\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5441005E-20CE-46AA-91D3-8ED83D599434}" = lport=138 | protocol=17 | dir=in | app=system |
"{5869F744-6577-4164-86BC-BEF80321DB5B}" = lport=445 | protocol=6 | dir=in | app=system |
"{8601C390-A955-4F87-9549-8D8F3CD76B9D}" = rport=138 | protocol=17 | dir=out | app=system |
"{907224EC-1EF6-4FDD-8B5F-4774EB3BAFF5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{90805CA6-94B1-4E4F-A311-3C2A938519F4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C2C76E50-2FAC-470E-BB4C-6B68DE6F780F}" = rport=139 | protocol=6 | dir=out | app=system |
"{C7867181-6397-487D-B841-712A96BCEE94}" = rport=445 | protocol=6 | dir=out | app=system |
"{CA0CEAA0-C924-4091-A37D-AD5A0DCBA948}" = lport=137 | protocol=17 | dir=in | app=system |
"{E0179C5F-0EFD-4A92-949F-EF4C5974205F}" = lport=139 | protocol=6 | dir=in | app=system |
"{ED3963CB-91C9-46D2-972A-C5A2D922A267}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B17B164-F816-49F4-ABC9-7BE607251D77}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{2CB1BEA0-A55B-41B5-B2D6-94E29F257F1A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{30433C3A-556C-4F9B-9087-F1B344266834}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbtpswx.exe |
"{30BA1FBD-3AC8-48D5-A65B-2486F4782ACB}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{33286F3E-B600-4357-8F0F-16B7002AC35E}" = protocol=17 | dir=in | app=c:\windows\system32\lxbtcoms.exe |
"{42F3725A-492C-48F7-8CF9-225515EDFF26}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4D7B7429-9A37-43DE-9613-7ECF7483AFB5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E255D69-C8BD-45D0-95EC-343FCF39443D}" = protocol=6 | dir=in | app=c:\windows\system32\lxcqcoms.exe |
"{54359E0B-83A5-4862-A81E-A7F9F8E8D6A4}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{609415E7-76B4-4287-85BA-887E84C4B53C}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{62969968-D7E6-4E7B-A8B1-D9F99D003A88}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{6AD2D6DA-93E2-4BA7-B7A3-CAFC92C3B8A0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6DC1E90C-DF9D-4D39-A401-854E05866E8C}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{7280D8F6-881C-4F3C-AA8D-6EAF76B35A0A}" = protocol=6 | dir=in | app=c:\windows\system32\lxbtcoms.exe |
"{72CB7905-4DFD-44AE-8B21-B87D8319FB53}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{77572770-31E2-4973-8C4B-8FD42815D8A3}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{789E94DE-E957-4657-83DB-D02FE41C6D8C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbtpswx.exe |
"{975468C0-65CA-41F4-B0F2-71DA20A80872}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{A0FAF897-96A0-494E-A16B-ECEC7FD27B8D}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{ABF33333-C581-4682-82F4-B070D14BAA22}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B5E60063-44FF-40AD-A386-7A0765A51CB4}" = protocol=17 | dir=in | app=c:\windows\system32\lxcqcoms.exe |
"{C217449B-5BE0-4F94-99FC-6EA5178BA6C4}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{D9054F85-3025-4E80-AF1C-0F6D5E976E07}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"TCP Query User{4BF98E1E-8B4F-4E95-AEE6-0FD7A1EC8FEF}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{79F1E8DF-FA02-4950-B801-4D7A0B56B03F}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{92E0DAB2-4506-44BE-940C-5FDBB6BD4E05}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BB4E6B1D-984B-4F00-B772-C04111C96FF8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{496F67F1-EEDE-443F-886B-6661D96FCB79}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{660CFA85-4BDC-4BAA-AA11-FA40458105FC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{AB658F9B-F3DA-4096-A8A0-E1C0F398C0E9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F2B15369-CDD6-41D1-BCE1-101CD2014F57}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{2D2C7E66-7A80-48F6-95FC-2707BB343D0C}" = Endpoint Integrity Agent
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{2FBC7FAE-14B0-416D-B113-5B1EBA582978}" = ArcSoft MediaImpression for Kodak
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.10
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B23F9E40-E6E5-11D4-89B3-00201856C449}" = Tassman DXi SE 2.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B79920F8-AB6E-45B2-B257-900BBA969FF7}" = Presto! Forms 3.50.02
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CA72A82C-7DBC-4814-8CCB-E5BFAC59FAEF}" = ArcSoft MediaImpression for Kodak
"{CCA51496-49D4-4FBF-9866-A2E2F40FAC7A}" = Sony Sound Forge 9.0
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFF8B500-3D4F-4950-B2F6-BA0EDA96ABD8}" = Avery Easy Peel Label Sorter
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"BitTornado" = BitTornado 0.3.18
"Carbonite Backup" = Carbonite
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"comcasttb" = Comcast Toolbar 3.0
"Creative OEM002" = Laptop Integrated Webcam Driver (1.00.10.0320)
"Dell Fax Solutions" = Fax Solutions
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"DELL Webcam Center" = DELL Webcam Center
"DELL Webcam Manager" = DELL Webcam Manager
"EADM" = EA Download Manager
"ESET Online Scanner" = ESET Online Scanner v3
"Google Desktop" = Google Desktop
"Lexmark 5200 Series" = Lexmark 5200 Series
"Lexmark 9300 Series" = Lexmark 9300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (2.0.0.2)" = Mozilla Firefox (2.0.0.2)
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"PreviewIt_is1" = PreviewIt for GoogleDesktop 0.1a
"Pro Tracks Plus 2.2" = Pro Tracks Plus 2.2
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/8/2010 5:55:54 PM | Computer Name = Jesstop | Source = Windows Search Service | ID = 3032
Description =

Error - 3/8/2010 5:55:54 PM | Computer Name = Jesstop | Source = Windows Search Service | ID = 3032
Description =

Error - 3/8/2010 5:55:54 PM | Computer Name = Jesstop | Source = Windows Search Service | ID = 3032
Description =

Error - 3/8/2010 5:55:54 PM | Computer Name = Jesstop | Source = Windows Search Service | ID = 3032
Description =

Error - 3/8/2010 5:55:54 PM | Computer Name = Jesstop | Source = Windows Search Service | ID = 3032
Description =

Error - 3/8/2010 5:55:55 PM | Computer Name = Jesstop | Source = Windows Search Service | ID = 3032
Description =

Error - 3/8/2010 5:55:55 PM | Computer Name = Jesstop | Source = Windows Search Service | ID = 3032
Description =

Error - 3/8/2010 5:55:55 PM | Computer Name = Jesstop | Source = Windows Search Service | ID = 3032
Description =

Error - 3/8/2010 5:55:55 PM | Computer Name = Jesstop | Source = Windows Search Service | ID = 3032
Description =

Error - 3/8/2010 5:55:56 PM | Computer Name = Jesstop | Source = Windows Search Service | ID = 3032
Description =

[ Media Center Events ]
Error - 11/21/2007 4:47:40 PM | Computer Name = Jesstop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/25/2007 4:42:25 PM | Computer Name = Jesstop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/11/2007 8:43:05 PM | Computer Name = Jesstop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/14/2007 6:53:48 PM | Computer Name = Jesstop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/14/2007 8:54:44 PM | Computer Name = Jesstop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/16/2007 2:36:15 PM | Computer Name = Jesstop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/22/2007 5:40:51 AM | Computer Name = Jesstop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/21/2008 8:42:41 PM | Computer Name = Jesstop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/2/2008 8:38:13 PM | Computer Name = Jesstop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/8/2008 7:31:33 PM | Computer Name = Jesstop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ System Events ]
Error - 3/14/2010 3:31:28 PM | Computer Name = Jesstop | Source = DCOM | ID = 10005
Description =

Error - 3/14/2010 3:31:31 PM | Computer Name = Jesstop | Source = DCOM | ID = 10005
Description =

Error - 3/14/2010 3:31:42 PM | Computer Name = Jesstop | Source = DCOM | ID = 10005
Description =

Error - 3/14/2010 3:32:09 PM | Computer Name = Jesstop | Source = DCOM | ID = 10005
Description =

Error - 3/14/2010 3:42:10 PM | Computer Name = Jesstop | Source = DCOM | ID = 10005
Description =

Error - 3/14/2010 3:42:10 PM | Computer Name = Jesstop | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.77.863.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.5502.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode

Error - 3/15/2010 3:31:31 PM | Computer Name = Jesstop | Source = DCOM | ID = 10005
Description =

Error - 3/15/2010 3:36:08 PM | Computer Name = Jesstop | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.77.863.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.5502.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode

Error - 3/15/2010 5:19:53 PM | Computer Name = Jesstop | Source = DCOM | ID = 10005
Description =

Error - 3/15/2010 8:09:13 PM | Computer Name = Jesstop | Source = DCOM | ID = 10005
Description =


< End of report >


#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:50 AM

Posted 16 March 2010 - 03:00 PM

Hi,

How is it running now?


Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case BitTornado). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."






Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 18.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u18-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u18-windows-i586.exe and select "Run as an Administrator.")






I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt




Please post back with a fresh OTL logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 charliefell

charliefell
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 16 March 2010 - 10:00 PM

I deleted BitTornado from the program list. I honestly don't remember when it was installed, but it hasn't been used in quite some time.

I updated Java and tried to run the ESET scan in normal boot mode, but the computer locked up again after about 20 minutes. Even when it was running, it was very sluggish. The log I'm pasting below is from a safe mode with networking boot.

Thank you so much for all the help, by the way!

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ead1ccd2f064984c8fc8d78bfe6440a5
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-03-07 05:25:44
# local_time=2010-03-07 12:25:44 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=202304
# found=0
# cleaned=0
# scan_time=4414
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ead1ccd2f064984c8fc8d78bfe6440a5
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-17 02:43:22
# local_time=2010-03-16 10:43:22 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=768 16777215 100 0 437261 437261 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=193246
# found=0
# cleaned=0
# scan_time=9596


#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:50 AM

Posted 17 March 2010 - 02:11 PM

Good smile.gif

Please post back with a fresh OTL logfile and tell me how the system is running.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 charliefell

charliefell
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 17 March 2010 - 02:23 PM

QUOTE(schrauber @ Mar 17 2010, 02:11 PM) View Post
Good smile.gif

Please post back with a fresh OTL logfile and tell me how the system is running.


Custom scan again?

#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:50 AM

Posted 17 March 2010 - 02:59 PM

Yes please smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 charliefell

charliefell
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 17 March 2010 - 03:14 PM

OTL logfile created on: 3/17/2010 3:27:47 PM - Run 2
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Users\Jess\Documents\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.44 Gb Total Space | 73.04 Gb Free Space | 53.53% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.98 Gb Free Space | 59.78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JESSTOP
Current User Name: Jess
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/17 15:21:01 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Users\Jess\Documents\Downloads\OTL (1).exe
PRC - [2010/03/08 20:28:21 | 000,815,184 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/08 20:28:20 | 001,229,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/05 14:36:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Users\Jess\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/17 15:21:01 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Users\Jess\Documents\Downloads\OTL (1).exe
MOD - [2008/11/27 00:35:51 | 001,744,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\GdiPlus.dll
MOD - [2006/11/02 05:46:13 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll
MOD - [2006/11/02 05:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.dll
MOD - [2006/11/02 05:46:07 | 002,095,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2006/11/02 05:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/08 20:28:20 | 001,229,232 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/12 00:28:51 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Stopped] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2009/09/28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () [Auto | Stopped] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/11/27 02:12:08 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Stopped] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2007/08/13 15:46:19 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/25 01:17:00 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/05/03 04:48:52 | 000,537,520 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxbtcoms.exe -- (lxbt_device)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/12/05 05:36:10 | 000,537,520 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxcqcoms.exe -- (lxcq_device)
SRV - [2006/10/11 17:48:50 | 000,532,480 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/12 22:21:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/12 00:28:51 | 000,000,000 | ---D | M]

[2009/01/07 19:22:50 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\d8h7rphw.default\extensions
[2009/01/07 19:22:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\d8h7rphw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/01/07 19:22:50 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\d8h7rphw.default\extensions\staged-xpis
[2010/03/16 19:15:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/09/09 02:12:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\divx@partners.mozilla.com
[2007/09/09 02:12:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2007/02/21 17:51:11 | 000,066,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2007/02/21 17:51:16 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2007/02/21 17:51:21 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2007/02/21 17:51:26 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2007/02/21 17:51:32 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2008/12/01 12:50:26 | 000,004,946 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\comcast.xml

O1 HOSTS File: ([2010/03/05 22:18:13 | 000,380,346 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13105 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jess\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jess\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2006/11/02 07:18:47 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/03/16 20:33:43 | 000,000,000 | ---D | C] -- C:\Users\Jess\Desktop\tranz
[2010/03/16 19:00:24 | 000,000,000 | ---D | C] -- C:\Users\Jess\.SunDownloadManager
[2010/03/16 18:55:45 | 000,000,000 | ---D | C] -- C:\Users\Jess\.netbeans
[2010/03/16 18:55:37 | 000,000,000 | ---D | C] -- C:\Users\Jess\.netbeans-registration
[2010/03/16 18:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 6.8
[2010/03/16 18:52:29 | 000,000,000 | ---D | C] -- C:\Users\Jess\.nbi
[2010/03/14 15:48:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/03/14 15:48:13 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Local\temp
[2010/03/14 15:47:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/03/14 15:35:47 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/03/14 15:29:05 | 000,000,000 | ---D | C] -- C:\schrauber
[2010/03/12 16:31:41 | 000,000,000 | ---D | C] -- C:\Users\Jess\Desktop\spaghetti dinner
[2010/03/10 22:51:46 | 000,000,000 | ---D | C] -- C:\Users\Jess\Desktop\bleeping computer forum files
[2010/03/08 20:28:48 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/03/08 20:23:39 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/03/08 20:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/03/08 12:47:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/08 12:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/08 12:28:42 | 000,000,000 | ---D | C] -- C:\Users\Jess\Desktop\ANTIVIRUS
[2010/03/07 00:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/03/06 22:07:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/03/06 22:07:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/06 22:07:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/06 22:07:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/03/06 22:07:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/06 22:05:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/06 21:57:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/06 21:57:43 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/06 21:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/03 21:27:48 | 000,000,000 | ---D | C] -- C:\Users\Jess\Desktop\josh archive
[2009/12/29 22:03:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbtinpa.dll
[2009/12/29 22:03:44 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxbthcp.dll
[2009/12/29 22:03:43 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbtiesc.dll
[2009/12/29 22:03:42 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbtusb1.dll
[2009/12/29 22:03:41 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbtserv.dll
[2009/12/29 22:03:41 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbtprox.dll
[2009/12/29 22:03:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbtpmui.dll
[2009/12/29 22:03:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbtpplc.dll
[2009/12/29 22:03:39 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbtlmpm.dll
[2009/12/29 22:03:37 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbthbn3.dll
[2009/12/29 22:03:35 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbtcomc.dll
[2009/12/29 22:03:35 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbtcomm.dll
[2009/01/07 18:19:44 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcxhcp.dll
[2007/09/05 01:36:53 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCQhcp.dll
[2006/11/06 12:37:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcqpmui.dll
[2006/11/06 12:35:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcqserv.dll
[2006/11/06 12:28:08 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcqcomm.dll
[2006/11/06 12:26:14 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcqlmpm.dll
[2006/11/06 12:24:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcqiesc.dll
[2006/11/06 12:21:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcqpplc.dll
[2006/11/06 12:20:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcqcomc.dll
[2006/11/06 12:20:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcqprox.dll
[2006/11/06 12:12:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcqinpa.dll
[2006/11/06 12:11:58 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcqusb1.dll
[2006/11/06 12:07:04 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcqhbn3.dll
[2006/05/18 16:54:20 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2006/05/18 16:53:04 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2006/05/18 16:47:36 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2006/05/18 16:39:18 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2006/05/18 16:37:06 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2006/05/18 16:36:20 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2006/05/18 16:35:28 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2006/05/18 16:34:44 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2006/05/18 16:32:06 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2006/05/18 16:28:16 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2006/05/18 16:27:22 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[8 C:\Users\Jess\Documents\*.tmp files -> C:\Users\Jess\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/17 15:18:32 | 007,077,888 | -HS- | M] () -- C:\Users\Jess\ntuser.dat
[2010/03/16 20:06:29 | 001,197,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/16 20:06:29 | 000,300,004 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/16 20:06:29 | 000,005,058 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/16 20:04:01 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/03/16 20:00:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/16 19:36:08 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1507719816-2895807198-2696347523-1000UA.job
[2010/03/16 19:04:13 | 000,160,488 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/16 19:04:13 | 000,160,488 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/16 19:04:09 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/16 19:04:09 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/16 19:04:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/16 18:59:53 | 000,001,356 | ---- | M] () -- C:\Users\Jess\AppData\Local\d3d9caps.dat
[2010/03/15 00:49:40 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/03/15 00:49:40 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2010/03/14 15:46:03 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/03/14 10:57:37 | 355,639,223 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/12 10:01:26 | 001,680,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/09 10:43:54 | 000,027,648 | ---- | M] () -- C:\Users\Jess\Desktop\josh interview_3-8-10.doc.dot
[2010/03/08 20:28:46 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/03/08 20:23:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/03/08 20:22:29 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/03/08 13:29:14 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/03/08 12:42:07 | 000,227,678 | ---- | M] () -- C:\Users\Jess\Documents\reg backup 2.8.10.reg
[2010/03/08 12:30:52 | 000,001,672 | ---- | M] () -- C:\Users\Jess\Desktop\CCleaner.lnk
[2010/03/08 11:39:04 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/03/08 11:39:04 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/03/08 02:49:28 | 001,048,576 | -HS- | M] () -- C:\Users\Jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms
[2010/03/08 02:49:27 | 001,048,576 | -HS- | M] () -- C:\Users\Jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms
[2010/03/08 02:49:27 | 001,048,576 | -HS- | M] () -- C:\Users\Jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms
[2010/03/08 02:49:27 | 000,065,536 | -HS- | M] () -- C:\Users\Jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf
[2010/03/08 01:36:36 | 000,293,376 | ---- | M] () -- C:\Users\Jess\Desktop\3y819ssl.exe
[2010/03/07 00:09:46 | 002,672,312 | ---- | M] () -- C:\Users\Jess\Desktop\esetsmartinstaller_enu.exe
[2010/03/06 21:57:49 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/06 12:38:33 | 000,363,008 | ---- | M] () -- C:\Users\Jess\Desktop\rkill.pif
[2010/03/05 22:18:13 | 000,380,346 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/03/05 15:23:17 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1507719816-2895807198-2696347523-1000Core.job
[2010/03/04 22:57:16 | 000,023,552 | ---- | M] () -- C:\Users\Jess\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[8 C:\Users\Jess\Documents\*.tmp files -> C:\Users\Jess\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/15 00:49:40 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2010/03/15 00:49:40 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2010/03/12 11:00:47 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/03/10 22:56:34 | 355,639,223 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/03/09 10:43:54 | 000,027,648 | ---- | C] () -- C:\Users\Jess\Desktop\josh interview_3-8-10.doc.dot
[2010/03/08 20:22:29 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/03/08 12:41:55 | 000,227,678 | ---- | C] () -- C:\Users\Jess\Documents\reg backup 2.8.10.reg
[2010/03/08 12:30:52 | 000,001,672 | ---- | C] () -- C:\Users\Jess\Desktop\CCleaner.lnk
[2010/03/08 11:36:41 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/03/08 11:36:41 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/03/08 02:49:28 | 001,048,576 | -HS- | C] () -- C:\Users\Jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms
[2010/03/08 02:49:27 | 001,048,576 | -HS- | C] () -- C:\Users\Jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms
[2010/03/08 02:49:27 | 001,048,576 | -HS- | C] () -- C:\Users\Jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms
[2010/03/08 02:49:27 | 000,065,536 | -HS- | C] () -- C:\Users\Jess\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf
[2010/03/08 01:36:36 | 000,293,376 | ---- | C] () -- C:\Users\Jess\Desktop\3y819ssl.exe
[2010/03/07 00:09:46 | 002,672,312 | ---- | C] () -- C:\Users\Jess\Desktop\esetsmartinstaller_enu.exe
[2010/03/06 22:07:44 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/06 22:07:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/06 22:07:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/06 22:07:44 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/06 22:07:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/06 22:05:02 | 000,363,008 | ---- | C] () -- C:\Users\Jess\Desktop\rkill.pif
[2010/03/06 21:57:49 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/30 12:27:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/29 22:03:45 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxbtinst.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/30 22:29:34 | 000,160,488 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/30 22:29:34 | 000,160,488 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/05/31 17:48:18 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/01/07 18:19:44 | 000,274,432 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2009/01/07 18:18:33 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2009/01/07 18:15:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2009/01/07 18:15:30 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2008/01/06 00:29:12 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{16fa2cc7-b88d-11dc-8acf-001c26f3cf94}.TMContainer00000000000000000002.regtrans-ms
[2008/01/06 00:29:12 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{16fa2cc7-b88d-11dc-8acf-001c26f3cf94}.TM.blf
[2008/01/06 00:29:10 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{16fa2cb8-b88d-11dc-8acf-001c26f3cf94}.TMContainer00000000000000000002.regtrans-ms
[2008/01/06 00:29:10 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2008/01/06 00:29:10 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{16fa2cb8-b88d-11dc-8acf-001c26f3cf94}.TM.blf
[2008/01/06 00:29:10 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2008/01/06 00:29:10 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2007/11/05 01:42:31 | 000,000,570 | ---- | C] () -- C:\Users\Jess\AppData\Roaming\wklnhst.dat
[2007/10/07 00:15:32 | 000,023,552 | ---- | C] () -- C:\Users\Jess\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/12 22:04:32 | 000,129,712 | ---- | C] () -- C:\Users\Jess\AppData\Roaming\nvModes.001
[2007/09/12 21:55:22 | 000,129,712 | ---- | C] () -- C:\Users\Jess\AppData\Roaming\nvModes.dat
[2007/09/12 21:55:12 | 000,001,356 | ---- | C] () -- C:\Users\Jess\AppData\Local\d3d9caps.dat
[2007/09/05 01:37:04 | 000,000,031 | ---- | C] () -- C:\Windows\System32\lxcqrwrd.ini
[2007/09/05 01:36:54 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCQinst.dll
[2007/09/05 01:35:58 | 000,045,056 | ---- | C] () -- C:\Windows\System32\lxcqpmon.dll
[2007/09/05 01:35:58 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXCQFXPU.DLL
[2007/09/05 01:31:57 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcqcoin.dll
[2007/08/28 00:52:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL
[2007/08/28 00:51:16 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll
[2007/08/28 00:50:57 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2007/08/27 18:50:41 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/08/25 02:02:49 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/08/25 02:02:44 | 000,000,158 | ---- | C] () -- C:\Windows\wininit.ini
[2007/08/20 20:26:52 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2007/08/20 20:26:52 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2007/08/15 18:33:14 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/08/15 18:30:26 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/08/13 15:48:29 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/08/13 15:48:19 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/02/22 19:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbtcoin.dll
[2006/11/13 05:30:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\lxcqgrd.dll
[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/23 10:54:08 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcqdrs.dll
[2006/09/29 03:28:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcqcaps.dll
[2006/09/22 08:42:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/09/06 07:13:14 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll
[2006/08/08 16:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2006/06/29 00:22:40 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2006/06/29 00:22:32 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2006/06/29 00:22:04 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2006/06/29 00:21:00 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2006/06/29 00:20:54 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2006/06/29 00:20:42 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2006/06/29 00:20:38 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2006/06/29 00:19:02 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2006/06/29 00:18:36 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2006/05/09 06:10:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcqcnv4.dll
[2006/03/19 20:03:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll
[2005/08/18 07:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbtvs.dll
[2005/07/08 04:11:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2005/06/23 22:37:48 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcqvs.dll
[2005/05/25 10:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbtcnv4.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2007/09/06 15:01:52 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\.BitTornado
[2008/02/26 13:28:08 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\9300 Series
[2007/09/08 21:55:22 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Aim
[2010/03/08 13:12:03 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\CallingID
[2008/01/09 11:25:34 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\MusicNet
[2008/07/25 10:15:43 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\NewSoft
[2007/09/11 03:01:48 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\PeerNetworking
[2009/02/14 16:14:32 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Sony
[2007/08/24 12:06:08 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Template
[2007/08/23 15:08:14 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\tmp
[2010/03/16 20:04:01 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/03/12 09:58:14 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2007/08/13 15:45:11 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\ERDNT\cache\AGP440.sys
[2007/08/13 15:45:11 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2007/08/13 15:45:11 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007/08/13 15:45:11 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007/08/13 15:45:10 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/08/13 15:45:43 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/08/13 15:45:36 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2007/08/13 15:45:36 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2007/08/13 15:45:43 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/08/13 15:45:43 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/02/13 04:05:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 04:05:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 04:05:28 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\ERDNT\cache\atapi.sys
[2008/02/13 04:05:28 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\drivers\atapi.sys
[2008/02/13 04:05:28 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/02/13 04:05:28 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/02/12 17:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Drivers\storage\R154200\iastor.sys
[2007/02/12 17:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007/02/12 17:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys
[2007/02/12 17:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\ERDNT\cache\netlogon.dll
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\ERDNT\cache\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users