Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Links Always Redirecting - April 15, 2010


  • This topic is locked This topic is locked
22 replies to this topic

#1 StevePCFix

StevePCFix

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 15 April 2010 - 11:21 AM

To Someone Please,

I got rid of: (deleted)
"C:Documents and SettingsNetworkServiceLocal SettingsApplication Dataave.exe" /START "%1" %*
but cannot delete the associated registry key with regedt32.exe?

I have run Malwarebytes:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3988

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

4/14/2010 6:28:02 PM
mbam-log-2010-04-14 (18-28-02).txt

Scan type: Quick scan
Objects scanned: 1626
Time elapsed: 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I have run Hijack, my XP system runnning SP 2, still has the problem with Google Links Redirecting to other sites. PLEASE Advise to ***@verizon.net. Thanks, Steve

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:58 AM, on 4/15/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32savedump.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesAdobeAcrobat 6.0Distillracrotray.exe
C:WINDOWSsystem32ctfmon.exe
C:PROGRA~1WIDCOMMBLUETO~1BTSTAC~1.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesBabelgum Playerbabelgumupdater_service.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:WINDOWSsystem32cisvc.exe
C:Program FilesSymantecNorton Ghost 2003GhostStartService.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesGoogleUpdateGoogleUpdate.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:Program FilesMicrosoft SQL ServerMSSQL$ALAMODEBinnsqlservr.exe
C:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32taskmgr.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.stevesellsre.com/
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O4 - HKLM..Run: [HP Software Update] C:Program FilesHpHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [Google Desktop Search] "C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe" /startup
O4 - HKLM..Run: [LogMeIn GUI] "C:Program FilesLogMeInx86LogMeInSystray.exe"
O4 - HKLM..Run: [avast5] C:PROGRA~1ALWILS~1Avast5avastUI.exe /nogui
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Yahoo! Pager] "C:Program FilesYahoo!MessengerYahooMessenger .exe" -quiet
O4 - HKCU..Run: [Microsoft Location Finder] "C:Program FilesMicrosoft Location FinderLocationFinder.exe"
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [H/PC Connection Agent] "C:Program FilesMicrosoft ActiveSyncwcescomm .exe"
O4 - HKCU..Run: [LightScribe Control Panel] C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - Global Startup: Acrobat Assistant.lnk = C:Program FilesAdobeAcrobat 6.0Distillracrotray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SideACT!.lnk = C:Program FilesACTSideACT.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~3OFFICE11EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O15 - Trusted Zone: http://www.verizon.net
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:Program FilesYahoo!Commonyinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152394923109
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://lioncam2.lmu.edu/activex/AMC.cab
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} (PtClickLoan Control) - https://www.clickloan.com/CAB/PtClickLoan/1...PtClickLoan.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://na.ntrsupport.com/inquiero/mod/setu...tivex118_24.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
O23 - Service: BabelgumUpdater - Unknown owner - C:Program FilesBabelgum Playerbabelgumupdater_service.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 - Service: GhostStartService - Symantec Corporation - C:Program FilesSymantecNorton Ghost 2003GhostStartService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Unknown owner - C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:Program FilesHPQSHAREDHPQWMI.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:WINDOWSsystem32r_server.exe
O23 - Service: WinFax PRO (wfxsvc) - Unknown owner - C:WINDOWSsystem32WFXSVC.EXE (file missing)

--
End of file - 8516 bytes

Thanks, Steve

Please CC: ***@verizon.net

Latest Malwarebytes LOG:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3988

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

4/15/2010 9:14:37 AM
mbam-log-2010-04-15 (09-14-37).txt

Scan type: Quick scan
Objects scanned: 130156
Time elapsed: 10 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOTsecfileshellopencommand(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand(default) (Hijack.StartMenuInternet) -> Bad: ("C:Documents and SettingsNetworkServiceLocal SettingsApplication Dataave.exe" /START "iexplore.exe") Good: (iexplore.exe) -> Not selected for removal.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterAntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterFirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterUpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:Documents and SettingsuserLocal SettingsApplication Dataave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

No one replied, but I finally fixed all of the Malware, and Spyware.

First I ran Malwarebytes' Anti-Malware and that cleaned most of it up, but in order to remove the XP Malware Fake, I had to do a registry search for where AVE.EXE was hiding. Once I found it and deleted it that took care of that.

However, I still had my browser Google links being Hijacked, or Redirected.

I used Hitman35 to eliminate that, it was caused by a version TDL3 rootkit infection, which seems to be more of a Virus than a Malware. (it was hiding in my compbatt.sys file, not the print spooler)

Anyway, things seem fine now, I am upgrading to SP3, and have Avast totally updated.

Anyway, thanks for all the info I got from this site, I and my PC are finally clean. thumbup2.gif

Steve

Edited by myrti, 20 April 2010 - 02:39 PM.
Posts merged ~BP Removed email address ~myrti


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:23 AM

Posted 19 April 2010 - 10:31 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 StevePCFix

StevePCFix
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 19 April 2010 - 10:09 PM

Myrti,

Thanks for responding, right now I am running the recommended registry ownership recovery:

support.microsoft.com/kb/949377

When I am done, I will try to install SP3 again. If that fails, I will run your routine and report back either way.

Thanks, Steve clapping.gif

#4 StevePCFix

StevePCFix
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 20 April 2010 - 09:21 AM

Myrti,

SP3 Update almost completed, but stopped just short of finalization.

Below are the outputs you request after the SP3 update failed.

Thanks, Steve

OTL logfile created on: 4/20/2010 6:40:38 AM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\user\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.96 Gb Total Space | 33.35 Gb Free Space | 35.88% Space Free | Partition Type: NTFS
Drive D: | 117.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 93.16 Gb Total Space | 55.62 Gb Free Space | 59.71% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 149.05 Gb Total Space | 138.83 Gb Free Space | 93.15% Space Free | Partition Type: NTFS

Computer Name: REAL
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/20 06:38:06 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2010/04/14 09:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/04/14 09:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/01 10:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/11/20 07:32:28 | 000,013,624 | ---- | M] () -- C:\Program Files\Babelgum Player\babelgumupdater_service.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/08/16 11:56:00 | 000,577,597 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2005/08/16 11:54:46 | 001,269,844 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2005/05/04 01:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe
PRC - [2003/10/23 21:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2002/08/14 16:21:16 | 000,200,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
PRC - [2001/07/24 08:15:53 | 000,241,664 | ---- | M] () -- C:\WINDOWS\system32\r_server.exe


========== Modules (SafeList) ==========

MOD - [2010/04/20 06:38:06 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
MOD - [2005/08/16 11:57:18 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wfxsvc)
SRV - File not found [Disabled | Stopped] -- -- (Pantech&Curitel Utility Service)
SRV - File not found [On_Demand | Stopped] -- -- (GoogleDesktopManager-110309-193829)
SRV - [2010/04/14 09:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/04/14 09:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/04/14 09:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/09/28 20:34:22 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2008/11/20 07:32:28 | 000,013,624 | ---- | M] () [Auto | Running] -- C:\Program Files\Babelgum Player\babelgumupdater_service.exe -- (BabelgumUpdater)
SRV - [2008/08/11 13:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/08/10 20:46:18 | 000,026,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2007/02/10 06:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2007/02/10 06:29:47 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2006/11/06 16:24:36 | 003,604,480 | ---- | M] () [Disabled | Stopped] -- E:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe -- (MySQL)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/10/14 03:50:19 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/05/04 01:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe -- (MSSQL$ALAMODE)
SRV - [2005/05/03 22:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE -- (SQLAgent$ALAMODE)
SRV - [2004/10/28 07:27:32 | 000,020,545 | ---- | M] () [Disabled | Stopped] -- E:\Program Files\Apache Group\Apache\Apache.exe -- (Apache)
SRV - [2002/08/14 16:21:16 | 000,200,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService)
SRV - [2001/07/24 08:15:53 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\r_server.exe -- (r_server)


========== Driver Services (SafeList) ==========

DRV - [2010/04/14 09:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/04/14 09:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/04/14 09:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/04/14 09:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/04/14 09:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/14 09:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/03/17 13:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 13:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/28 20:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/08/11 13:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 13:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/14 00:16:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/14 00:16:22 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/14 00:16:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/14 00:16:10 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstape.sys -- (MSTAPE)
DRV - [2008/04/14 00:16:08 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/11/01 06:01:56 | 000,003,328 | ---- | M] (Famatech International Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rminiv3.sys -- (mirrorv3)
DRV - [2006/10/30 14:46:02 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2006/01/31 14:35:34 | 000,123,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/11/27 19:25:14 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2005/09/27 15:46:00 | 001,345,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/29 16:43:16 | 000,030,296 | ---- | M] (Eagletron Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\dvdriver.sys -- (DVDRIVER)
DRV - [2005/08/22 16:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 02:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/22 02:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 02:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/16 11:43:14 | 000,401,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/08/16 11:40:48 | 001,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/08/16 11:38:22 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/11 23:47:34 | 000,376,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/08/02 03:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/02 02:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/06/22 11:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/06/21 09:18:00 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/06/19 13:33:18 | 000,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/05/05 11:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 11:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/10 23:39:38 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2004/08/10 05:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/03/23 19:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2002/08/14 16:11:16 | 000,005,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec\Norton Ghost 2003\GhPciScan.sys -- (GhPciScan)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2000/03/22 22:42:24 | 000,044,192 | ---- | M] (PC-Doctor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PcdrNt.sys -- (PcdrNt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4193681508-3073026765-3661975548-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4193681508-3073026765-3661975548-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-4193681508-3073026765-3661975548-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-4193681508-3073026765-3661975548-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.stevesellsre.com/
IE - HKU\S-1-5-21-4193681508-3073026765-3661975548-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4193681508-3073026765-3661975548-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.stevesellsre.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/15 09:42:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/15 09:42:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/31 13:55:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/04/15 09:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2010/01/11 18:59:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/04/19 19:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\tnkxy8b8.default\extensions
[2010/04/15 11:05:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\tnkxy8b8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/15 09:42:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/10 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-4193681508-3073026765-3661975548-1005\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-4193681508-3073026765-3661975548-1005\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-4193681508-3073026765-3661975548-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-4193681508-3073026765-3661975548-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe File not found
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe File not found
O4 - HKU\S-1-5-21-4193681508-3073026765-3661975548-1005..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm .exe File not found
O4 - HKU\S-1-5-21-4193681508-3073026765-3661975548-1005..\Run: [Microsoft Location Finder] C:\Program Files\Microsoft Location Finder\LocationFinder.exe File not found
O4 - HKU\S-1-5-21-4193681508-3073026765-3661975548-1005..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe File not found
O4 - HKU\S-1-5-21-4193681508-3073026765-3661975548-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - HKU\S-1-5-21-4193681508-3073026765-3661975548-1005..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe File not found
O4 - HKU\S-1-5-21-4193681508-3073026765-3661975548-1005..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4193681508-3073026765-3661975548-1005..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk = C:\Program Files\ACT\SideACT.exe (Interact Commerce Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4193681508-3073026765-3661975548-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4193681508-3073026765-3661975548-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O15 - HKU\S-1-5-21-4193681508-3073026765-3661975548-1005\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-4193681508-3073026765-3661975548-1005\..Trusted Domains: verizon.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-4193681508-3073026765-3661975548-1005\..Trusted Domains: verizon.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-4193681508-3073026765-3661975548-1005\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/a/f...tualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://downloadcenter.samsung.com/content/...trolLite_EN.cab (DjVuCtl Class)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1152394923109 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www3.ca.com/securityadvisor/virusinfo/webscan.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics.lexmark.com/serval.cab (Lexmark eDiagnostics Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://lioncam2.lmu.edu/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} https://www.clickloan.com/CAB/PtClickLoan/1...PtClickLoan.cab (PtClickLoan Control)
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} http://na.ntrsupport.com/inquiero/mod/setu...tivex118_24.cab (NTR ActiveX 1.1.8)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/06 16:01:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1996/09/01 05:00:00 | 000,014,848 | R--- | M] () - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1996/09/01 05:00:00 | 000,000,049 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found
O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/12/03 14:14:27 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: HitmanPro35Crusader - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0e8d0700-75df-11d3-8b4a-0008c7450c4a} - LizardTech DjVu Activex Control
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.avis - C:\WINDOWS\System32\ff_acm.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave5 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/20 06:39:06 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2010/04/19 21:44:07 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010/04/19 21:44:06 | 001,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/04/19 21:43:42 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2010/04/19 21:43:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2010/04/19 21:43:41 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2010/04/19 21:43:33 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2010/04/19 21:43:33 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010/04/19 21:43:32 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2010/04/19 21:43:32 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010/04/19 21:43:32 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2010/04/19 21:43:32 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2010/04/19 21:43:32 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2010/04/19 21:43:32 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/04/19 21:43:30 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010/04/19 21:43:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010/04/19 21:43:30 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010/04/19 21:43:30 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010/04/19 21:43:30 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010/04/19 21:43:30 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010/04/19 21:43:29 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010/04/19 21:43:28 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010/04/19 21:43:27 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010/04/19 21:43:27 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010/04/19 21:43:27 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010/04/19 21:43:27 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010/04/19 21:43:27 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010/04/19 21:43:27 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010/04/19 21:43:27 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010/04/19 21:43:25 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2010/04/19 21:43:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010/04/19 21:43:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010/04/19 21:43:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010/04/19 21:43:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010/04/19 21:43:20 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010/04/19 21:43:20 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010/04/19 21:43:20 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010/04/19 21:43:20 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010/04/19 21:43:20 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010/04/19 21:43:17 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2010/04/19 21:43:17 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010/04/19 21:43:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010/04/19 21:43:17 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010/04/19 21:43:17 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010/04/19 21:43:17 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010/04/19 21:43:16 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2010/04/19 21:43:16 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010/04/19 21:43:14 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2010/04/19 21:43:14 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010/04/19 21:43:14 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010/04/19 21:43:14 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010/04/19 21:43:14 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2010/04/19 21:43:14 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010/04/19 21:43:14 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010/04/19 21:43:14 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010/04/19 21:43:13 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2010/04/19 21:43:13 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2010/04/19 21:43:13 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2010/04/19 21:43:13 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2010/04/19 21:43:10 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010/04/19 21:43:05 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010/04/19 21:43:02 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2010/04/19 21:33:56 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010/04/19 21:33:56 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010/04/19 21:33:56 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010/04/19 21:33:56 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010/04/19 21:33:56 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010/04/19 21:33:56 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010/04/19 21:33:56 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010/04/19 21:33:55 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010/04/19 21:33:55 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/04/19 21:33:55 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010/04/19 21:33:55 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/04/19 21:33:55 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010/04/19 21:33:55 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/04/19 21:33:55 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010/04/19 21:33:55 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010/04/19 21:33:55 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010/04/19 21:33:55 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010/04/19 21:33:55 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010/04/19 21:33:55 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010/04/19 21:33:55 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010/04/19 21:33:55 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010/04/19 21:33:55 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010/04/19 21:33:55 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010/04/19 21:33:54 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/04/19 21:33:54 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/04/19 21:33:54 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/04/19 21:33:54 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/04/19 21:33:54 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010/04/19 21:33:54 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010/04/19 21:33:54 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010/04/19 21:33:54 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010/04/19 21:33:54 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010/04/19 21:33:54 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010/04/19 21:33:53 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2010/04/19 21:33:53 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010/04/19 21:33:51 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010/04/19 21:33:50 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010/04/19 21:33:50 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010/04/19 21:33:50 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010/04/19 21:33:50 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010/04/19 21:33:50 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010/04/19 21:33:50 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010/04/19 21:33:49 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010/04/19 21:33:49 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010/04/19 21:33:49 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010/04/19 21:33:49 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010/04/19 21:33:49 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010/04/19 21:33:48 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010/04/19 21:33:48 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010/04/19 21:33:48 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2010/04/19 21:33:47 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010/04/19 21:33:47 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010/04/19 21:33:47 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010/04/19 21:33:47 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010/04/19 21:33:47 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010/04/19 21:33:47 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010/04/19 21:24:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/04/19 21:07:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/04/19 21:02:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
[2010/04/19 19:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2010/04/16 12:36:57 | 000,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2010/04/16 12:36:45 | 002,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp2res.dll
[2010/04/16 12:36:45 | 002,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005536_.tmp.dll
[2010/04/16 12:36:43 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010/04/16 12:36:42 | 000,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005537_.tmp.dll
[2010/04/16 12:36:28 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2010/04/16 12:36:15 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2010/04/16 12:35:32 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005529_.tmp.dll
[2010/04/16 12:35:32 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005534_.tmp.dll
[2010/04/16 12:35:32 | 000,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autoconv.exe
[2010/04/16 12:35:32 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2010/04/16 12:35:32 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005528_.tmp.dll
[2010/04/16 12:35:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005527_.tmp.dll
[2010/04/16 12:35:32 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2010/04/16 12:35:32 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe
[2010/04/16 12:35:31 | 000,986,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005521_.tmp.dll
[2010/04/16 12:35:31 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005522_.tmp.dll
[2010/04/16 12:35:31 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\desk.cpl
[2010/04/16 12:35:31 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005526_.tmp.dll
[2010/04/16 12:35:31 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005525_.tmp.dll
[2010/04/16 12:35:31 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe
[2010/04/16 12:35:31 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\format.com
[2010/04/16 12:35:31 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005520_.tmp.dll
[2010/04/16 12:35:30 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll
[2010/04/16 12:35:30 | 000,724,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005517_.tmp.dll
[2010/04/16 12:35:30 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005519_.tmp.dll
[2010/04/16 12:35:30 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\localspl.dll
[2010/04/16 12:35:30 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mgmtapi.dll
[2010/04/16 12:35:30 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005516_.tmp.dll
[2010/04/16 12:35:29 | 000,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005512_.tmp.dll
[2010/04/16 12:35:29 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005507_.tmp.dll
[2010/04/16 12:35:29 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2010/04/16 12:35:29 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nwprovau.dll
[2010/04/16 12:35:29 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005514_.tmp.dll
[2010/04/16 12:35:29 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntprint.dll
[2010/04/16 12:35:29 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe
[2010/04/16 12:35:29 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfctrs.dll
[2010/04/16 12:35:29 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005506_.tmp.dll
[2010/04/16 12:35:29 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecnv32.dll
[2010/04/16 12:35:29 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005515_.tmp.dll
[2010/04/16 12:35:29 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntlsapi.dll
[2010/04/16 12:35:29 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005511_.tmp.dll
[2010/04/16 12:35:28 | 001,850,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005416_.tmp.dll
[2010/04/16 12:35:28 | 001,845,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2010/04/16 12:35:28 | 000,990,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\syssetup.dll
[2010/04/16 12:35:28 | 000,983,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005473_.tmp.dll
[2010/04/16 12:35:28 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasdlg.dll
[2010/04/16 12:35:28 | 000,657,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005498_.tmp.dll
[2010/04/16 12:35:28 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samsrv.dll
[2010/04/16 12:35:28 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005488_.tmp.dll
[2010/04/16 12:35:28 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\untfs.dll
[2010/04/16 12:35:28 | 000,275,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ulib.dll
[2010/04/16 12:35:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasapi32.dll
[2010/04/16 12:35:28 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005503_.tmp.dll
[2010/04/16 12:35:28 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005478_.tmp.dll
[2010/04/16 12:35:28 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005404_.tmp.dll
[2010/04/16 12:35:28 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005396_.tmp.dll
[2010/04/16 12:35:28 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005475_.tmp.dll
[2010/04/16 12:35:28 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32spl.dll
[2010/04/16 12:35:28 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005415_.tmp.dll
[2010/04/16 12:35:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005469_.tmp.dll
[2010/04/16 12:35:28 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005500_.tmp.dll
[2010/04/16 12:35:28 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005489_.tmp.dll
[2010/04/16 12:35:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasman.dll
[2010/04/16 12:35:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005497_.tmp.dll
[2010/04/16 12:35:28 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005496_.tmp.dll
[2010/04/16 12:35:28 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rastapi.dll
[2010/04/16 12:35:28 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\1394bus.sys
[2010/04/16 12:35:28 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005470_.tmp.dll
[2010/04/16 12:35:28 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\61883.sys
[2010/04/16 12:35:28 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmonui.dll
[2010/04/16 12:35:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2010/04/16 12:35:27 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys
[2010/04/16 12:35:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\avc.sys
[2010/04/16 12:35:27 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys
[2010/04/16 12:35:27 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2010/04/16 12:35:27 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\avcstrm.sys
[2010/04/16 12:35:26 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys
[2010/04/16 12:35:26 | 000,071,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\_005359_.tmp.dll
[2010/04/16 12:35:26 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2010/04/16 12:35:26 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys
[2010/04/16 12:35:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys
[2010/04/16 12:35:26 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys
[2010/04/16 12:35:26 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys
[2010/04/16 12:35:25 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2010/04/16 12:35:25 | 000,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys
[2010/04/16 12:35:25 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2010/04/16 12:35:25 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstape.sys
[2010/04/16 12:35:24 | 000,202,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys
[2010/04/16 12:35:24 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2010/04/16 12:35:24 | 000,096,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys
[2010/04/16 12:35:24 | 000,088,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys
[2010/04/16 12:35:24 | 000,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys
[2010/04/16 12:35:24 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys
[2010/04/16 12:35:24 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2010/04/16 12:35:23 | 000,225,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2010/04/16 12:35:23 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys
[2010/04/16 12:35:23 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys
[2010/04/16 12:35:23 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2010/04/16 12:35:23 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys
[2010/04/16 12:35:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys
[2010/04/16 12:35:23 | 000,025,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys
[2010/04/16 12:35:23 | 000,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys
[2010/04/16 12:35:23 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys
[2010/04/16 12:35:23 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys
[2010/04/16 12:35:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys
[2010/04/16 12:35:22 | 002,188,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2010/04/16 12:35:22 | 002,065,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2010/04/16 12:35:22 | 000,131,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\HAL.DLL
[2010/04/16 12:35:22 | 000,081,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys
[2010/04/16 11:55:06 | 005,650,240 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\user\Desktop\HitmanPro35.exe
[2010/04/15 12:01:42 | 002,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005501_.tmp.dll
[2010/04/15 12:01:34 | 000,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005502_.tmp.dll
[2010/04/15 12:00:02 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005494_.tmp.dll
[2010/04/15 12:00:02 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005499_.tmp.dll
[2010/04/15 12:00:02 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005493_.tmp.dll
[2010/04/15 12:00:02 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005491_.tmp.dll
[2010/04/15 12:00:02 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005490_.tmp.dll
[2010/04/15 12:00:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005492_.tmp.dll
[2010/04/15 12:00:01 | 000,986,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005486_.tmp.dll
[2010/04/15 12:00:01 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005484_.tmp.dll
[2010/04/15 12:00:01 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005487_.tmp.dll
[2010/04/15 12:00:01 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005485_.tmp.dll
[2010/04/15 11:59:57 | 000,724,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005482_.tmp.dll
[2010/04/15 11:59:57 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005479_.tmp.dll
[2010/04/15 11:59:57 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005481_.tmp.dll
[2010/04/15 11:59:56 | 000,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005477_.tmp.dll
[2010/04/15 11:59:56 | 000,657,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005464_.tmp.dll
[2010/04/15 11:59:56 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005472_.tmp.dll
[2010/04/15 11:59:56 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005468_.tmp.dll
[2010/04/15 11:59:56 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005467_.tmp.dll
[2010/04/15 11:59:56 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005471_.tmp.dll
[2010/04/15 11:59:56 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005476_.tmp.dll
[2010/04/15 11:59:55 | 001,850,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005389_.tmp.dll
[2010/04/15 11:59:55 | 000,983,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005438_.tmp.dll
[2010/04/15 11:59:55 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005453_.tmp.dll
[2010/04/15 11:59:55 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005444_.tmp.dll
[2010/04/15 11:59:55 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005442_.tmp.dll
[2010/04/15 11:59:55 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005386_.tmp.dll
[2010/04/15 11:59:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005434_.tmp.dll
[2010/04/15 11:59:55 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005459_.tmp.dll
[2010/04/15 11:59:55 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005462_.tmp.dll
[2010/04/15 11:59:55 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005461_.tmp.dll
[2010/04/15 11:59:55 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005437_.tmp.dll
[2010/04/15 11:59:54 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005385_.tmp.dll
[2010/04/15 11:59:54 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005382_.tmp.dll
[2010/04/15 11:59:53 | 000,071,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\_005351_.tmp.dll
[2010/04/15 11:13:14 | 000,029,408 | ---- | C] (Famatech LLC) -- C:\WINDOWS\System32\raddrv.dll
[2010/04/15 11:06:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Downloads
[2010/04/15 09:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\RegFixsXPMalware
[2010/04/15 09:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Mozilla
[2010/04/15 09:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/04/14 22:21:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\HiJackInstall
[2010/04/14 22:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\DDS_LinkRemover
[2010/04/14 21:39:31 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/04/14 21:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\log
[2010/04/14 21:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\RootKitBuster
[2010/04/14 21:33:50 | 000,532,480 | ---- | C] (Trend Micro Incorporated) -- C:\Documents and Settings\user\Desktop\cwshredder.exe
[2010/04/14 20:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\April2010HighJackLog
[2010/04/14 19:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/14 19:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/14 19:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/14 12:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2010/04/14 12:38:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/14 12:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/14 12:38:38 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/14 12:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/14 12:37:58 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\mbam-setup.exe
[2010/04/14 11:54:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/14 11:52:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/14 11:52:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/14 11:52:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/14 11:52:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/14 11:52:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/14 11:52:38 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2010/04/14 11:52:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/14 10:58:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Threat Expert
[2010/04/14 10:40:18 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/04/14 10:37:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/14 10:37:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/04/13 20:56:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/13 20:56:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/04/13 20:56:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/04/13 20:56:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/04/13 20:47:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/04/13 20:40:40 | 002,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005465_.tmp.dll
[2010/04/13 20:40:35 | 000,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005466_.tmp.dll
[2010/04/13 20:39:47 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2010/04/13 20:39:44 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005458_.tmp.dll
[2010/04/13 20:39:44 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005463_.tmp.dll
[2010/04/13 20:39:44 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005457_.tmp.dll
[2010/04/13 20:39:44 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005455_.tmp.dll
[2010/04/13 20:39:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005456_.tmp.dll
[2010/04/13 20:39:43 | 000,986,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005450_.tmp.dll
[2010/04/13 20:39:43 | 000,724,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005446_.tmp.dll
[2010/04/13 20:39:43 | 000,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005441_.tmp.dll
[2010/04/13 20:39:43 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005448_.tmp.dll
[2010/04/13 20:39:43 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005451_.tmp.dll
[2010/04/13 20:39:43 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005443_.tmp.dll
[2010/04/13 20:39:43 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005454_.tmp.dll
[2010/04/13 20:39:43 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005445_.tmp.dll
[2010/04/13 20:39:43 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005449_.tmp.dll
[2010/04/13 20:39:43 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005440_.tmp.dll
[2010/04/13 20:39:42 | 000,983,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005401_.tmp.dll
[2010/04/13 20:39:42 | 000,657,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005430_.tmp.dll
[2010/04/13 20:39:42 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005436_.tmp.dll
[2010/04/13 20:39:42 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005422_.tmp.dll
[2010/04/13 20:39:42 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005432_.tmp.dll
[2010/04/13 20:39:42 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005409_.tmp.dll
[2010/04/13 20:39:42 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005406_.tmp.dll
[2010/04/13 20:39:42 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005399_.tmp.dll
[2010/04/13 20:39:42 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005431_.tmp.dll
[2010/04/13 20:39:42 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005423_.tmp.dll
[2010/04/13 20:39:42 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005427_.tmp.dll
[2010/04/13 20:39:42 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005425_.tmp.dll
[2010/04/13 20:39:42 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005400_.tmp.dll
[2010/04/13 20:39:42 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005435_.tmp.dll
[2010/04/13 20:39:41 | 001,850,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005376_.tmp.dll
[2010/04/13 20:39:41 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005374_.tmp.dll
[2010/04/13 20:39:41 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005373_.tmp.dll
[2010/04/13 20:39:41 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_005375_.tmp.dll
[2010/04/13 20:39:40 | 000,071,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\_005343_.tmp.dll
[2010/04/13 20:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/04/13 08:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/13 08:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\avG
[2010/04/07 22:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/07 22:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/07 22:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/01/19 18:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/12/18 15:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/12/07 23:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2009/02/23 21:46:29 | 000,098,304 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoLicense.dll
[2009/02/23 21:46:29 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoPAX.dll
[2007/09/07 15:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/08/24 07:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2007/07/09 13:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/07/09 13:46:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/07/01 01:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2006/11/26 16:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Share-to-Web Upload Folder
[2006/11/26 15:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Share-to-Web Upload Folder
[2006/07/15 14:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2006/05/26 15:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/05/04 10:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/01/03 11:51:06 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1018 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/20 06:45:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/04/20 06:38:06 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2010/04/20 06:25:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/20 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/04/20 05:45:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/04/20 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/04/20 04:45:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/04/20 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/04/20 03:45:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/04/20 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/04/20 03:00:00 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2010/04/20 02:45:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/04/20 02:00:03 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/20 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/04/20 01:45:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/04/20 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/04/20 00:45:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/04/20 00:09:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/04/19 23:45:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/04/19 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/04/19 23:00:00 | 000,000,192 | ---- | M] () -- C:\WINDOWS\tasks\Defrag C.job
[2010/04/19 22:45:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/04/19 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/04/19 21:45:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/04/19 21:33:18 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/19 21:07:18 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/19 21:06:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/19 21:06:14 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[2010/04/19 21:06:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/19 21:04:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/19 21:04:17 | 000,379,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/19 21:04:16 | 2145,636,352 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/19 21:02:36 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\user\NTUSER.DAT
[2010/04/19 21:02:36 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/04/19 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/04/19 20:45:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/04/19 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/04/19 19:50:38 | 000,000,527 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Reset.cmd
[2010/04/19 19:45:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/04/19 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/04/19 18:45:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/04/19 18:10:02 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/19 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/04/19 16:45:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/04/19 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/04/19 14:45:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/04/19 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/04/19 13:45:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/04/19 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/04/19 12:45:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/04/19 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/04/19 11:45:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/04/19 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/04/19 10:45:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/04/19 10:11:50 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 6.0 Professional.lnk
[2010/04/16 13:24:05 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/16 13:23:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/16 13:23:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/16 13:08:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/16 12:10:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/16 12:05:24 | 000,000,944 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/04/16 12:05:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\compbatt.vir
[2010/04/16 11:56:47 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/16 11:56:42 | 005,650,240 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\user\Desktop\HitmanPro35.exe
[2010/04/16 10:14:29 | 000,001,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/15 12:44:31 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/15 09:45:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/04/15 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/04/15 08:45:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/04/15 08:31:30 | 000,013,814 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\TcP0eIPn2W
[2010/04/15 08:31:30 | 000,013,814 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\TcP0eIPn2W
[2010/04/15 08:22:29 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\user\Desktop\HijackThis.lnk
[2010/04/15 08:18:44 | 000,013,814 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3768234786
[2010/04/15 08:18:43 | 000,013,814 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\3768234786
[2010/04/14 22:57:58 | 002,001,402 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/04/14 22:16:29 | 000,013,814 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\757469097
[2010/04/14 22:16:11 | 000,013,810 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\757469097
[2010/04/14 22:10:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/14 21:39:31 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/04/14 21:33:51 | 000,532,480 | ---- | M] (Trend Micro Incorporated) -- C:\Documents and Settings\user\Desktop\cwshredder.exe
[2010/04/14 12:38:43 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/14 12:38:10 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\mbam-setup.exe
[2010/04/14 11:54:56 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/04/14 11:45:40 | 003,915,740 | R--- | M] () -- C:\Documents and Settings\user\Desktop\Combo-Fix.exe
[2010/04/14 11:15:08 | 000,103,480 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/14 11:07:01 | 005,154,304 | ---- | M] () -- C:\Documents and Settings\user\Desktop\WindowsDefender.msi
[2010/04/14 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/04/14 09:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/14 09:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/14 09:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/14 09:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/14 09:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/14 09:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/14 09:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/14 09:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/14 09:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/14 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/04/13 21:01:45 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/04/13 21:01:45 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/04/13 21:01:45 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/04/13 21:01:45 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/04/13 21:01:45 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/04/13 21:01:45 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/04/13 08:15:04 | 000,045,052 | ---- | M] () -- C:\WINDOWS\alaRedun.ini
[2010/04/13 08:15:01 | 000,003,065 | ---- | M] () -- C:\WINDOWS\alamode.ini
[2010/04/13 08:11:40 | 000,008,862 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\aB6G3tn
[2010/04/13 06:37:38 | 000,008,886 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\3343451037
[2010/04/12 18:37:32 | 000,008,842 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\2546637594
[2010/04/11 20:27:51 | 000,001,011 | ---- | M] () -- C:\WINDOWS\winpoint.ini
[2010/04/09 08:58:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/08 09:20:57 | 000,000,064 | ---- | M] () -- C:\Documents and Settings\user\My Documents\SteveContacts2007Outlook.ldb
[2010/04/06 22:48:36 | 000,040,693 | ---- | M] () -- C:\Documents and Settings\user\Desktop\4249NewdaleDrMap.pdf
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 09:47:32 | 000,017,900 | ---- | M] () -- C:\Documents and Settings\user\Desktop\1004MC_1411N.HayworthCDO_U30.pdf
[2010/03/29 09:46:43 | 002,280,448 | ---- | M] () -- C:\Documents and Settings\user\Desktop\1004MC_1411N.HayworthCDO_U30.xls
[2010/03/29 09:35:40 | 000,798,910 | ---- | M] () -- C:\Documents and Settings\user\Desktop\FullCondo.csv
[2010/03/29 09:33:22 | 002,280,448 | ---- | M] () -- C:\Documents and Settings\user\Desktop\1004MC_1411N.HayworthSFR_U30.xls
[2010/03/29 09:25:50 | 001,318,400 | ---- | M] () -- C:\Documents and Settings\user\Desktop\1004MC_50Thicket_U115.xls
[2010/03/29 09:22:10 | 000,784,880 | ---- | M] () -- C:\Documents and Settings\user\Desktop\FullSFR.csv
[2010/03/28 15:50:44 | 000,244,774 | ---- | M] () -- C:\Documents and Settings\user\Desktop\10338069.cab
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1018 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/19 21:33:54 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/04/19 21:33:53 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/04/19 21:33:50 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/04/19 19:50:38 | 000,000,527 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Reset.cmd
[2010/04/19 16:33:56 | 197,084,160 | ---- | C] () -- C:\Documents and Settings\user\Desktop\OutlookOld1.pst
[2010/04/19 10:11:50 | 000,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 6.0 Professional.lnk
[2010/04/16 12:05:24 | 000,000,944 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/04/16 12:05:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\compbatt.vir
[2010/04/16 11:56:10 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/16 10:14:29 | 000,001,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/15 11:13:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\admdll.dll
[2010/04/15 08:22:29 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\user\Desktop\HijackThis.lnk
[2010/04/14 22:16:25 | 000,013,814 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\757469097
[2010/04/14 22:16:09 | 000,013,814 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\3768234786
[2010/04/14 22:16:09 | 000,013,810 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\757469097
[2010/04/14 22:11:34 | 000,013,814 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\TcP0eIPn2W
[2010/04/14 22:11:34 | 000,013,814 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3768234786
[2010/04/14 22:10:45 | 000,013,814 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\TcP0eIPn2W
[2010/04/14 19:17:05 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/14 12:38:43 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/14 11:54:56 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/04/14 11:54:48 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/14 11:52:59 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/14 11:52:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/14 11:52:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/14 11:52:59 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/14 11:52:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/14 11:45:35 | 003,915,740 | R--- | C] () -- C:\Documents and Settings\user\Desktop\Combo-Fix.exe
[2010/04/14 11:06:50 | 005,154,304 | ---- | C] () -- C:\Documents and Settings\user\Desktop\WindowsDefender.msi
[2010/04/13 21:31:58 | 000,071,170 | ---- | C] () -- C:\WINDOWS\Fonts\qMW6f.com_
[2010/04/12 18:37:19 | 000,008,886 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\3343451037
[2010/04/12 18:37:19 | 000,008,842 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\2546637594
[2010/04/12 12:50:40 | 000,008,862 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\aB6G3tn
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/04/12 12:26:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/04/12 12:24:57 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/04/07 22:56:42 | 000,045,052 | ---- | C] () -- C:\WINDOWS\alaRedun.ini
[2010/04/07 22:26:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/06 22:48:36 | 000,040,693 | ---- | C] () -- C:\Documents and Settings\user\Desktop\4249NewdaleDrMap.pdf
[2010/03/29 09:47:32 | 000,017,900 | ---- | C] () -- C:\Documents and Settings\user\Desktop\1004MC_1411N.HayworthCDO_U30.pdf
[2010/03/29 09:46:42 | 002,280,448 | ---- | C] () -- C:\Documents and Settings\user\Desktop\1004MC_1411N.HayworthCDO_U30.xls
[2010/03/29 09:37:07 | 000,798,910 | ---- | C] () -- C:\Documents and Settings\user\Desktop\FullCondo.csv
[2010/03/29 09:33:21 | 002,280,448 | ---- | C] () -- C:\Documents and Settings\user\Desktop\1004MC_1411N.HayworthSFR_U30.xls
[2010/03/29 09:25:50 | 001,318,400 | ---- | C] () -- C:\Documents and Settings\user\Desktop\1004MC_50Thicket_U115.xls
[2010/03/29 09:23:34 | 000,784,880 | ---- | C] () -- C:\Documents and Settings\user\Desktop\FullSFR.csv
[2010/03/28 15:50:42 | 000,244,774 | ---- | C] () -- C:\Documents and Settings\user\Desktop\10338069.cab
[2010/03/22 10:09:53 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\user\My Documents\SteveContacts2007Outlook.ldb
[2010/03/20 20:17:54 | 000,161,108 | ---- | C] () -- C:\Documents and Settings\user\.recently-used.xbel
[2010/02/14 22:07:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/11/29 21:04:16 | 000,000,292 | ---- | C] () -- C:\Documents and Settings\user\.JavaPowUpload.properties
[2009/10/08 10:37:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/10/07 23:26:01 | 000,000,104 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2009/08/01 15:36:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ZeniVideoSdk.dll
[2009/08/01 15:36:37 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\CameraType.dll
[2009/07/23 09:14:12 | 000,000,084 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2009/07/23 08:49:52 | 000,000,269 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2009/05/14 15:29:30 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/04/21 21:47:01 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/21 21:47:01 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/02/27 18:36:19 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Mercury.ini
[2009/02/23 21:46:43 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\TX32.dll
[2009/02/23 21:46:43 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2009/02/23 21:46:42 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\PAXMeta.dll
[2009/02/23 21:46:42 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\SmaRTEng.dll
[2009/02/23 21:46:42 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P2kDesk.dll
[2009/02/23 21:46:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\fmt_jb2.dll
[2009/02/23 21:46:30 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\fmt_xcx.dll
[2009/02/23 21:46:30 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\fmt_xmf.dll
[2009/02/23 21:46:30 | 000,000,313 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2009/02/23 21:46:29 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\AXF_AXS.dll
[2009/02/23 21:46:29 | 000,220,160 | ---- | C] () -- C:\WINDOWS\System32\Carcla30.dll
[2009/02/23 21:46:29 | 000,204,864 | ---- | C] () -- C:\WINDOWS\System32\AtxWrap.dll
[2009/02/23 21:46:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\DeskSkt.dll
[2009/02/23 21:46:29 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DP2kFrms.dll
[2009/02/23 21:46:28 | 001,159,168 | ---- | C] () -- C:\WINDOWS\System32\alaMFC2.dll
[2009/02/23 21:46:28 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\alaMapi.dll
[2009/02/23 21:46:28 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ala32.dll
[2009/02/23 21:46:28 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch2.dll
[2009/02/23 21:46:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch.dll
[2009/02/23 21:46:28 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\alavistautils.dll
[2009/02/23 21:43:27 | 000,003,065 | ---- | C] () -- C:\WINDOWS\alamode.ini
[2009/02/06 11:42:12 | 000,000,402 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/09/24 08:34:12 | 000,061,224 | ---- | C] () -- C:\Documents and Settings\user\GoToAssistDownloadHelper.exe
[2008/08/03 18:06:02 | 000,038,472 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Comma Separated Values (DOS).ADR
[2008/07/15 16:38:25 | 000,023,722 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft Access.ADR
[2008/07/14 08:53:24 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\user\g2mdlhlpx.exe
[2008/04/02 11:34:24 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\nett12.dll
[2007/12/16 21:32:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Tb2Desk.INI
[2007/12/13 14:07:43 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
[2007/12/13 14:07:43 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
[2007/12/13 12:31:54 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/12/13 12:31:54 | 000,000,293 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/12/13 12:31:52 | 000,000,258 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2007/09/15 09:08:04 | 000,000,215 | ---- | C] () -- C:\WINDOWS\STRYBORD.INI
[2007/08/24 11:50:24 | 000,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2007/08/24 11:50:24 | 000,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2007/07/15 11:36:08 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/06/02 20:21:35 | 000,003,679 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/27 09:17:31 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\d3d9caps.dat
[2007/03/15 12:10:15 | 001,187,840 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2007/03/13 09:49:53 | 000,042,387 | ---- | C] () -- C:\WINDOWS\php.ini
[2007/01/30 13:23:32 | 000,001,011 | ---- | C] () -- C:\WINDOWS\winpoint.ini
[2006/12/28 14:33:09 | 000,001,290 | ---- | C] () -- C:\WINDOWS\V3DATMCP.INI
[2006/12/27 15:05:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/12/18 16:18:03 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\user\presets.ini
[2006/11/26 10:39:53 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2006/11/26 10:39:53 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2006/11/26 10:39:53 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2006/11/26 10:39:53 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2006/11/10 10:56:26 | 000,008,179 | ---- | C] () -- C:\WINDOWS\lviewp.ini
[2006/11/03 15:30:43 | 000,006,688 | ---- | C] () -- C:\WINDOWS\FX_METER.DLL
[2006/08/28 14:59:09 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[2006/08/12 08:45:56 | 000,038,250 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft Excel.ADR
[2006/07/26 15:56:34 | 000,000,179 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2006/07/22 15:58:07 | 000,038,473 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Comma Separated Values (Windows).ADR
[2006/07/07 07:53:31 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\ProxySettings.ini
[2006/05/26 10:49:23 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\user\LuResult.txt
[2006/05/07 13:48:36 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2006/05/07 13:20:16 | 000,092,160 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/05 15:30:50 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\user\Application Data\$_hpcst$.hpc
[2006/05/02 21:18:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/01 15:07:57 | 000,004,052 | ---- | C] () -- C:\WINDOWS\unwise32.ini
[2006/05/01 15:07:56 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\BOCOF.DLL
[2006/05/01 12:06:26 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2006/05/01 12:06:24 | 010,223,616 | ---- | C] () -- C:\Documents and Settings\user\NTUSER.DAT
[2006/05/01 12:06:24 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\user\ntuser.dat.LOG
[2006/05/01 12:06:24 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\user\ntuser.ini
[2006/05/01 12:05:25 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2006/05/01 12:05:25 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2006/01/03 12:21:29 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/01/03 12:21:29 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/01/03 12:21:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/01/03 12:21:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/01/03 12:21:29 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/01/03 12:21:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/01/03 12:06:07 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/17 10:39:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/17 10:21:06 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/16 11:45:36 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/07/01 04:47:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 05:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_005411_.tmp.dll
[2004/08/10 05:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_005379_.tmp.dll
[2004/08/09 21:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/12 21:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/03/26 06:19:44 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBLLCNP.DLL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/13 07:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxblvs.dll
[2002/05/15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/09/16 19:25:58 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\fncenv.dll
[1999/10/13 16:59:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\gns2kzip.dll
[1999/03/18 10:58:26 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1999/03/17 15:42:24 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2005/07/25 21:39:44 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[1018 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/10 00:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010/04/13 20:39:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/10 05:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 00:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/04/13 20:39:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/10 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] () MD5=6C476D33D82F1054849790181E8F7772 -- C:\RECYCLER\S-1-5-21-4193681508-3073026765-3661975548-1005\Dc535\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] () MD5=6C476D33D82F1054849790181E8F7772 -- C:\RECYCLER\S-1-5-21-4193681508-3073026765-3661975548-1005\Dc566\SP2QFE\netlogon.dll
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

==============

OTL Extras logfile created on: 4/20/2010 6:40:38 AM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\user\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.96 Gb Total Space | 33.35 Gb Free Space | 35.88% Space Free | Partition Type: NTFS
Drive D: | 117.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 93.16 Gb Total Space | 55.62 Gb Free Space | 59.71% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 149.05 Gb Total Space | 138.83 Gb Free Space | 93.15% Space Free | Partition Type: NTFS

Computer Name: REAL
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE File not found
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE File not found
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found

[HKEY_USERS\S-1-5-21-4193681508-3073026765-3661975548-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 File not found
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 File not found
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 File not found
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 File not found
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" File not found
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"21:TCP" = 21:TCP:*:Enabled:FTP
"23:TCP" = 23:TCP:*:Enabled:Telnet
"25:TCP" = 25:TCP:*:Enabled:SMTP
"79:TCP" = 79:TCP:*:Enabled:Finger
"110:TCP" = 110:TCP:*:Enabled:POP3
"143:TCP" = 143:TCP:*:Enabled:IMap
"443:TCP" = 443:TCP:*:Enabled:HTTPS
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- File not found
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe" = C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe:*:Enabled:Sprite Backup PC Service -- File not found
"C:\Program Files\Tarasoft\Titan\Titan.exe" = C:\Program Files\Tarasoft\Titan\Titan.exe:*:Enabled:Titan -- File not found
"C:\Program Files\TurboNote\tbnote.exe" = C:\Program Files\TurboNote\tbnote.exe:*:Enabled:TurboNote v3.4 -- (SPIS Ltd, New Zealand)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- File not found
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\BlueKite\Client\bkclient.exe" = C:\Program Files\BlueKite\Client\bkclient.exe:*:Enabled:BlueKite -- File not found
"C:\Program Files\Packet8 Softalk\Softalk\Softalk.exe" = C:\Program Files\Packet8 Softalk\Softalk\Softalk.exe:*:Enabled:Packet8 Softalk -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- File not found
"C:\WINDOWS\LMI86.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI86.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- File not found
"C:\Program Files\a la mode\Sched\eSched.exe" = C:\Program Files\a la mode\Sched\eSched.exe:*:Enabled:a la mode Assistant -- File not found
"C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe" = C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe:*:Enabled:Aurora MSDE Database -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A5E0E3D-0BAA-4F8B-9403-BF2579E53C74}" = db4o 7.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 18
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2D07422C-CA35-375A-A3A8-3631AB85BFE5}" = Microsoft Visual C# 2008 Express Edition - ENU
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34383EFC-226E-477C-888C-AA52B3ED8E96}" = IMiN Communicator Client
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AE242D6-608E-4067-8BC1-89B8A957A531}" = OverDrive Media Console
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 C1
"{43A6AA2A-74B5-4E1C-91DB-ECB2F99D9ED7}" = HP User Guides 0008
"{45A3AB0D-BAE9-45B7-A582-F48AA9F06368}" = CDInterface Studio 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{534AA552-E1F1-4965-B2AA-FBDEB0730D60}" = muvee autoProducer 4.0 - SE
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5D29A4EF-A57F-4F47-89F8-4EB3C5302A53}" = Apache HTTP Server 1.3.33
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6975E810-C92F-45F0-0BFD-187B312F10E8}" = Norton Ghost
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{873D68B3-EDE5-4DFD-85AC-FFC430FB7EE2}" = Form Viewer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}" = Microsoft Location Finder
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{ABC5404F-F0F3-4221-8DB9-5D34DD866E50}" = Sprite Backup
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BF493FC0-48B9-45C1-A482-EF04813926BB}" = Point 6.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4C261A-B915-4F23-BD23-7E1AE5713B4E}" = Vz In Home Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 D2
"{D0B535CD-9584-4F96-8CDE-7321A5E257F4}" = HomePuter® FPS v4.4
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2E72DA1-C1F9-4620-BE26-F0CE53FA5C54}" = HomePuter® PhotoPage v4.4
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}" = Virtual Earth 3D (Beta)
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (ALAMODE)
"{E15292AA-7219-4DE0-AA10-9CACE639D9FC}" = Fidelity Title Bottomline
"{E281DA50-2F21-11DD-BD0B-0800200C9A66}" = Screencaster Plug-in for IE
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EB371786-9449-4ED8-B47A-032467A58CAD}" = CamStudio
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F4FA693E-8B77-405A-B3B0-607615656FFC}" = VistaPro4
"{F751F153-0D23-4ED5-85D5-BAE46893D1F9}" = Point
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FF2705ED-8734-417D-A854-4EA3F679CCC5}" = MySQL Server 4.1
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = TIxx21
"Access 2000 Bible" = Access 2000 Bible
"ACT!" = ACT!
"Adobe Acrobat Reader for Pocket PC 1.0" = Adobe Acrobat Reader for Pocket PC 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Apex Medina v4 Appraiser" = Apex Medina v4 Appraiser
"ATI Display Driver" = ATI Display Driver
"Atomic PDF Password Recovery_is1" = Atomic PDF Password Recovery 1.51
"avast5" = avast! Free Antivirus
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Babelgum Player" = Babelgum
"Canon MP210 series User Registration" = Canon MP210 series User Registration
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"CoffeeCup Visual Site Designer Software" = CoffeeCup Visual Site Designer Software
"eKEY" = eKEY
"Family Lawyer 99" = Family Lawyer '99
"ffdshow_is1" = ffdshow [rev 2844] [2009-03-30]
"FileZilla Client" = FileZilla Client 3.0.11
"FreeUndelete" = FreeUndelete
"FTP" = FTP for Pocket PC 2002
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Google Video Uploader" = Google Video Uploader
"HandBrake" = HandBrake 0.9.3
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"HitmanPro35" = Hitman Pro 3.5
"HP Photo Imaging Software" = HP Photo Imaging Software
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"InstallShield_{EB371786-9449-4ED8-B47A-032467A58CAD}" = CamStudio
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = Texas Instruments PCIxx21/x515 drivers.
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C# 2008 Express Edition - ENU" = Microsoft Visual C# 2008 Express Edition - ENU
"MobileTalk" = MobileTalk
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"MVApplication1" = SureThing CD Labeler 4 SE
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NFOlux" = NFOlux
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NTFS Undelete_is1" = NTFS Undelete v0.93
"Packet8 Softalk 1.5_is1" = Packet8 Softalk 1.5.8.1
"PDF2EXE_is1" = PDF2EXE 1.0
"PDF-XChange 3_is1" = PDF-XChange 3
"Pocket PC Connection Wizard" = Pocket PC Connection Wizard
"Quick Screen Recorder 1.5_is1" = Quick Screen Recorder 1.5
"RawShooter essentials 2006" = RawShooter essentials 2006
"RealPlayer 12.0" = RealPlayer
"Remote Administrator v2.1" = Remote Administrator v2.1
"Samsung SCX-4x21 Series" = Samsung SCX-4x21 Series
"Sierra Home Architect" = Sierra Home Architect
"Sierra Utilities" = Sierra Utilities
"Storyboard tools" = Storyboard tools
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TCPMP" = TCPMP
"ThomasGuideDeinstKey" = Thomas Guide CD-ROM
"Transcender Test Engine" = Transcender Test Engine
"Transcender: Exam Cert-70-294 " = Transcender: Exam Cert-70-294
"TweakUI" = Tweak UI
"UploadTool" = Babelgum Upload Tool 1.0.14
"USBModem" = USBModem
"VLC media player" = VLC media player 0.9.2
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.6
"WinRAR archiver" = WinRAR archiver
"XoftSpySE" = XoftSpySE
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4193681508-3073026765-3661975548-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fc77ce90b359ff05" = Analyze
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/23/2009 8:12:15 PM | Computer Name = STEVEHP | Source = avast! | ID = 33554522
Description =

Error - 11/23/2009 8:12:15 PM | Computer Name = STEVEHP | Source = avast! | ID = 33554522
Description =

Error - 11/23/2009 8:12:16 PM | Computer Name = STEVEHP | Source = avast! | ID = 33554522
Description =

Error - 11/23/2009 8:12:16 PM | Computer Name = STEVEHP | Source = avast! | ID = 33554522
Description =

Error - 11/23/2009 8:12:17 PM | Computer Name = STEVEHP | Source = avast! | ID = 33554522
Description =

Error - 11/23/2009 8:12:17 PM | Computer Name = STEVEHP | Source = avast! | ID = 33554522
Description =

Error - 11/23/2009 8:12:17 PM | Computer Name = STEVEHP | Source = avast! | ID = 33554522
Description =

Error - 11/23/2009 8:12:18 PM | Computer Name = STEVEHP | Source = avast! | ID = 33554522
Description =

Error - 11/23/2009 8:12:18 PM | Computer Name = STEVEHP | Source = avast! | ID = 33554522
Description =

Error - 11/23/2009 8:12:18 PM | Computer Name = STEVEHP | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 4/20/2010 12:07:49 AM | Computer Name = REAL | Source = MSSQL$SQLEXPRESS | ID = 17049
Description = Unable to cycle error log file from 'C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.2' to 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.3'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 4/20/2010 12:07:49 AM | Computer Name = REAL | Source = MSSQL$SQLEXPRESS | ID = 17049
Description = Unable to cycle error log file from 'C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.1' to 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.2'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 4/20/2010 12:07:49 AM | Computer Name = REAL | Source = MSSQL$SQLEXPRESS | ID = 17049
Description = Unable to cycle error log file from 'C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG' to 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.1'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 4/20/2010 12:07:49 AM | Computer Name = REAL | Source = MSSQL$SQLEXPRESS | ID = 17053
Description = UpdateUptimeRegKey: Operating system error 5(Access is denied.) encountered.

Error - 4/20/2010 12:08:04 AM | Computer Name = REAL | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.

Error - 4/20/2010 12:08:23 AM | Computer Name = REAL | Source = MSSQL$SQLEXPRESS | ID = 17207
Description = FCB::Open: Operating system error 5(Access is denied.) occurred while
creating or opening file 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 4/20/2010 12:08:23 AM | Computer Name = REAL | Source = MSSQL$SQLEXPRESS | ID = 17204
Description = FCB::Open failed: Could not open file C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\master.mdf for file number 1. OS error: 5(Access is
denied.).

Error - 4/20/2010 12:08:24 AM | Computer Name = REAL | Source = MSSQL$SQLEXPRESS | ID = 17207
Description = FCB::Open: Operating system error 5(Access is denied.) occurred while
creating or opening file 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 4/20/2010 12:08:24 AM | Computer Name = REAL | Source = MSSQL$SQLEXPRESS | ID = 17204
Description = FCB::Open failed: Could not open file C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\mastlog.ldf for file number 2. OS error: 5(Access is
denied.).

Error - 4/20/2010 12:08:24 AM | Computer Name = REAL | Source = MSSQL$SQLEXPRESS | ID = 17053
Description = UpdateUptimeRegKey: Operating system error 5(Access is denied.) encountered.

[ System Events ]
Error - 4/20/2010 5:00:00 AM | Computer Name = REAL | Source = Schedule | ID = 7901
Description = The At27.job command failed to start due to the following error: %%2147942405

Error - 4/20/2010 5:45:00 AM | Computer Name = REAL | Source = Schedule | ID = 7901
Description = The At3.job command failed to start due to the following error: %%2147942405

Error - 4/20/2010 6:00:00 AM | Computer Name = REAL | Source = Schedule | ID = 7901
Description = The At28.job command failed to start due to the following error: %%2147942405

Error - 4/20/2010 6:45:00 AM | Computer Name = REAL | Source = Schedule | ID = 7901
Description = The At4.job command failed to start due to the following error: %%2147942405

Error - 4/20/2010 7:00:00 AM | Computer Name = REAL | Source = Schedule | ID = 7901
Description = The At29.job command failed to start due to the following error: %%2147942405

Error - 4/20/2010 7:45:00 AM | Computer Name = REAL | Source = Schedule | ID = 7901
Description = The At5.job command failed to start due to the following error: %%2147942405

Error - 4/20/2010 8:00:00 AM | Computer Name = REAL | Source = Schedule | ID = 7901
Description = The At30.job command failed to start due to the following error: %%2147942405

Error - 4/20/2010 8:45:00 AM | Computer Name = REAL | Source = Schedule | ID = 7901
Description = The At6.job command failed to start due to the following error: %%2147942405

Error - 4/20/2010 9:00:00 AM | Computer Name = REAL | Source = Schedule | ID = 7901
Description = The At31.job command failed to start due to the following error: %%2147942405

Error - 4/20/2010 9:45:00 AM | Computer Name = REAL | Source = Schedule | ID = 7901
Description = The At7.job command failed to start due to the following error: %%2147942405


< End of report >



#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:23 AM

Posted 20 April 2010 - 02:40 PM

Hi,

TDL3 is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you want to proceed please post the log from ComboFix you have run.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 StevePCFix

StevePCFix
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 20 April 2010 - 03:08 PM

I am behind a Hardware Firewall, and will monitor more closely for unauthorized communications.

I also have procexp.exe running and will check regularly for unauthorized processes to run as well.

I would like to run the ComboFix, but have several different instruction sets. Could you please send the instruction set that you recommend?

Thanks, Steve

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:23 AM

Posted 20 April 2010 - 03:25 PM

Hi,

your logs indicate that you have previously run ComboFix. Right now I do not wish you to run ComboFix again, but to post me the log from the last time you ran it. It should be in C:\combofix.txt

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 StevePCFix

StevePCFix
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 20 April 2010 - 07:26 PM

The log file is not on C:\.

It might not be there because while running Combofix my system froze and need to be rebooted.

When I installed it for the first time I renamed it Combo-Fix.exe because that was what the instructions I was working off of said. It is still on my Desktop as Combo-Fix.exe.

Also, are you saying that Malware can be a Backdoor Trojan? All of my Avast Anti-Virus was up to date?

Thanks, Steve

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:23 AM

Posted 21 April 2010 - 05:19 AM

Hi,
yes the infection has backdoor capabilities.
Could you please try to run a new copy of Combofix:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 StevePCFix

StevePCFix
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 24 April 2010 - 09:45 PM

Sorry it took a while to run this, but I have been busy.

I am now running SP3, Combofix seems to have installed it?

Thanks, Steve Below is the Post Combofix Log....


ComboFix 10-04-21.01 - user 04/24/2010 18:58:05.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1271 [GMT -7:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\documents and settings\user\Application Data\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\user\Local Settings\Temporary Internet Files\J16I2Lsp.jpg
c:\documents and settings\user\Local Settings\Temporary Internet Files\lxxNoCT4f.jpg
c:\documents and settings\user\Local Settings\Temporary Internet Files\m46n1Xs.jpg
c:\documents and settings\user\Local Settings\Temporary Internet Files\WeNa0H.jpg
c:\recycler\S-1-5-21-2144774920-3607323289-2739819368-500
C:\Thumbs.db
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\system32\_005368_.tmp.dll
c:\windows\system32\_005369_.tmp.dll
c:\windows\system32\_005370_.tmp.dll
c:\windows\system32\_005371_.tmp.dll
c:\windows\system32\_005373_.tmp.dll
c:\windows\system32\_005374_.tmp.dll
c:\windows\system32\_005375_.tmp.dll
c:\windows\system32\_005376_.tmp.dll
c:\windows\system32\_005378_.tmp.dll
c:\windows\system32\_005379_.tmp.dll
c:\windows\system32\_005380_.tmp.dll
c:\windows\system32\_005381_.tmp.dll
c:\windows\system32\_005382_.tmp.dll
c:\windows\system32\_005383_.tmp.dll
c:\windows\system32\_005384_.tmp.dll
c:\windows\system32\_005385_.tmp.dll
c:\windows\system32\_005386_.tmp.dll
c:\windows\system32\_005387_.tmp.dll
c:\windows\system32\_005388_.tmp.dll
c:\windows\system32\_005389_.tmp.dll
c:\windows\system32\_005390_.tmp.dll
c:\windows\system32\_005391_.tmp.dll
c:\windows\system32\_005392_.tmp.dll
c:\windows\system32\_005393_.tmp.dll
c:\windows\system32\_005394_.tmp.dll
c:\windows\system32\_005395_.tmp.dll
c:\windows\system32\_005396_.tmp.dll
c:\windows\system32\_005397_.tmp.dll
c:\windows\system32\_005398_.tmp.dll
c:\windows\system32\_005399_.tmp.dll
c:\windows\system32\_005400_.tmp.dll
c:\windows\system32\_005401_.tmp.dll
c:\windows\system32\_005402_.tmp.dll
c:\windows\system32\_005403_.tmp.dll
c:\windows\system32\_005404_.tmp.dll
c:\windows\system32\_005405_.tmp.dll
c:\windows\system32\_005406_.tmp.dll
c:\windows\system32\_005407_.tmp.dll
c:\windows\system32\_005408_.tmp.dll
c:\windows\system32\_005409_.tmp.dll
c:\windows\system32\_005410_.tmp.dll
c:\windows\system32\_005411_.tmp.dll
c:\windows\system32\_005412_.tmp.dll
c:\windows\system32\_005413_.tmp.dll
c:\windows\system32\_005414_.tmp.dll
c:\windows\system32\_005415_.tmp.dll
c:\windows\system32\_005416_.tmp.dll
c:\windows\system32\_005417_.tmp.dll
c:\windows\system32\_005418_.tmp.dll
c:\windows\system32\_005419_.tmp.dll
c:\windows\system32\_005420_.tmp.dll
c:\windows\system32\_005421_.tmp.dll
c:\windows\system32\_005422_.tmp.dll
c:\windows\system32\_005423_.tmp.dll
c:\windows\system32\_005425_.tmp.dll
c:\windows\system32\_005426_.tmp.dll
c:\windows\system32\_005427_.tmp.dll
c:\windows\system32\_005428_.tmp.dll
c:\windows\system32\_005429_.tmp.dll
c:\windows\system32\_005430_.tmp.dll
c:\windows\system32\_005431_.tmp.dll
c:\windows\system32\_005432_.tmp.dll
c:\windows\system32\_005434_.tmp.dll
c:\windows\system32\_005435_.tmp.dll
c:\windows\system32\_005436_.tmp.dll
c:\windows\system32\_005437_.tmp.dll
c:\windows\system32\_005438_.tmp.dll
c:\windows\system32\_005440_.tmp.dll
c:\windows\system32\_005441_.tmp.dll
c:\windows\system32\_005442_.tmp.dll
c:\windows\system32\_005443_.tmp.dll
c:\windows\system32\_005444_.tmp.dll
c:\windows\system32\_005445_.tmp.dll
c:\windows\system32\_005446_.tmp.dll
c:\windows\system32\_005448_.tmp.dll
c:\windows\system32\_005449_.tmp.dll
c:\windows\system32\_005450_.tmp.dll
c:\windows\system32\_005451_.tmp.dll
c:\windows\system32\_005453_.tmp.dll
c:\windows\system32\_005454_.tmp.dll
c:\windows\system32\_005455_.tmp.dll
c:\windows\system32\_005456_.tmp.dll
c:\windows\system32\_005457_.tmp.dll
c:\windows\system32\_005458_.tmp.dll
c:\windows\system32\_005459_.tmp.dll
c:\windows\system32\_005461_.tmp.dll
c:\windows\system32\_005462_.tmp.dll
c:\windows\system32\_005463_.tmp.dll
c:\windows\system32\_005464_.tmp.dll
c:\windows\system32\_005465_.tmp.dll
c:\windows\system32\_005466_.tmp.dll
c:\windows\system32\_005467_.tmp.dll
c:\windows\system32\_005468_.tmp.dll
c:\windows\system32\_005469_.tmp.dll
c:\windows\system32\_005470_.tmp.dll
c:\windows\system32\_005471_.tmp.dll
c:\windows\system32\_005472_.tmp.dll
c:\windows\system32\_005473_.tmp.dll
c:\windows\system32\_005475_.tmp.dll
c:\windows\system32\_005476_.tmp.dll
c:\windows\system32\_005477_.tmp.dll
c:\windows\system32\_005478_.tmp.dll
c:\windows\system32\_005479_.tmp.dll
c:\windows\system32\_005481_.tmp.dll
c:\windows\system32\_005482_.tmp.dll
c:\windows\system32\_005484_.tmp.dll
c:\windows\system32\_005485_.tmp.dll
c:\windows\system32\_005486_.tmp.dll
c:\windows\system32\_005487_.tmp.dll
c:\windows\system32\_005488_.tmp.dll
c:\windows\system32\_005489_.tmp.dll
c:\windows\system32\_005490_.tmp.dll
c:\windows\system32\_005491_.tmp.dll
c:\windows\system32\_005492_.tmp.dll
c:\windows\system32\_005493_.tmp.dll
c:\windows\system32\_005494_.tmp.dll
c:\windows\system32\_005496_.tmp.dll
c:\windows\system32\_005497_.tmp.dll
c:\windows\system32\_005498_.tmp.dll
c:\windows\system32\_005499_.tmp.dll
c:\windows\system32\_005500_.tmp.dll
c:\windows\system32\_005501_.tmp.dll
c:\windows\system32\_005502_.tmp.dll
c:\windows\system32\_005503_.tmp.dll
c:\windows\system32\_005506_.tmp.dll
c:\windows\system32\_005507_.tmp.dll
c:\windows\system32\_005511_.tmp.dll
c:\windows\system32\_005512_.tmp.dll
c:\windows\system32\_005514_.tmp.dll
c:\windows\system32\_005515_.tmp.dll
c:\windows\system32\_005516_.tmp.dll
c:\windows\system32\_005517_.tmp.dll
c:\windows\system32\_005519_.tmp.dll
c:\windows\system32\_005520_.tmp.dll
c:\windows\system32\_005521_.tmp.dll
c:\windows\system32\_005522_.tmp.dll
c:\windows\system32\_005525_.tmp.dll
c:\windows\system32\_005526_.tmp.dll
c:\windows\system32\_005527_.tmp.dll
c:\windows\system32\_005528_.tmp.dll
c:\windows\system32\_005529_.tmp.dll
c:\windows\system32\_005534_.tmp.dll
c:\windows\system32\_005536_.tmp.dll
c:\windows\system32\_005537_.tmp.dll
c:\windows\system32\AdmDll.dll
c:\windows\system32\raddrv.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_R_SERVER
-------\Service_r_server


((((((((((((((((((((((((( Files Created from 2010-03-25 to 2010-04-25 )))))))))))))))))))))))))))))))
.

2010-04-20 14:53 . 2010-04-20 14:53 -------- d-----w- c:\windows\LastGood.Tmp
2010-04-20 04:44 . 2008-04-14 05:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-04-20 04:44 . 2008-04-14 12:42 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-04-20 04:33 . 2008-04-14 12:41 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2010-04-20 04:07 . 2010-04-25 02:11 -------- d-----w- c:\windows\system32\NtmsData
2010-04-20 02:48 . 2010-04-20 02:48 -------- d-----w- c:\program files\Windows Resource Kits
2010-04-19 17:09 . 2010-04-19 17:09 -------- d-----w- c:\temp\Adobe Acrobat Pro 6.0
2010-04-16 19:35 . 2008-04-14 12:42 389120 ----a-w- c:\windows\system32\cmd.exe
2010-04-16 19:05 . 2010-04-16 19:05 0 ----a-w- c:\windows\system32\drivers\compbatt.vir
2010-04-15 18:59 . 2004-08-10 12:00 71040 ----a-w- c:\windows\system32\drivers\_005351_.tmp.dll
2010-04-15 16:42 . 2010-04-15 16:42 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Mozilla
2010-04-15 04:39 . 2010-04-15 16:13 -------- d-----w- c:\documents and settings\user\log
2010-04-15 04:39 . 2010-04-15 04:39 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-15 02:47 . 2010-04-15 02:47 -------- d-----w- c:\program files\Trend Micro
2010-04-15 02:41 . 2002-09-11 02:29 24688662 ----a-w- c:\documents and settings\InstallFilesForAct6.Eng\ACT!6_English.exe
2010-04-15 02:41 . 2010-04-15 02:41 -------- d-----w- c:\documents and settings\InstallFilesForAct6.Eng
2010-04-15 02:17 . 2010-04-20 01:10 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-15 02:16 . 2010-04-16 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-15 02:16 . 2010-04-15 02:16 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-14 19:38 . 2010-04-14 19:38 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2010-04-14 19:38 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-14 19:38 . 2010-04-14 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-14 19:38 . 2010-04-14 19:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-14 19:38 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 17:58 . 2010-04-14 17:58 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Threat Expert
2010-04-14 17:40 . 2010-01-22 16:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-14 17:37 . 2010-04-14 18:08 -------- d-----w- c:\program files\Spyware Doctor
2010-04-14 17:37 . 2010-04-14 18:08 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-14 03:56 . 2010-04-20 04:43 -------- d-----w- c:\windows\system32\scripting
2010-04-14 03:56 . 2010-04-20 04:43 -------- d-----w- c:\windows\l2schemas
2010-04-14 03:56 . 2010-04-20 04:42 -------- d-----w- c:\windows\system32\en
2010-04-14 03:56 . 2010-04-20 04:42 -------- d-----w- c:\windows\system32\bits
2010-04-14 03:39 . 2010-03-09 11:09 430080 -c--a-w- c:\windows\system32\dllcache\vbscript.dll
2010-04-14 03:39 . 2004-08-10 12:00 71040 ----a-w- c:\windows\system32\drivers\_005343_.tmp.dll
2010-04-13 15:13 . 2010-04-13 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-13 15:13 . 2010-04-13 15:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\avG
2010-04-08 05:26 . 2010-04-15 05:10 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 02:24 . 2006-05-20 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-21 19:40 . 2006-05-06 18:11 -------- d-----w- c:\program files\Thomas Guide CD-ROM
2010-04-20 04:48 . 2005-08-17 17:20 92991 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-17 19:17 . 2006-05-05 17:23 -------- d-----w- c:\documents and settings\user\Application Data\AdobeUM
2010-04-16 18:58 . 2006-05-03 04:17 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-04-16 17:13 . 2006-01-03 19:24 -------- d-----w- c:\program files\Google
2010-04-15 19:02 . 2009-08-30 19:41 -------- d-----w- c:\program files\QuickTime
2010-04-15 18:13 . 2006-05-09 19:04 -------- d-----w- c:\program files\Radmin
2010-04-15 16:11 . 2007-04-07 01:42 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-15 03:22 . 2009-08-24 20:47 -------- d-----w- c:\program files\Verizon
2010-04-15 03:22 . 2009-08-24 20:46 -------- d-----w- c:\program files\Common Files\Motive
2010-04-15 03:20 . 2006-01-03 18:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-14 19:25 . 2006-08-28 22:41 -------- d-----w- c:\program files\Microsoft Location Finder
2010-04-14 18:15 . 2006-05-07 21:05 103480 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-14 18:10 . 2008-01-15 18:24 -------- d-----w- c:\program files\Windows Defender
2010-04-14 18:08 . 2008-03-09 17:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-14 16:47 . 2008-09-16 14:38 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 16:47 . 2008-09-16 14:38 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-14 16:35 . 2008-09-16 14:38 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-14 16:35 . 2008-09-16 14:38 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-14 16:31 . 2008-09-16 14:38 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-14 16:31 . 2008-09-16 14:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-14 16:31 . 2008-09-16 14:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-14 16:31 . 2008-09-16 14:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-14 16:30 . 2008-09-16 14:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-14 04:30 . 2009-11-06 02:27 -------- d-----w- c:\documents and settings\user\Application Data\Skype
2010-04-14 03:01 . 2009-11-06 02:29 -------- d-----w- c:\documents and settings\user\Application Data\skypePM
2010-04-02 00:14 . 2006-05-07 20:46 -------- d-----w- c:\documents and settings\user\Application Data\Share-to-Web Upload Folder
2010-03-21 03:17 . 2008-06-11 00:16 -------- d-----w- c:\documents and settings\user\Application Data\gtk-2.0
2010-03-18 14:55 . 2009-12-08 07:32 -------- d-----w- c:\program files\LogMeIn
2010-03-12 21:59 . 2009-04-05 23:29 -------- d-----w- c:\documents and settings\user\Application Data\FileZilla
2010-03-12 03:04 . 2006-01-03 18:56 -------- d-----w- c:\program files\Common Files\Java
2010-03-12 03:04 . 2010-03-12 03:04 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5524385d-n\msvcp71.dll
2010-03-12 03:04 . 2010-03-12 03:04 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5524385d-n\msvcr71.dll
2010-03-12 03:04 . 2010-03-12 03:04 61440 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-75428635-n\decora-sse.dll
2010-03-12 03:04 . 2010-03-12 03:04 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5524385d-n\jmc.dll
2010-03-12 03:04 . 2010-03-12 03:04 12800 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-75428635-n\decora-d3d.dll
2010-03-12 03:04 . 2006-01-03 18:56 -------- d-----w- c:\program files\Java
2010-03-11 12:38 . 2004-08-10 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-10 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-10 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-10 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 00:54 . 2007-06-01 03:21 -------- d-----w- c:\program files\ACT
2010-02-24 17:16 . 2009-10-03 08:46 181632 ----a-w- c:\windows\system32\MpSigStub.exe
2004-08-10 12:00 . 2004-08-10 12:00 94784 --sha-w- c:\windows\twain.dll
2002-08-01 02:55 . 2009-10-08 06:26 104 --sha-w- c:\windows\WSYS049.SYS
2008-04-14 00:12 . 2008-08-21 11:21 413696 --sha-w- c:\windows\system32\SET2A9.tmp
2008-04-14 00:11 . 2008-08-21 11:21 1028096 --sha-w- c:\windows\system32\SET2FA.tmp
.
CODE
<pre>
c:\program files\a la mode\Sched\eSched .exe
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd .exe
c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor .exe
c:\program files\Hp\HP Software Update\HPWuSchd2 .exe
c:\program files\HPQ\Default Settings\cpqset .exe
c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant .exe
c:\program files\LogMeIn\x86\LogMeInSystray .exe
c:\program files\Microsoft ActiveSync\wcescomm  .exe
c:\program files\Microsoft Location Finder\LocationFinder .exe
c:\program files\QuickTime\qttask     .exe
c:\program files\QuickTime\qttask    .exe
c:\program files\QuickTime\qttask   .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc .exe
c:\program files\Skype\Phone\Skype .exe
c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\program files\Verizon\McciTrayApp .exe
c:\program files\Windows Defender\MSASCui .exe
c:\program files\Yahoo!\Messenger\YahooMessenger  .exe
c:\windows\ehome\ehtray .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger .exe -quiet" [X]
"Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [N/A]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-03-17 2387968]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [N/A]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [N/A]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [N/A]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-04-16 5650240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
SideACT!.lnk - c:\program files\ACT\SideACT.exe [2010-3-8 352312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-29 03:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TurboNote\\tbnote.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Packet8 Softalk\\Softalk\\Softalk.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft SQL Server\\MSSQL$ALAMODE\\Binn\\sqlservr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21:TCP"= 21:TCP:FTP
"23:TCP"= 23:TCP:Telnet
"25:TCP"= 25:TCP:SMTP
"79:TCP"= 79:TCP:Finger
"110:TCP"= 110:TCP:POP3
"143:TCP"= 143:TCP:IMap
"443:TCP"= 443:TCP:HTTPS
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/16/2008 7:38 AM 162768]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [8/14/2002 4:11 PM 5632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/16/2008 7:38 AM 19024]
R2 BabelgumUpdater;BabelgumUpdater;c:\program files\Babelgum Player\babelgumupdater_service.exe [11/20/2008 7:32 AM 13624]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 1:41 PM 12856]
R2 MSSQL$ALAMODE;MSSQL$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe [5/4/2005 1:04 AM 9150464]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/27/2005 7:25 PM 31896]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 2:06 AM 231424]
S2 DVDRIVER;DVdriver;c:\windows\system32\drivers\dvdriver.sys [7/14/2007 5:48 PM 30296]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/18/2009 3:10 PM 135664]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\user\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\user\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" --> c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [?]
S3 SQLAgent$ALAMODE;SQLAgent$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE [5/3/2005 10:42 PM 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-03-17 20:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-04-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-25 19:40]

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-18 22:10]

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-18 22:10]

2010-04-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]

2010-04-25 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 21:44]

2010-04-20 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 21:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.stevesellsre.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: verizon.net\www
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://lioncam2.lmu.edu/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\tnkxy8b8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.stevesellsre.com/
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Babelgum Player\npweb_babelgumplayer_0.9.3.dll
FF - plugin: c:\program files\Babelgum Player\npweb_babelgumplayer_0_9_18.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-LiveUpdate1.6 - c:\program files\Symantec\LiveUpdate\LSETUP.EXE
AddRemove-TweakUI - c:\windows\rundll32.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-24 19:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySQL]
"ImagePath"="\"e:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt\" --defaults-file=\"e:\program files\MySQL\MySQL Server 4.1\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(2888)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\Ati2evxx.exe
.
**************************************************************************
.
Completion time: 2010-04-24 19:35:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-25 02:35

Pre-Run: 36,784,021,504 bytes free
Post-Run: 37,155,115,008 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - E29458D9F08467F00FAEFE0109EDDDBB


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:23 AM

Posted 25 April 2010 - 07:10 AM

Hi,

could you please run the following script to remove what is left:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
Renv::

c:\program files\a la mode\Sched\eSched .exe
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd .exe
c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor .exe
c:\program files\Hp\HP Software Update\HPWuSchd2 .exe
c:\program files\HPQ\Default Settings\cpqset .exe
c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant .exe
c:\program files\LogMeIn\x86\LogMeInSystray .exe
c:\program files\Microsoft ActiveSync\wcescomm  .exe
c:\program files\Microsoft Location Finder\LocationFinder .exe
c:\program files\QuickTime\qttask     .exe
c:\program files\QuickTime\qttask    .exe
c:\program files\QuickTime\qttask   .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc .exe
c:\program files\Skype\Phone\Skype .exe
c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\program files\Verizon\McciTrayApp .exe
c:\program files\Windows Defender\MSASCui .exe
c:\program files\Yahoo!\Messenger\YahooMessenger  .exe
c:\windows\ehome\ehtray .exe


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 StevePCFix

StevePCFix
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 25 April 2010 - 11:00 PM

ComboFix 10-04-21.01 - user 04/25/2010 20:22:38.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1475 [GMT -7:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AdmDll.dll
c:\windows\system32\raddrv.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_R_SERVER
-------\Service_r_server


((((((((((((((((((((((((( Files Created from 2010-03-26 to 2010-04-26 )))))))))))))))))))))))))))))))
.

2010-04-15 02:16 . 2010-04-16 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-14 19:38 . 2010-04-14 19:38 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2010-04-14 19:38 . 2010-04-14 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-13 15:13 . 2010-04-13 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-26 03:40 . 2010-04-15 02:17 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-26 03:39 . 2009-11-06 02:27 -------- d-----w- c:\documents and settings\user\Application Data\Skype
2010-04-26 03:39 . 2009-11-06 02:29 -------- d-----w- c:\documents and settings\user\Application Data\skypePM
2010-04-26 03:38 . 2006-05-20 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-26 03:22 . 2008-01-15 18:24 -------- d-----w- c:\program files\Windows Defender
2010-04-26 03:22 . 2009-08-24 20:47 -------- d-----w- c:\program files\Verizon
2010-04-26 03:22 . 2009-08-30 19:41 -------- d-----w- c:\program files\QuickTime
2010-04-26 03:22 . 2006-08-28 22:41 -------- d-----w- c:\program files\Microsoft Location Finder
2010-04-26 03:22 . 2006-05-03 04:17 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-04-25 03:18 . 2007-04-07 01:42 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-25 02:47 . 2006-05-09 19:04 -------- d-----w- c:\program files\Radmin
2010-04-21 19:40 . 2006-05-06 18:11 -------- d-----w- c:\program files\Thomas Guide CD-ROM
2010-04-20 02:48 . 2010-04-20 02:48 -------- d-----w- c:\program files\Windows Resource Kits
2010-04-17 19:17 . 2006-05-05 17:23 -------- d-----w- c:\documents and settings\user\Application Data\AdobeUM
2010-04-16 19:05 . 2010-04-16 19:05 0 ----a-w- c:\windows\system32\drivers\compbatt.vir
2010-04-16 17:13 . 2006-01-03 19:24 -------- d-----w- c:\program files\Google
2010-04-15 05:10 . 2010-04-08 05:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-15 04:39 . 2010-04-15 04:39 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-15 03:22 . 2009-08-24 20:46 -------- d-----w- c:\program files\Common Files\Motive
2010-04-15 03:20 . 2006-01-03 18:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-15 02:47 . 2010-04-15 02:47 -------- d-----w- c:\program files\Trend Micro
2010-04-15 02:16 . 2010-04-15 02:16 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-14 19:38 . 2010-04-14 19:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-14 18:15 . 2006-05-07 21:05 103480 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-14 18:08 . 2008-03-09 17:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-14 18:08 . 2010-04-14 17:37 -------- d-----w- c:\program files\Spyware Doctor
2010-04-14 18:08 . 2010-04-14 17:37 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-14 16:47 . 2008-09-16 14:38 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 16:47 . 2008-09-16 14:38 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-14 16:35 . 2008-09-16 14:38 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-14 16:35 . 2008-09-16 14:38 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-14 16:31 . 2008-09-16 14:38 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-14 16:31 . 2008-09-16 14:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-14 16:31 . 2008-09-16 14:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-14 16:31 . 2008-09-16 14:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-14 16:30 . 2008-09-16 14:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-02 00:14 . 2006-05-07 20:46 -------- d-----w- c:\documents and settings\user\Application Data\Share-to-Web Upload Folder
2010-03-30 07:46 . 2010-04-14 19:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45 . 2010-04-14 19:38 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-21 03:17 . 2008-06-11 00:16 -------- d-----w- c:\documents and settings\user\Application Data\gtk-2.0
2010-03-18 14:55 . 2009-12-08 07:32 -------- d-----w- c:\program files\LogMeIn
2010-03-12 21:59 . 2009-04-05 23:29 -------- d-----w- c:\documents and settings\user\Application Data\FileZilla
2010-03-12 03:04 . 2006-01-03 18:56 -------- d-----w- c:\program files\Common Files\Java
2010-03-12 03:04 . 2006-01-03 18:56 -------- d-----w- c:\program files\Java
2010-03-11 12:38 . 2004-08-10 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-10 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-10 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-10 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 00:54 . 2007-06-01 03:21 -------- d-----w- c:\program files\ACT
2010-02-24 17:16 . 2009-10-03 08:46 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 13:11 . 2010-04-16 19:35 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 16:10 . 2010-04-16 19:35 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2010-04-16 19:35 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-10 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2010-04-16 19:35 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2004-08-10 12:00 . 2004-08-10 12:00 94784 --sha-w- c:\windows\twain.dll
2002-08-01 02:55 . 2009-10-08 06:26 104 --sha-w- c:\windows\WSYS049.SYS
2008-04-14 00:12 . 2008-08-21 11:21 413696 --sha-w- c:\windows\system32\SET2A9.tmp
2008-04-14 00:11 . 2008-08-21 11:21 1028096 --sha-w- c:\windows\system32\SET2FA.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger .exe -quiet" [X]
"Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [2006-05-15 101136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 68856]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-03-17 2387968]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-01-13 30192]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-04-25 5908288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
SideACT!.lnk - c:\program files\ACT\SideACT.exe [2010-3-8 352312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-29 03:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TurboNote\\tbnote.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Packet8 Softalk\\Softalk\\Softalk.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft SQL Server\\MSSQL$ALAMODE\\Binn\\sqlservr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21:TCP"= 21:TCP:FTP
"23:TCP"= 23:TCP:Telnet
"25:TCP"= 25:TCP:SMTP
"79:TCP"= 79:TCP:Finger
"110:TCP"= 110:TCP:POP3
"143:TCP"= 143:TCP:IMap
"443:TCP"= 443:TCP:HTTPS
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/16/2008 7:38 AM 162768]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [8/14/2002 4:11 PM 5632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/16/2008 7:38 AM 19024]
R2 BabelgumUpdater;BabelgumUpdater;c:\program files\Babelgum Player\babelgumupdater_service.exe [11/20/2008 7:32 AM 13624]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 1:41 PM 12856]
R2 MSSQL$ALAMODE;MSSQL$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe [5/4/2005 1:04 AM 9150464]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/27/2005 7:25 PM 31896]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 2:06 AM 231424]
S2 DVDRIVER;DVdriver;c:\windows\system32\drivers\dvdriver.sys [7/14/2007 5:48 PM 30296]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/18/2009 3:10 PM 135664]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\user\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\user\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/14/2006 10:14 AM 30192]
S3 SQLAgent$ALAMODE;SQLAgent$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE [5/3/2005 10:42 PM 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-03-17 20:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-04-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-25 19:40]

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-18 22:10]

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-18 22:10]

2010-04-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]

2010-04-25 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 21:44]

2010-04-20 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 21:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.stevesellsre.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: verizon.net\www
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://lioncam2.lmu.edu/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\tnkxy8b8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.stevesellsre.com/
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Babelgum Player\npweb_babelgumplayer_0.9.3.dll
FF - plugin: c:\program files\Babelgum Player\npweb_babelgumplayer_0_9_18.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-25 20:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySQL]
"ImagePath"="\"e:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt\" --defaults-file=\"e:\program files\MySQL\MySQL Server 4.1\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(3284)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
.
**************************************************************************
.
Completion time: 2010-04-25 20:48:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-26 03:48
ComboFix2.txt 2010-04-25 02:35

Pre-Run: 37,226,008,576 bytes free
Post-Run: 37,228,945,408 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 7F8D8192348AAB268F82B7824F1DE859


#13 StevePCFix

StevePCFix
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 25 April 2010 - 11:08 PM

Mryti,

I use Remote Admin 2.1 to transfer files between my PC's and MAC in a NAT behind a firewall. Please, if you need to run anymore scripts with ComboFix please add a line or two to the script so ComboFix will stop deleting my Remote Admin DLLs.

Thanks, Steve thumbup.gif

Does this mean this machine is clean now?

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:23 AM

Posted 26 April 2010 - 02:35 PM

Hi,

the log is looking good. Sorry about r_admin.. it's not always used on PCs with the users consent, so ComboFix targets it. whistling.gif

I would like you to run a scan with Eset as well to check for leftovers:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 StevePCFix

StevePCFix
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 27 April 2010 - 10:01 AM

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\15\21278b4f-37b420d4 Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\28\732b691c-1ec73a86 multiple threats deleted - quarantined
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\41\529ea6e9-57c281b0 Java/TrojanDownloader.OpenStream.NAA trojan deleted - quarantined
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\50\326ab372-106b9550 Java/TrojanDownloader.OpenStream.NAB trojan deleted - quarantined
C:\Program Files\QuickTime\qttask.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1626\A0168297.exe a variant of Win32/Kryptik.DPG trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1627\A0169337.exe a variant of Win32/Kryptik.DPG trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0174633.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0174634.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0174635.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0174711.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0174712.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0174713.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0175311.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0175312.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0175313.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0175314.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0175315.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0175316.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0175317.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0175318.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0175319.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0175320.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0175321.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0175323.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0175324.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0175325.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0175326.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0175327.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0175328.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0175329.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1628\A0175388.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1631\A0177481.exe a variant of Win32/Kryptik.DSA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1632\A0177679.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1633\A0179431.dll Win32/Olmarik.XG trojan cleaned - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1633\A0181181.dll Win32/Olmarik.XG trojan cleaned - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1633\A0182668.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1633\A0182669.sys Win32/Olmarik.XG trojan cleaned - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1645\A0192615.exe a variant of Win32/Kryptik.DPG trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1646\A0198030.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1646\A0198031.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1646\A0198033.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1647\A0198273.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
E:\NewProgs\AntiVirusProg\McaFee2006\McAfee_VirusScan_2006_100%_Working_Retail.zip probably unknown WIN32 virus deleted - quarantined


Wow, thanks, Steve - What now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users