Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help removing trojan - google phishing redirect


  • Please log in to reply
19 replies to this topic

#1 kurisu

kurisu

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 02 June 2010 - 01:25 PM

Hello bleeping computer wizards, thank you in advance for any help you are able to provide. I discovered late last week that my PC was infected with a bunch of things, which turned out most likely to be trojans and some sort of root kit thing. I use Kaspersky anti-virus (required by the company I work for, so not an option for me to change it, even though this is my home computer), and all of a sudden I started receiving Kaspersky warnings popping up from the system tray every time I clicked on a link in Google, telling me I was being sent to a phishing website. I immediately ran a Kaspersky scan, and found a whole bunch of stuff, which I'm cutting and pasting from Kaspersky's log:

disinfected: Trojan program Rootkit.Win32.TDSS.ap File: C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP544\A0077548.sys
deleted: riskware not-a-virus:RemoteAdmin.Win32.WinVNC.4 File: C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP537\A0076112.dll
deleted: riskware not-a-virus:RemoteAdmin.Win32.WinVNC.fl File: C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP537\A0076111.exe
deleted: riskware not-a-virus:RemoteAdmin.Win32.WinVNC.4 File: C:\RECYCLER\S-1-5-21-3315509895-2956943036-1400379007-1005\Dc998.dll
deleted: riskware not-a-virus:RemoteAdmin.Win32.WinVNC.fl File: C:\RECYCLER\S-1-5-21-3315509895-2956943036-1400379007-1005\Dc997.exe
disinfected: Trojan program Rootkit.Win32.TDSS.ap File: C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\termdd.sys.vir
deleted: Trojan program Trojan-Dropper.Win32.Jascript.ayp File: C:\DOCUME~1\Chris\LOCALS~1\Temp\FlashPlayerUpdate.exe
deleted: Trojan program Trojan.JS.Redirector.ar File: C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\HA2ZRQTT\show_ads[1].js
deleted: Trojan program Exploit.Java.Agent.f File: C:\Documents and Settings\Chris\Local Settings\Temp\jar_cache8907344887247538715.tmp/sklif/Hieeyfc.class
deleted: Trojan program Exploit.Java.Agent.f File: C:\Documents and Settings\Chris\Local Settings\Temp\jar_cache4333092528487656724.tmp/Uutecwv.class
deleted: Trojan program Exploit.Java.Agent.a File: C:\Documents and Settings\Chris\Local Settings\Temp\jar_cache4333092528487656724.tmp/Keyworq.class
deleted: Trojan program Exploit.Java.Agent.f File: C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\4\436a0444-3d1a7df7/vmain.class
deleted: Trojan program Exploit.Java.Agent.f File: C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\37\301cb0e5-6a375269/vmain.class

I saw that there was some Java stuff going on, and I updated Java, which turned out to be an older version.

After running the Kaspersky scan, I was still getting the warning messages from Kaspersky every time I clicked on a Google link, so I realized that there must still be stuff going on. I downloaded Malwarebytes Anti-Malware and ran that, and found the following (I don't have the complete log from this scan):

C:\Documents and Settings\Chris\Local Settings\Temp\78112864.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

I realized at this point that I could not set a restore point -- something had disabled my ability to access the system restore function in Win XP. I was also still getting the same phishing warnings from Kaspersky, so I did some Google searching and downloaded and ran Combofix, before I understood that I shouldn't do that without your supervision (sorry!).

Combofix found some things, and again I unfortunately don't have the log because I did all this stuff before I even understood that I could turn to you for help, so I wasn't following the instructions that I only found yesterday when I came across your "preparation guide for use before using malware removal tools and requesting help."

After running all of these tools several times, I stopped getting the phishing alerts from Kaspersky, and I could set restore points again. I am still unable to connect to any secure website, though, because I always get a warning that:

"This CA Root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities store."

For example, I'm trying to connect to my company's exchange server, which is at intermedia. If I click on the install certificate button (in this, or ANY other secure site), I get the following message (except the thumbprint is different), which I had to type in manually because I could not select text in the message, so there may be typos:

"You are about to install a certificate from a certification authority (CA) claiming to represent:

owa3.intermedia.net

Windows cannot validate that the certificate is actually from "owa3.intermedia.net". You should confirm its origin by contacting "owa3.intermedia.net". The following number will assist you in this process:

Thumbprint (sha1): AE9EA218 1CD2529A D3CD93A1 356EF524 15240665

Warning: If you install this root certificate, Windows will automatically trust any certificate issued by this CA. Installing a certificate with an unconfirmed thumbprint is a security risk. If you click "Yes" you acknowledge this risk.

Do you want to install this certificate?"

I just canceled out of those things, because I don't understand it enough to know what to answer.

So, this is where I stand right now. I may or may not have completely removed the virus(es) infecting my computer. I am nervous that this may have affected the other desktop and the notebook that are on my home network, although I've seen no evidence of the same type of behavior on those computers, and a Kaspersky scan revealed nothing that I need to worry about.

I am hoping you can help me figure out whether my computer is still infected, and whether the root certificate thing is just something that got corrupted while removing viruses, or whether it's evidence of an active issue. Yesterday I read the Preparation Guide on your website and followed all the instructions. I will now paste and attach the logs from DDS and gmer.

DDS:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Admin at 16:10:11.39 on Tue 06/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1548 [GMT -7:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaseya\Agent\AgentMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
C:\Program Files\Acronis\TrueImageServer\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageServer\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Lyra Wireless Remote\Lyraw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DocuSign Web\DocuSignExpress.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\Admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: CDelHotkeys Object: {78875f5c-a685-4405-8dc5-d48dc65452b0} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [IE Privacy Keeper] "c:\program files\unh solutions\ie privacy keeper\IEPrivacyKeeper.exe" -startup
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Kaseya Agent Service Helper] "c:\program files\kaseya\agent\KaUsrTsk.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimageserver\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimageserver\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [LyraWirelessRemote] "c:\program files\lyra wireless remote\Lyraw.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\docusi~1.lnk - c:\program files\docusign web\DocuSignExpress.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\ie_banner_deny.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\SCIEPlgn.dll
IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: car.org\www
Trusted Zone: winforms.com\support
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229112070930
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} - hxxps://www.rtierra.com/inc/kaxRemote.dll
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cornellalumni.webex.com/client/T26L/training/ieatgpc.cab
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
TCP: {7D5C43C3-7E01-4CDD-BD43-2483B1839CB0} = 208.67.222.222,20.67.220.220
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-7-18 112144]
R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-11-9 201504]
R2 AVP;Kaspersky Anti-Virus 6.0;c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe [2007-11-19 231952]
R2 CmosTime;CmosTime;c:\windows\system32\cmostime.sys [2005-9-14 3502]
R2 KaseyaAgent;Kaseya Agent;c:\program files\kaseya\agent\AgentMon.exe [2009-11-24 610304]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2008-11-20 8960]
R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [2009-11-24 20792]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-5 136176]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys --> c:\windows\system32\drivers\Diag69xp.sys [?]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2008-11-20 16640]

=============== Created Last 30 ================

2010-06-01 23:09:08 0 ----a-w- c:\documents and settings\admin\defogger_reenable
2010-06-01 01:00:48 0 dc-h--w- c:\windows\ie8
2010-06-01 00:14:36 0 d-sh--w- c:\documents and settings\admin\IECompatCache
2010-05-29 16:45:20 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes
2010-05-29 00:36:42 0 d-----w- c:\documents and settings\admin\ZipForm
2010-05-29 00:30:31 0 d-sh--w- c:\documents and settings\admin\PrivacIE
2010-05-28 23:22:02 0 d-sha-r- C:\cmdcons
2010-05-28 23:17:54 98816 ----a-w- c:\windows\sed.exe
2010-05-28 23:17:54 77312 ----a-w- c:\windows\MBR.exe
2010-05-28 23:17:54 256512 ----a-w- c:\windows\PEV.exe
2010-05-28 23:17:54 161792 ----a-w- c:\windows\SWREG.exe
2010-05-28 22:36:20 0 d-----w- c:\docume~1\admin\applic~1\Delicious IE Extension
2010-05-28 22:22:51 0 d-----w- c:\docume~1\admin\applic~1\Zeon
2010-05-28 22:07:08 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-22 03:26:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-05-22 00:54:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-22 00:54:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-22 00:54:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-22 00:54:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-06-01 23:10:11 72791072 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-06-01 23:07:48 2503200 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-06-01 21:36:18 982448 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-06-01 21:36:18 238496 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-05-05 09:37:02 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-05 09:37:02 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-27 00:08:34 97852 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

============= FINISH: 16:10:36.12 ===============


One more thing that I should maybe let you know -- when I was running gmer, I had to run it 4 times before I could successfully save a log.

The first time I ran it, it went through the scan, got all the way through the various sections and was scanning the "files" and all of a sudden my computer rebooted, with no warning or action on my part. I realized then that the LAN cable was still plugged in, and I'm not sure whether I was or wasn't supposed to disconnect it, but I did so at that point anyway. Gmer didn't open up automatically after the reboot, so I had to start the program again and there was no log. I also made sure to turn off Kaspersky at this point, which I may have forgotten to do before the first scan.

The second time I ran it, the scan completed. I clicked on the "save" button, typed in the file name ark.txt, and the program and the computer froze. I let it sit for about 20 minutes, just in case it would be able to recover, but nothing happened. It wouldn't respond to Ctrl+Alt+Delete or anything else. I had to unplug the computer and reboot.

The third time, I left my computer unattended for a while. When I came back, a screensaver had come on and I couldn't get the computer to respond to any keystrokes or mouse clicks or anything. So I rebooted again.

This last time, everything worked smoothly. The scan finished, and I clicked "save". I didn't call the log file "ark.txt", because it had frozen the last time I had typed that in (attempt #2). I typed in "ark" and let the program automatically save it with the ".log" extension. Finally I had a file I could attach to this post.

So, if anyone at bleeping computer is able to help me figure where things stand right now, I would be very, very grateful. Thank you so much, in advance, for the time and effort you'll spend helping me. If I have followed any of the steps incorrectly or if you need more information, I will be fully cooperative while you're assisting me.

Also, I know from reading other posts that if I don't respond for several days, you'll close the thread, and I know not to do anything further to my computer while you're helping me (which is a good thing, because I don't know what I'm doing, anyway!). Nor will I post about this on any other forum.

Regards,

Chris

Attached Files



BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 AM

Posted 05 June 2010 - 09:33 PM

Hi and welcome. smile.gif

My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-GMER log
-Description of any remaining problems you may still have.


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 kurisu

kurisu
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 06 June 2010 - 02:16 PM

Hello Extremeboy, thank you for your response and I'm so grateful that you'll be helping me. My computer is in exactly the same state I described in my initial post -- no changes to what's going on. I haven't made any changes or deleted anything, either, so you can look to that first post for a description of what's going on and what I had done.

Based on your response, I re-ran DDS and will post the log here and attach the attach.txt as well.

Here's the DDS log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Admin at 11:28:53.50 on Sun 06/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1314 [GMT -7:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaseya\Agent\AgentMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
C:\Program Files\Acronis\TrueImageServer\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageServer\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: CDelHotkeys Object: {78875f5c-a685-4405-8dc5-d48dc65452b0} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [IE Privacy Keeper] "c:\program files\unh solutions\ie privacy keeper\IEPrivacyKeeper.exe" -startup
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Kaseya Agent Service Helper] "c:\program files\kaseya\agent\KaUsrTsk.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimageserver\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimageserver\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [LyraWirelessRemote] "c:\program files\lyra wireless remote\Lyraw.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\docusi~1.lnk - c:\program files\docusign web\DocuSignExpress.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\ie_banner_deny.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\SCIEPlgn.dll
IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: car.org\www
Trusted Zone: winforms.com\support
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229112070930
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} - hxxps://www.rtierra.com/inc/kaxRemote.dll
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cornellalumni.webex.com/client/T26L/training/ieatgpc.cab
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
TCP: {7D5C43C3-7E01-4CDD-BD43-2483B1839CB0} = 208.67.222.222,20.67.220.220
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-7-18 112144]
R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-11-9 201504]
R2 AVP;Kaspersky Anti-Virus 6.0;c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe [2007-11-19 231952]
R2 CmosTime;CmosTime;c:\windows\system32\cmostime.sys [2005-9-14 3502]
R2 KaseyaAgent;Kaseya Agent;c:\program files\kaseya\agent\AgentMon.exe [2009-11-24 610304]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2008-11-20 8960]
R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [2009-11-24 20792]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-5 136176]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys --> c:\windows\system32\drivers\Diag69xp.sys [?]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2008-11-20 16640]

=============== Created Last 30 ================

2010-06-01 23:09:08 0 ----a-w- c:\documents and settings\admin\defogger_reenable
2010-06-01 01:00:48 0 dc-h--w- c:\windows\ie8
2010-06-01 00:14:36 0 d-sh--w- c:\documents and settings\admin\IECompatCache
2010-05-29 16:45:20 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes
2010-05-29 00:36:42 0 d-----w- c:\documents and settings\admin\ZipForm
2010-05-29 00:30:31 0 d-sh--w- c:\documents and settings\admin\PrivacIE
2010-05-28 23:22:02 0 d-sha-r- C:\cmdcons
2010-05-28 23:17:54 98816 ----a-w- c:\windows\sed.exe
2010-05-28 23:17:54 77312 ----a-w- c:\windows\MBR.exe
2010-05-28 23:17:54 256512 ----a-w- c:\windows\PEV.exe
2010-05-28 23:17:54 161792 ----a-w- c:\windows\SWREG.exe
2010-05-28 22:36:20 0 d-----w- c:\docume~1\admin\applic~1\Delicious IE Extension
2010-05-28 22:22:51 0 d-----w- c:\docume~1\admin\applic~1\Zeon
2010-05-28 22:07:08 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-22 03:26:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-05-22 00:54:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-22 00:54:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-22 00:54:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-22 00:54:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-06-06 18:28:25 73289248 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-06-06 18:25:07 2526752 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-06-06 03:47:21 989792 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-06-06 03:47:21 241016 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-05-05 09:37:02 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-05 09:37:02 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-27 00:08:34 97852 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

============= FINISH: 11:29:28.90 ===============

I've just attached the attach log as well. Based on your instructions, I re-ran GMER. I had had trouble with GMER the first time I posted (please see the description in my first post), and I did this time as well. This time, I got hit with a blue screen about 4 or 5 minutes into the scan. I took a photo of the screen and have attached it here for you to see.

Just so you know, I had unplugged my computer from the router and turned off Kaspersky while I did the GMER scan. After getting that blue screen, I'm not sure whether it makes sense to keep on trying to get a new GMER log, so I'm just going to stop for now and await your next instructions.

Thank you!

Chris

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 AM

Posted 06 June 2010 - 06:22 PM

Hello.

No problem. Thanks for the update.

Let's not run GMER any more until we clear up some of this mess. Let's begin with Combofix.
Download and Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

Download Combofix from any of the links below, and save it to your desktop.
Link 1
Link 2

Please refer to this page for full instructions on how to run ComboFix.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click ComboFix.exe to start the program. Agree to the prompts.
  • When ComboFix is finished, a log report (C:\ComboFix.txt) will open. Post back with it.
Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.


Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 kurisu

kurisu
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 06 June 2010 - 09:00 PM

Hello again EB, I did my best to follow the instructions in the other post you linked to with the instructions on running ComboFix – turned off Kaspersky anti-virus, made sure all windows were closed. I have no idea whether it matters or not, but I left the computer connected to the router during the scan because it didn't tell me to do otherwise. Nothing weird happened during the scan, other than it took about 4 minutes to set a restore point and that seemed like it might be a little long, and ComboFix did not reboot the computer after the scan. Here’s the log:

ComboFix 10-06-06.01 - Admin 06/06/2010 18:37:50.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1512 [GMT -7:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 )))))))))))))))))))))))))))))))
.

2010-06-06 21:41 . 2010-06-06 21:41 -------- d-----w- c:\documents and settings\Chris.CHRIS-PC\Application Data\Roxio
2010-06-06 21:40 . 2010-06-06 21:40 -------- d-----w- c:\documents and settings\Chris.CHRIS-PC\Application Data\AccurateRip
2010-06-06 20:20 . 2010-06-06 20:20 -------- d-----w- c:\documents and settings\Chris.CHRIS-PC\Local Settings\Application Data\Apple
2010-06-06 20:16 . 2010-06-06 20:20 -------- d-----w- c:\documents and settings\Chris.CHRIS-PC\Application Data\Apple Computer
2010-06-03 22:12 . 2010-06-03 22:12 -------- d-----w- c:\documents and settings\Chris.CHRIS-PC\Application Data\Canon
2010-06-01 19:16 . 2010-06-01 19:16 -------- d-----w- c:\documents and settings\Chris.CHRIS-PC\Application Data\Malwarebytes
2010-06-01 16:31 . 2010-06-01 16:31 -------- d-----w- c:\documents and settings\Chris.CHRIS-PC\ZipForm
2010-06-01 01:00 . 2010-06-01 01:01 -------- dc-h--w- c:\windows\ie8
2010-06-01 00:14 . 2010-06-01 00:14 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
2010-05-29 18:34 . 2010-05-29 18:34 -------- d-----w- c:\documents and settings\Admin\Application Data\ScanSoft
2010-05-29 16:45 . 2010-05-29 16:45 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2010-05-29 16:27 . 2010-05-29 16:27 -------- d-----w- c:\documents and settings\Admin\Application Data\Roxio
2010-05-29 15:50 . 2010-06-03 22:07 -------- d-----w- c:\documents and settings\Chris.CHRIS-PC\Application Data\ScanSoft
2010-05-29 04:38 . 2010-05-29 04:38 503808 ----a-w- c:\documents and settings\Chris.CHRIS-PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-373f4c11-n\msvcp71.dll
2010-05-29 04:38 . 2010-05-29 04:38 499712 ----a-w- c:\documents and settings\Chris.CHRIS-PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-373f4c11-n\jmc.dll
2010-05-29 04:38 . 2010-05-29 04:38 348160 ----a-w- c:\documents and settings\Chris.CHRIS-PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-373f4c11-n\msvcr71.dll
2010-05-29 04:38 . 2010-05-29 04:38 61440 ----a-w- c:\documents and settings\Chris.CHRIS-PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-71a654f0-n\decora-sse.dll
2010-05-29 04:38 . 2010-05-29 04:38 12800 ----a-w- c:\documents and settings\Chris.CHRIS-PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-71a654f0-n\decora-d3d.dll
2010-05-29 00:36 . 2010-05-29 00:36 -------- d-----w- c:\documents and settings\Admin\ZipForm
2010-05-29 00:35 . 2010-05-29 00:35 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6bbdbc51-n\msvcp71.dll
2010-05-29 00:35 . 2010-05-29 00:35 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6bbdbc51-n\jmc.dll
2010-05-29 00:35 . 2010-05-29 00:35 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6bbdbc51-n\msvcr71.dll
2010-05-29 00:35 . 2010-05-29 00:35 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-70a6c338-n\decora-sse.dll
2010-05-29 00:35 . 2010-05-29 00:35 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-70a6c338-n\decora-d3d.dll
2010-05-29 00:30 . 2010-05-29 00:30 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE
2010-05-28 23:41 . 2010-05-28 23:41 -------- d-sh--w- c:\documents and settings\Chris.CHRIS-PC\PrivacIE
2010-05-28 22:36 . 2010-05-28 22:37 -------- d-----w- c:\documents and settings\Admin\Application Data\Delicious IE Extension
2010-05-28 22:32 . 2010-06-01 21:25 -------- d-----w- c:\documents and settings\Chris.CHRIS-PC\Application Data\Delicious IE Extension
2010-05-28 22:32 . 2010-05-28 22:32 -------- d-sh--w- c:\documents and settings\Chris.CHRIS-PC\IECompatCache
2010-05-28 22:21 . 2010-05-28 22:21 -------- d-----w- c:\documents and settings\Chris.CHRIS-PC\Application Data\Zeon
2010-05-28 22:20 . 2010-06-06 20:20 -------- d-----w- c:\documents and settings\Chris.CHRIS-PC\Local Settings\Application Data\Apple Computer
2010-05-28 22:20 . 2010-06-01 16:02 -------- d-----w- c:\documents and settings\Chris.CHRIS-PC\Local Settings\Application Data\Adobe
2010-05-28 22:20 . 2010-05-28 22:20 -------- d-----w- c:\documents and settings\Chris.CHRIS-PC\Application Data\HotSync
2010-05-28 22:20 . 2010-05-28 22:20 -------- d-----w- c:\documents and settings\Chris.CHRIS-PC\Local Settings\Application Data\Scansoft
2010-05-28 22:20 . 2010-05-28 22:20 -------- d-----w- c:\documents and settings\Chris.CHRIS-PC\Local Settings\Application Data\SupportSoft
2010-05-28 22:07 . 2010-05-28 22:07 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-609814f8-n\msvcp71.dll
2010-05-28 22:07 . 2010-05-28 22:07 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-609814f8-n\jmc.dll
2010-05-28 22:07 . 2010-05-28 22:07 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-609814f8-n\msvcr71.dll
2010-05-28 22:07 . 2010-05-28 22:07 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-42379fab-n\decora-sse.dll
2010-05-28 22:07 . 2010-05-28 22:07 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-42379fab-n\decora-d3d.dll
2010-05-28 22:07 . 2010-05-28 22:06 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-28 21:49 . 2010-05-28 21:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Delicious IE Extension
2010-05-28 21:49 . 2010-05-28 21:49 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-05-28 21:48 . 2010-05-28 21:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Zeon
2010-05-28 21:47 . 2010-05-28 21:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\HotSync
2010-05-28 21:47 . 2010-05-28 21:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-05-28 21:47 . 2010-05-28 21:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-05-28 21:47 . 2010-05-28 21:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Scansoft
2010-05-28 21:47 . 2010-05-28 21:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\SupportSoft
2010-05-28 21:39 . 2010-05-28 21:39 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-05-27 23:24 . 2010-05-27 23:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-05-22 03:26 . 2010-05-22 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-22 03:26 . 2010-05-22 03:42 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\NPE
2010-05-22 00:55 . 2010-05-22 00:55 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes
2010-05-22 00:54 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-22 00:54 . 2010-05-22 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-22 00:54 . 2010-06-06 03:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-22 00:54 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-22 00:08 . 2010-05-22 00:08 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-13 14:35 . 2010-05-13 14:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-07 01:41 . 2009-01-06 21:56 2533920 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-06-07 01:41 . 2009-01-06 21:56 73405728 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-06-07 01:30 . 2008-12-19 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-06-06 03:48 . 2010-01-31 06:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-06 03:47 . 2009-01-06 21:56 989792 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-06-06 03:47 . 2009-01-06 21:56 241016 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-06-01 01:24 . 2008-12-17 16:59 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-31 22:11 . 2008-11-20 20:31 -------- d-----w- c:\program files\Google
2010-05-29 04:38 . 2010-05-29 04:38 1324 ----a-w- c:\documents and settings\Chris.CHRIS-PC\Local Settings\Application Data\d3d9caps.tmp
2010-05-28 22:24 . 2008-11-20 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-05-28 22:22 . 2010-05-28 22:22 -------- d-----w- c:\documents and settings\Admin\Application Data\Zeon
2010-05-28 22:22 . 2010-05-28 22:22 -------- d-----w- c:\documents and settings\Admin\Application Data\HotSync
2010-05-28 22:22 . 2010-05-28 22:22 128 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\fusioncache.dat
2010-05-28 22:20 . 2010-05-28 22:19 123168 ----a-w- c:\documents and settings\Chris.CHRIS-PC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-28 22:07 . 2008-11-20 20:28 -------- d-----w- c:\program files\Common Files\Java
2010-05-18 17:21 . 2010-03-04 22:02 2393 ----a-w- c:\documents and settings\Chris\Application Data\SAS7_000.DAT
2010-05-18 17:21 . 2008-12-31 19:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-13 10:01 . 2008-12-12 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-05 09:37 . 2008-12-19 03:31 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-05 09:37 . 2008-12-19 03:31 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-29 21:35 . 2008-12-14 23:06 -------- d-----w- c:\documents and settings\Chris\Application Data\Vso
2010-04-29 21:35 . 2009-10-09 04:30 -------- d-----w- c:\program files\DVDFab 6
2010-04-29 19:44 . 2010-04-29 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-04-29 19:43 . 2010-04-29 19:43 -------- d-----w- c:\program files\DVD Shrink
2010-04-27 00:08 . 2009-12-11 21:11 97852 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-22 20:44 . 2010-04-22 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-04-09 02:35 . 2010-04-09 02:30 -------- d-----w- c:\program files\Pazera MP4 to AVI
2010-04-08 21:15 . 2010-04-08 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Panasonic
2010-04-08 21:08 . 2010-04-08 21:08 -------- d-----w- c:\program files\Common Files\CNC
2010-04-08 21:08 . 2010-04-08 21:08 -------- d-----w- c:\program files\Common Files\Panasonic
2010-04-08 21:08 . 2010-04-08 21:08 -------- d-----w- c:\program files\Panasonic
2010-04-08 21:08 . 2008-11-20 20:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-10 06:15 . 2008-04-25 16:16 420352 ----a-w- c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-05-31_23.38.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-02 03:52 . 2010-06-02 03:52 16384 c:\windows\Temp\Perflib_Perfdata_30c.dat
+ 2009-07-20 17:50 . 2010-04-16 11:43 41984 c:\windows\system32\dllcache\iecompat.dll
+ 2010-06-04 10:00 . 2010-06-04 10:00 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-01 04:30 . 2009-05-26 11:40 17272 c:\windows\ie8updates\KB981332-IE8\spmsg.dll
+ 2010-06-01 04:30 . 2009-05-26 11:40 26488 c:\windows\ie8updates\KB981332-IE8\spcustom.dll
+ 2010-06-01 01:02 . 2009-03-08 11:33 12288 c:\windows\ie8updates\KB980182-IE8\xpshims.dll
+ 2010-06-01 01:02 . 2009-05-26 11:40 17272 c:\windows\ie8updates\KB980182-IE8\spmsg.dll
+ 2010-06-01 01:02 . 2009-05-26 11:40 26488 c:\windows\ie8updates\KB980182-IE8\spcustom.dll
+ 2010-06-01 01:02 . 2009-03-08 11:31 55296 c:\windows\ie8updates\KB980182-IE8\msfeedsbs.dll
- 2010-03-31 10:00 . 2009-12-21 19:14 55296 c:\windows\ie8updates\KB980182-IE8\msfeedsbs.dll
+ 2010-06-01 01:02 . 2009-03-08 11:33 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll
- 2010-03-31 10:00 . 2009-12-21 19:14 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll
+ 2010-06-01 04:30 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB976662-IE8\spmsg.dll
+ 2010-06-01 04:30 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB976662-IE8\spcustom.dll
+ 2010-06-01 04:30 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB971961-IE8\spmsg.dll
+ 2010-06-01 04:30 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB971961-IE8\spcustom.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 37888 c:\windows\ie8\url.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 37888 c:\windows\ie8\url.dll
- 2009-07-20 17:51 . 2009-03-08 21:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2010-06-01 01:01 . 2009-03-08 21:23 58464 c:\windows\ie8\spuninst\iecustom.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 39424 c:\windows\ie8\pngfilt.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 39424 c:\windows\ie8\pngfilt.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 96256 c:\windows\ie8\occache.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 96256 c:\windows\ie8\occache.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 56832 c:\windows\ie8\mshtmler.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 56832 c:\windows\ie8\mshtmler.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 29184 c:\windows\ie8\mshta.exe
+ 2010-06-01 01:00 . 2008-04-14 12:00 29184 c:\windows\ie8\mshta.exe
+ 2010-06-01 01:00 . 2008-04-14 12:00 22016 c:\windows\ie8\licmgr10.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 22016 c:\windows\ie8\licmgr10.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 15872 c:\windows\ie8\jsproxy.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 15872 c:\windows\ie8\jsproxy.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 96256 c:\windows\ie8\inseng.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 96256 c:\windows\ie8\inseng.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 35840 c:\windows\ie8\imgutil.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 35840 c:\windows\ie8\imgutil.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 93184 c:\windows\ie8\iexplore.exe
+ 2010-06-01 01:00 . 2008-04-14 12:00 93184 c:\windows\ie8\iexplore.exe
+ 2010-06-01 01:00 . 2008-04-14 12:00 62976 c:\windows\ie8\iesetup.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 62976 c:\windows\ie8\iesetup.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 48640 c:\windows\ie8\iernonce.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 48640 c:\windows\ie8\iernonce.dll
+ 2010-06-01 01:00 . 2009-04-29 04:46 81920 c:\windows\ie8\ieencode.dll
- 2009-07-20 17:51 . 2009-04-29 04:46 81920 c:\windows\ie8\ieencode.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 34304 c:\windows\ie8\ie4uinit.exe
+ 2010-06-01 01:00 . 2008-04-14 12:00 34304 c:\windows\ie8\ie4uinit.exe
+ 2010-06-01 01:00 . 2008-04-14 12:00 38912 c:\windows\ie8\hmmapi.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 38912 c:\windows\ie8\hmmapi.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 35328 c:\windows\ie8\corpol.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 35328 c:\windows\ie8\corpol.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 99840 c:\windows\ie8\advpack.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 99840 c:\windows\ie8\advpack.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 61440 c:\windows\ie8\admparse.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 61440 c:\windows\ie8\admparse.dll
+ 2010-06-01 01:02 . 2009-03-08 11:35 2048 c:\windows\ie8updates\KB982632-IE8\iecompat.dll
- 2009-01-08 01:20 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-01-08 01:20 . 2009-01-08 01:20 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2009-12-03 04:20 . 2009-12-03 04:20 102400 c:\windows\Installer\{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}\iTunesIco.exe
+ 2009-12-03 04:20 . 2010-06-06 20:16 102400 c:\windows\Installer\{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}\iTunesIco.exe
+ 2010-06-01 01:02 . 2009-05-26 09:01 382840 c:\windows\ie8updates\KB982632-IE8\spuninst\updspapi.dll
+ 2010-06-01 01:02 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB982632-IE8\spuninst\spuninst.exe
- 2010-04-15 10:01 . 2009-03-08 11:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-06-01 04:30 . 2009-03-08 11:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-06-01 04:30 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\updspapi.dll
+ 2010-06-01 04:30 . 2009-05-26 11:40 755576 c:\windows\ie8updates\KB981332-IE8\update.exe
+ 2010-06-01 04:30 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
- 2010-04-15 10:01 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
- 2010-04-15 10:01 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2010-06-01 04:30 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2010-06-01 04:30 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst.exe
+ 2010-06-01 01:02 . 2009-03-08 11:34 914944 c:\windows\ie8updates\KB980182-IE8\wininet.dll
+ 2010-06-01 01:02 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB980182-IE8\updspapi.dll
+ 2010-06-01 01:02 . 2009-05-26 11:40 755576 c:\windows\ie8updates\KB980182-IE8\update.exe
- 2010-03-31 10:00 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll
+ 2010-06-01 01:02 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll
+ 2010-06-01 01:02 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe
- 2010-03-31 10:00 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe
+ 2010-06-01 01:02 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB980182-IE8\spuninst.exe
+ 2010-06-01 01:02 . 2009-03-08 11:34 109568 c:\windows\ie8updates\KB980182-IE8\occache.dll
- 2010-03-31 10:00 . 2009-03-08 11:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll
+ 2010-06-01 01:02 . 2009-03-08 11:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll
- 2010-03-31 10:00 . 2009-12-21 19:14 594432 c:\windows\ie8updates\KB980182-IE8\msfeeds.dll
+ 2010-06-01 01:02 . 2009-03-08 11:32 594432 c:\windows\ie8updates\KB980182-IE8\msfeeds.dll
+ 2010-06-01 01:02 . 2009-03-08 11:33 246784 c:\windows\ie8updates\KB980182-IE8\ieproxy.dll
+ 2010-06-01 01:02 . 2009-03-08 11:31 183808 c:\windows\ie8updates\KB980182-IE8\iepeers.dll
+ 2010-06-01 01:02 . 2009-03-08 21:09 391536 c:\windows\ie8updates\KB980182-IE8\iedkcs32.dll
- 2010-03-31 10:00 . 2009-12-21 13:19 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe
+ 2010-06-01 01:02 . 2009-03-08 11:32 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe
+ 2010-06-01 04:30 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\updspapi.dll
+ 2010-06-01 04:30 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB976662-IE8\update.exe
- 2010-02-24 11:00 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-06-01 04:30 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
- 2010-02-24 11:00 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-06-01 04:30 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-06-01 04:30 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst.exe
- 2010-02-24 11:00 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-06-01 04:30 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-06-01 04:30 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\updspapi.dll
+ 2010-06-01 04:30 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB971961-IE8\update.exe
- 2009-09-10 10:00 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2010-06-01 04:30 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
- 2009-09-10 10:00 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2010-06-01 04:30 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2010-06-01 04:30 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst.exe
+ 2010-06-01 04:30 . 2009-03-08 11:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
- 2009-09-10 10:00 . 2009-03-08 11:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2010-06-01 01:00 . 2009-04-29 04:46 666624 c:\windows\ie8\wininet.dll
- 2009-07-20 17:51 . 2009-04-29 04:46 666624 c:\windows\ie8\wininet.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 276480 c:\windows\ie8\webcheck.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 276480 c:\windows\ie8\webcheck.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 851968 c:\windows\ie8\vgx.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 851968 c:\windows\ie8\vgx.dll
+ 2010-06-01 01:00 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
- 2009-07-20 17:51 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2010-06-01 01:00 . 2009-04-29 04:46 620032 c:\windows\ie8\urlmon.dll
- 2009-07-20 17:51 . 2009-04-29 04:46 620032 c:\windows\ie8\urlmon.dll
+ 2010-06-01 01:01 . 2009-01-08 01:21 382496 c:\windows\ie8\spuninst\updspapi.dll
- 2009-07-20 17:51 . 2009-01-08 01:21 382496 c:\windows\ie8\spuninst\updspapi.dll
- 2009-07-20 17:51 . 2009-01-08 01:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2010-06-01 01:01 . 2009-01-08 01:20 231456 c:\windows\ie8\spuninst\spuninst.exe
- 2009-07-20 17:51 . 2008-04-14 12:00 532480 c:\windows\ie8\mstime.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 532480 c:\windows\ie8\mstime.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 146432 c:\windows\ie8\msrating.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 146432 c:\windows\ie8\msrating.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 146432 c:\windows\ie8\msls31.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 146432 c:\windows\ie8\msls31.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 449024 c:\windows\ie8\mshtmled.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 449024 c:\windows\ie8\mshtmled.dll
+ 2010-06-01 01:00 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
- 2009-07-20 17:51 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 251904 c:\windows\ie8\iepeers.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 251904 c:\windows\ie8\iepeers.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 323584 c:\windows\ie8\iedkcs32.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 323584 c:\windows\ie8\iedkcs32.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 221184 c:\windows\ie8\ieakui.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 221184 c:\windows\ie8\ieakui.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 216576 c:\windows\ie8\ieaksie.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 216576 c:\windows\ie8\ieaksie.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 143360 c:\windows\ie8\ieakeng.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 143360 c:\windows\ie8\ieakeng.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 205312 c:\windows\ie8\dxtrans.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 205312 c:\windows\ie8\dxtrans.dll
- 2009-07-20 17:51 . 2008-04-14 12:00 357888 c:\windows\ie8\dxtmsft.dll
+ 2010-06-01 01:00 . 2008-04-14 12:00 357888 c:\windows\ie8\dxtmsft.dll
+ 2008-03-21 02:06 . 2009-06-25 20:20 1485176 c:\windows\system32\LegitCheckControl.DLL
+ 2010-06-01 01:02 . 2009-03-08 11:34 1206784 c:\windows\ie8updates\KB980182-IE8\urlmon.dll
+ 2010-06-01 01:02 . 2009-03-08 11:41 5937152 c:\windows\ie8updates\KB980182-IE8\mshtml.dll
+ 2010-06-01 01:02 . 2009-03-08 11:32 1985024 c:\windows\ie8updates\KB980182-IE8\iertutil.dll
+ 2010-06-01 01:00 . 2009-04-29 04:46 3068928 c:\windows\ie8\mshtml.dll
- 2009-07-20 17:51 . 2009-04-29 04:46 3068928 c:\windows\ie8\mshtml.dll
+ 2010-06-04 10:00 . 2010-06-04 10:00 20242432 c:\windows\Installer\92d58d3.msp
+ 2010-06-01 01:02 . 2009-03-08 11:39 11063808 c:\windows\ie8updates\KB980182-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"IE Privacy Keeper"="c:\program files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" [2005-06-29 1015808]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-04-04 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-04-03 640440]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-04-03 128232]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-11 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-11 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2006-11-16 35368]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-05-27 753664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Kaseya Agent Service Helper"="c:\program files\Kaseya\Agent\KaUsrTsk.exe" [2008-09-04 229376]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageServer\TrueImageMonitor.exe" [2008-11-01 1285472]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageServer\TimounterMonitor.exe" [2008-11-01 884928]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-11-01 140568]
"LyraWirelessRemote"="c:\program files\Lyra Wireless Remote\Lyraw.exe" [2003-03-01 94208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-7 113664]
DocuSign Web.lnk - c:\program files\DocuSign Web\DocuSignExpress.exe [2008-12-16 62728]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\LogMeIn Rescue Calling Card\\CallingCard.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Acronis\\TrueImageServer\\TrueImage.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:*:Disabled:Bonjour

R2 CmosTime;CmosTime;c:\windows\system32\cmostime.sys [9/14/2005 12:40 PM 3502]
R2 KaseyaAgent;Kaseya Agent;c:\program files\Kaseya\Agent\AgentMon.exe [11/24/2009 4:35 PM 610304]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [11/20/2008 1:29 PM 8960]
R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [11/24/2009 4:35 PM 20792]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 7:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 6:06 PM 24592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/5/2010 4:22 PM 136176]
S3 Diag69xp;Diag69xp;c:\windows\system32\Drivers\Diag69xp.sys --> c:\windows\system32\Drivers\Diag69xp.sys [?]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [11/20/2008 1:29 PM 16640]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-09-20 05:46 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 23:22]

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 23:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: car.org\www
Trusted Zone: winforms.com\support
TCP: {7D5C43C3-7E01-4CDD-BD43-2483B1839CB0} = 208.67.222.222,20.67.220.220
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-06 18:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1260)
c:\windows\system32\Ati2evxx.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\adialhk.dll
c:\windows\system32\DNSAPI.dll

- - - - - - - > 'lsass.exe'(1324)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(1040)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-06 18:42:52
ComboFix-quarantined-files.txt 2010-06-07 01:42
ComboFix2.txt 2010-05-31 23:39

Pre-Run: 172,628,267,008 bytes free
Post-Run: 172,980,199,424 bytes free

- - End Of File - - 145BD8414CA5AE87E0B1113D3C182B52



Thank you, and please let me know what I should do next.

Chris


#6 kurisu

kurisu
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 07 June 2010 - 11:56 AM

Hello again EB, one new thing started happening today -- any time I start my browser (IE8), I immediately get a windows message indicating that IE is not my default browser, and do I want to set it to be the default. I have to click either yes or no. Regardless of whether I select yes or no, the next time I open the browser, I get the same message. I just tried going into the control panel to check whether IE was the default browser, and it said it wasn't. I clicked the button to set it as default, but when I opened up IE again, I received the same message. Toggling back to the control panel, sure enough, IE was no longer the default browser, even though I had set it to be the default in the control panel 2 seconds earlier.

In fact, I just tried this -- without having the browser open, I just opened Internet Options in the control panel. Clicking on the Programs tab, sure enough, "Internet Explorer is not currently the default web browser". I clicked "make default", leaving the "tell me if IE is not the default browser" box checked, clicked "OK" to close the whole Internet Properties box, and immediately opened up Internet Properties, went to the programs tab, and it says that IE is not currently the default web browser. I don't know what's causing this, but it definitely seems strange so I thought I should report it to you.

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 AM

Posted 08 June 2010 - 08:59 PM

Thanks for the description.

Do you still have the Google Redirect problems? With that IE problem, I wouldn't worry too much about that, probably some configuration issue that might need to be dealt but nothing like something too major that would cause problems.

Let's take another scan here...

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  7. Push
  8. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 kurisu

kurisu
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 08 June 2010 - 11:58 PM

Awesome, thank you EB. I just got back from a client meeting and don't have time to download the prog tonight, but I'll do it tomorrow and post the logs you need. Thanks!

#9 kurisu

kurisu
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 09 June 2010 - 10:36 AM

Hi EB, it seems like the redirect is no longer happening. I'm not 100% sure, because as far as I know there could be things happening that I don't know about, but it seems like the primary problems are those IE problems: the inability to connect to secure websites (all security certificates are deemed invalid) and now that "no longer default browser" issue.

Here is the OTL.txt log (that's the name that OTL automatically gave it):

OTL logfile created on: 6/9/2010 8:09:40 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 161.06 Gb Free Space | 69.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 465.64 Gb Total Space | 465.53 Gb Free Space | 99.97% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: CHRIS-PC
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/09 08:04:26 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2010/04/03 16:44:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/05/27 12:00:24 | 000,753,664 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPort\APAgent.exe
PRC - [2009/04/02 17:33:16 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/06 15:25:55 | 000,231,952 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
PRC - [2008/11/20 13:31:02 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/11/01 00:21:08 | 000,884,928 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageServer\TimounterMonitor.exe
PRC - [2008/11/01 00:10:08 | 000,140,568 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2008/11/01 00:10:02 | 000,455,960 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/11/01 00:08:10 | 001,285,472 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageServer\TrueImageMonitor.exe
PRC - [2008/09/29 20:11:32 | 000,610,304 | ---- | M] (Kaseya) -- C:\Program Files\Kaseya\Agent\AgentMon.exe
PRC - [2008/09/04 14:35:10 | 000,229,376 | ---- | M] (Kaseya) -- C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
PRC - [2008/08/06 16:27:22 | 002,164,088 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2008/07/20 16:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/20 16:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/03 18:28:08 | 001,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe
PRC - [2007/11/14 11:12:54 | 000,062,728 | ---- | M] (DocuSign, Inc.) -- C:\Program Files\DocuSign Web\DocuSignExpress.exe
PRC - [2007/01/11 13:01:16 | 000,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2006/09/25 08:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2006/09/11 03:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2005/06/29 14:22:46 | 001,015,808 | ---- | M] (UnH Solutions) -- C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
PRC - [2003/05/08 12:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
PRC - [2003/02/28 17:54:16 | 000,094,208 | ---- | M] (Thomson Inc.) -- C:\Program Files\Lyra Wireless Remote\LyraW.exe


========== Modules (SafeList) ==========

MOD - [2010/06/09 08:04:26 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
MOD - [2008/04/14 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/03/24 11:53:30 | 000,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/01/06 15:25:55 | 000,231,952 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe -- (AVP)
SRV - [2008/12/15 17:56:40 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/01 00:10:02 | 000,455,960 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/09/29 20:11:32 | 000,610,304 | ---- | M] (Kaseya) [Auto | Running] -- C:\Program Files\Kaseya\Agent\AgentMon.exe -- (KaseyaAgent)
SRV - [2008/08/06 16:27:22 | 002,164,088 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2008/07/20 16:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2009/11/24 18:34:45 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/11/24 18:34:45 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/11/24 18:34:39 | 000,132,800 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/04/02 10:54:26 | 000,201,504 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)
DRV - [2009/01/06 15:25:56 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008/08/18 16:14:46 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/08/18 16:03:12 | 000,106,368 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/18 15:20:06 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/09 13:45:12 | 003,231,744 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/05/21 08:53:36 | 000,093,696 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/04/30 18:06:48 | 000,024,592 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2008/04/14 05:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 05:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 05:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/30 14:35:58 | 000,020,792 | ---- | M] (Kaseya) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KaPFA.sys -- (KAPFA)
DRV - [2008/03/13 19:02:46 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klfltdev.sys -- (KLFLTDEV)
DRV - [2007/12/04 17:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/11/20 00:14:08 | 000,016,640 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2007/11/20 00:04:50 | 000,008,960 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2007/07/23 14:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 14:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 14:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 14:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 14:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 14:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 14:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 14:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 13:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/07/23 13:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 13:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/07/23 13:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/09/14 12:40:00 | 000,003,502 | ---- | M] (BSI SA http://www.bsi.gr) [Kernel | Auto | Running] -- C:\WINDOWS\system32\cmostime.sys -- (CmosTime)
DRV - [2001/08/17 19:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 19:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 19:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 19:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 19:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 18:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 18:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 18:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 18:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 18:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 18:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 18:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 18:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 18:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 18:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4081120
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4081120


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4081120
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4081120
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3315509895-2956943036-1400379007-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3315509895-2956943036-1400379007-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2008/12/18 20:31:33 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/05/28 16:34:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (CDelHotkeys Object) - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Delicious Toolbar) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O3 - HKU\S-1-5-21-3315509895-2956943036-1400379007-1008\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3315509895-2956943036-1400379007-1008\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3315509895-2956943036-1400379007-1008\..\Toolbar\WebBrowser: (Delicious Toolbar) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageServer\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IE Privacy Keeper] C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe (UnH Solutions)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Kaseya Agent Service Helper] C:\Program Files\Kaseya\Agent\KaUsrTsk.exe (Kaseya)
O4 - HKLM..\Run: [LyraWirelessRemote] C:\Program Files\Lyra Wireless Remote\Lyraw.exe (Thomson Inc.)
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageServer\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-3315509895-2956943036-1400379007-1008..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-3315509895-2956943036-1400379007-1008..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-3315509895-2956943036-1400379007-1008..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DocuSign Web.lnk = C:\Program Files\DocuSign Web\DocuSignExpress.exe (DocuSign, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3315509895-2956943036-1400379007-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3315509895-2956943036-1400379007-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3315509895-2956943036-1400379007-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3315509895-2956943036-1400379007-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3315509895-2956943036-1400379007-1008\..Trusted Domains: car.org ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3315509895-2956943036-1400379007-1008\..Trusted Domains: winforms.com ([support] http in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1229112070930 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} https://www.rtierra.com/inc/kaxRemote.dll (kasRmtHlp Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://cornellalumni.webex.com/client/T26L...ing/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} http://realist2.firstamres.com/mapviewer/mapviewer.cab (First American Res MapActiveX Control)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 14:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/28 10:57:38 | 000,000,137 | -H-- | M] () - H:\autorun.new -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/04/25 14:28:57 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {24A8748B-EF76-44BB-CF11-B36A10597E3B} - Java (Sun)
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {B6879BC9-DA54-E418-3408-F8694595A806} - NetShow
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DVSD - pdvcodec.dll File not found
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183528496136192)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/09 08:04:26 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2010/06/07 12:09:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/06 11:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\Older Bleeping Computer Logs
[2010/06/05 20:49:24 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin\Desktop\shmalwarebytes.exe
[2010/05/31 18:00:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/31 17:14:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\IECompatCache
[2010/05/29 11:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\ScanSoft
[2010/05/29 09:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2010/05/29 09:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Roxio
[2010/05/28 17:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\ZipForm
[2010/05/28 17:30:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\PrivacIE
[2010/05/28 16:22:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/28 16:17:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/28 16:17:54 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/28 16:17:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/28 16:17:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/28 16:17:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/28 16:17:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/28 15:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Google
[2010/05/28 15:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Delicious IE Extension
[2010/05/28 15:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Zeon
[2010/05/28 15:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\HotSync
[2010/05/28 15:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\Palm OS Desktop
[2010/05/28 15:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Apple Computer
[2010/05/28 15:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Adobe
[2010/05/28 15:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Adobe
[2010/05/28 15:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Scansoft
[2010/05/28 15:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Macromedia
[2010/05/28 15:22:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\IETldCache
[2010/05/28 15:22:01 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Admin\Application Data\Microsoft
[2010/05/28 15:22:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\SendTo
[2010/05/28 15:22:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2010/05/28 15:22:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Application Data
[2010/05/28 15:22:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu
[2010/05/28 15:22:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Videos
[2010/05/28 15:22:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Pictures
[2010/05/28 15:22:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Music
[2010/05/28 15:22:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents
[2010/05/28 15:22:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Favorites
[2010/05/28 15:22:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\Cookies
[2010/05/28 15:22:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\Templates
[2010/05/28 15:22:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\PrintHood
[2010/05/28 15:22:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\NetHood
[2010/05/28 15:22:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\Local Settings
[2010/05/28 15:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Sun
[2010/05/28 15:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\PowerDVD DX
[2010/05/28 15:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\My Google Gadgets
[2010/05/28 15:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft Help
[2010/05/28 15:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft
[2010/05/28 15:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\InstallShield
[2010/05/28 15:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Identities
[2010/05/28 15:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Google
[2010/05/28 15:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop
[2010/05/28 15:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\ATI
[2010/05/28 15:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\ATI
[2010/05/28 15:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\ApplicationHistory
[2010/05/28 15:07:08 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/28 15:07:08 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/28 15:07:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/28 15:07:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/28 14:38:34 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/05/21 21:54:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/21 21:54:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/21 20:26:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/05/21 17:54:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/21 17:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/21 17:54:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/21 17:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/13 07:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/09 08:10:12 | 002,544,160 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/06/09 08:10:09 | 073,531,168 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/06/09 08:04:26 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2010/06/09 07:59:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/09 07:59:41 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/09 07:59:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/09 07:59:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/09 07:58:57 | 2146,418,688 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/08 22:00:04 | 000,992,984 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/06/08 22:00:04 | 000,242,600 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/06/08 21:27:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/06 19:19:38 | 001,835,008 | -H-- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010/06/06 19:19:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini
[2010/06/06 18:41:33 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/06 18:33:00 | 003,703,394 | R--- | M] () -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2010/06/05 20:46:05 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin\Desktop\shmalwarebytes.exe
[2010/06/02 11:11:49 | 000,138,083 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Intermedia root certificate thing.docx
[2010/06/01 16:09:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Admin\defogger_reenable
[2010/06/01 15:42:21 | 001,815,801 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Preparation Guide For Use Before Using Malware Removal Tools.pdf
[2010/06/01 15:35:37 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\dds.scr
[2010/06/01 15:35:01 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Defogger.exe
[2010/05/31 21:30:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/31 18:24:27 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/31 16:33:28 | 003,701,914 | R--- | M] () -- C:\Documents and Settings\Admin\My Documents\ComboFix.exe
[2010/05/29 12:48:18 | 000,000,546 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Shortcut to ComboFix.lnk
[2010/05/28 16:34:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/28 16:22:09 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/28 15:22:18 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\fusioncache.dat
[2010/05/28 15:06:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/28 15:06:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/28 15:06:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/28 15:06:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/28 15:06:54 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/27 11:24:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/06 18:33:00 | 003,703,394 | R--- | C] () -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2010/06/06 11:24:31 | 2146,418,688 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/02 10:50:03 | 000,138,083 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Intermedia root certificate thing.docx
[2010/06/01 16:09:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\defogger_reenable
[2010/06/01 15:42:05 | 001,815,801 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Preparation Guide For Use Before Using Malware Removal Tools.pdf
[2010/06/01 15:35:30 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\dds.scr
[2010/06/01 15:35:01 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Defogger.exe
[2010/05/29 12:48:18 | 000,000,546 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Shortcut to ComboFix.lnk
[2010/05/28 16:22:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/28 16:22:03 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/28 16:17:54 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/28 16:17:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/28 16:17:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/28 16:17:54 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/28 16:17:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/28 16:15:23 | 003,701,914 | R--- | C] () -- C:\Documents and Settings\Admin\My Documents\ComboFix.exe
[2010/05/28 15:22:01 | 001,835,008 | -H-- | C] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010/05/28 15:22:01 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\Admin\ntuser.dat.LOG
[2010/05/28 15:22:01 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Admin\ntuser.ini
[2010/05/28 15:22:01 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\fusioncache.dat
[2010/04/08 14:55:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Title.INI
[2010/04/08 14:16:21 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2009/11/01 16:27:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/11/01 16:27:31 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/11 19:08:08 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/11 19:08:08 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/21 12:36:39 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/05/11 17:20:05 | 000,001,889 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/03/17 16:09:37 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009/01/18 23:18:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2009/01/18 23:18:08 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/12/21 23:13:55 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2008/11/20 15:22:28 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/11/20 13:32:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/11/20 13:30:53 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/25 14:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 09:16:27 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL
[2005/04/07 21:38:44 | 000,172,544 | ---- | C] () -- C:\WINDOWS\System32\sfsshell.dll
[2002/06/06 02:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll

========== LOP Check ==========

[2010/05/28 15:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Delicious IE Extension
[2010/05/28 15:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\HotSync
[2010/05/29 11:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ScanSoft
[2010/05/28 15:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Zeon
[2010/05/28 14:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Delicious IE Extension
[2010/05/28 14:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HotSync
[2010/05/28 14:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Zeon
[2009/12/29 11:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/05/01 23:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2008/12/12 15:19:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/12/18 20:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2008/12/12 14:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2009/08/12 11:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2008/12/18 14:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/03/04 14:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/04/08 14:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2009/05/21 12:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/12/15 20:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\scar5
[2008/12/16 11:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/12/16 11:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2008/12/12 14:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sync App Settings
[2010/05/18 10:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/12 23:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UnH Solutions
[2008/12/26 10:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/04/22 13:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/01/19 12:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2009/12/02 21:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/01/19 14:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\.oit
[2009/11/29 17:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Amazon
[2009/05/02 17:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Anvil Studio
[2009/02/10 00:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Audacity
[2010/04/07 12:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Brainwave
[2009/05/01 23:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Cakewalk
[2010/01/02 14:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Canon
[2009/02/13 13:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Delicious IE Extension
[2009/12/29 15:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DVDFab
[2008/12/12 14:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\F-Secure
[2009/05/08 21:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\GARMIN
[2009/08/12 11:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\HotSync
[2009/01/18 23:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\NewSoft
[2010/03/04 14:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Nuance
[2009/05/21 12:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\ScanSoft
[2008/12/12 14:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Sync App Settings
[2010/04/29 14:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Vso
[2009/02/02 13:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\webex
[2009/01/19 12:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Zeon
[2010/06/03 15:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHRIS-PC\Application Data\Canon
[2010/06/01 14:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHRIS-PC\Application Data\Delicious IE Extension
[2010/05/28 15:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHRIS-PC\Application Data\HotSync
[2010/06/03 15:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHRIS-PC\Application Data\ScanSoft
[2010/05/28 15:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHRIS-PC\Application Data\Zeon
[2009/12/09 13:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rTierra\Application Data\Delicious IE Extension
[2009/11/25 13:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rTierra\Application Data\HotSync
[2009/11/25 13:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rTierra\Application Data\Zeon

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2009/12/29 11:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/05/09 16:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/12/12 11:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/12/17 19:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/05/01 23:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2008/12/12 15:19:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/04/08 19:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2010/05/28 15:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2010/04/29 12:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/12/18 20:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2008/12/15 19:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/12/12 14:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2010/04/26 13:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/12/13 00:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GRETECH
[2009/08/12 11:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/05/01 23:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Identities
[2008/11/20 13:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/06/09 08:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2008/12/18 20:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2008/12/18 14:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/02/07 17:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2010/05/21 17:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/04 03:01:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/05/13 03:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2008/12/19 23:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/05/21 20:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/03/04 14:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/04/08 14:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2009/05/21 12:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/12/15 20:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\scar5
[2008/11/20 13:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2008/12/16 11:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/12/16 11:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2010/01/28 12:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2008/12/12 14:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sync App Settings
[2010/05/18 10:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/12 23:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UnH Solutions
[2008/12/26 10:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008/12/12 13:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/04/22 13:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/01/19 12:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2009/12/02 21:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 15:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DifXInstall32.exe
[2009/12/02 21:13:27 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
[2008/11/13 10:20:08 | 000,075,088 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe
[2009/01/06 15:25:03 | 000,231,952 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.3.830\avp.exe

< %APPDATA%\*. >
[2010/06/01 15:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Adobe
[2008/11/20 13:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ATI
[2010/05/28 15:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Delicious IE Extension
[2010/05/28 15:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Google
[2010/05/28 15:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\HotSync
[2008/04/25 14:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Identities
[2008/11/20 13:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\InstallShield
[2010/05/28 15:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Macromedia
[2010/05/29 09:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2010/05/29 11:34:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Admin\Application Data\Microsoft
[2010/05/29 09:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Roxio
[2010/05/29 11:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ScanSoft
[2008/11/20 13:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Sun
[2010/05/28 15:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Zeon

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2008/04/14 05:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 05:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 05:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/08/18 16:14:46 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\drivers\storage\R196209\IaStor.sys
[2008/07/20 16:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/08/18 16:14:46 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2008/07/20 16:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 05:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 248 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F87C192A
@Alternate Data Stream - 246 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDF51F17
@Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
< End of report >

And here is the Extras.txt:

OTL Extras logfile created on: 6/9/2010 8:09:40 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 161.06 Gb Free Space | 69.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 465.64 Gb Total Space | 465.53 Gb Free Space | 99.97% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: CHRIS-PC
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:UDP" = 5353:UDP:*:Disabled:Bonjour
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\LogMeIn Rescue Calling Card\CallingCard.exe" = C:\Program Files\LogMeIn Rescue Calling Card\CallingCard.exe:*:Enabled:LogMeIn Rescue Calling Card -- (LogMeIn, Inc.)
"C:\Program Files\AirPort\APAgent.exe" = C:\Program Files\AirPort\APAgent.exe:*:Enabled:AirPort -- (Apple Inc.)
"C:\Program Files\Acronis\TrueImageServer\TrueImage.exe" = C:\Program Files\Acronis\TrueImageServer\TrueImage.exe:*:Enabled:Acronis True Image -- (Acronis)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E73E50-6513-4802-8600-B5A5BA185BE3}" = ScanSoft PaperPort 11
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}" = Canon MP830
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{10DF6B41-D59D-4CCE-86BC-028DF8F9A061}" = Acronis True Image Echo Server
"{12B4E2C0-8D67-408D-86DF-119BEAAD5308}" = Blowfish Advanced CS
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3789CCF5-DF4C-45F9-9748-C75A2B696A62}" = DocuSign Web
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{48C76121-4F90-11D5-9884-0050BA85A903}" = Kaseya Agent
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{637AF5A9-CFD1-43D7-A622-8F93954E92E3}" = AirPort
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67EC0AB2-8CF7-4415-9F70-7FBC593C0D5E}" = ScanSoft PDF Create! 4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79B986AD-54D8-4498-AA06-89808829ACC0}" = Kaspersky Anti-Virus 6.0 for Windows Workstations
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7E117A6A-8579-4435-8290-4089C1C5BEFA}" = FinkelSupport
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{87841AF8-C785-42FF-A76E-CC0F0C2816CC}" = ATI Catalyst Control Center
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{88253B77-33C9-4A9D-9E4C-4579E39D9158}" = Diagnostics Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_932" = Adobe Acrobat 9.3.2 - CPSID_53951
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E07C71A6-1576-4F7F-8856-B1C439E669AC}" = MotionDV STUDIO 5.6E LE for DV
"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}" = Presto! PageManager 7.15.11
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"AC3Filter" = AC3Filter (remove only)
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"Allway Sync_is1" = Allway Sync version 8.5.1
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AsUninst.exe" = Anvil Studio
"ATI Display Driver" = ATI Display Driver
"Atmosphere Lite_is1" = Atmosphere Lite v6.0
"Audacity_is1" = Audacity 1.2.6
"BrainWave Generator" = BrainWave Generator
"Cool Timer_is1" = Cool Timer 3.6
"Delicious Add-on for Internet Explorer" = Delicious Add-on for Internet Explorer
"Digital Editions" = Adobe Digital Editions
"DVD Shrink_is1" = DVD Shrink 3.1.7
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"DVDFab 7_is1" = DVDFab 7.0.4.0 (15/04/2010)
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"ffdshow_is1" = ffdshow [rev 3078] [2009-09-17]
"FLAC" = FLAC 1.2.1b (remove only)
"GOM Player" = GOM Player
"IE Privacy Keeper" = IE Privacy Keeper
"ie8" = Windows Internet Explorer 8
"InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"InstallWIX_{79B986AD-54D8-4498-AA06-89808829ACC0}" = Kaspersky Anti-Virus 6.0 for Windows Workstations
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"Lexmark Printer Software Uninstall" = Lexmark Printer Software Uninstall
"LyraWireless Remote" = RCA Lyra Wireless Remote
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mind Stereo_is1" = Mind Stereo 1.1.1
"MP Navigator 2.2" = Canon MP Navigator 2.2
"MVApplication1" = Memorex exPressit Label Design Studio
"Neuro-Programmer 2_is1" = Neuro-Programmer 2.5
"pzizz" = pzizz
"Quicken Lawyer 2002 Personal Deluxe" = Quicken Lawyer 2002 Personal Deluxe
"Quicken WillMaker Plus 2008" = Quicken WillMaker Plus 2008
"RealVNC_is1" = VNC Enterprise Edition E4.4.3
"Rhapsody" = Rhapsody
"SearchAssist" = SearchAssist
"Simple File Shredder" = Simple File Shredder 2.6
"SONARLE_is1" = SONAR 6 LE
"Transcriber_is1" = Transcriber 1.5.1
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player 0.9.8a
"VST Bridge_is1" = VST Bridge 1.1
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/2/2010 7:14:17 AM | Computer Name = CHRIS-PC | Source = Acronis True Image Echo Server | ID = 1015
Description =

Error - 6/2/2010 7:15:52 AM | Computer Name = CHRIS-PC | Source = Acronis True Image Echo Server | ID = 5
Description = Operation has completed with errors.

Error - 6/2/2010 7:27:08 AM | Computer Name = CHRIS-PC | Source = Google Update | ID = 20
Description =

Error - 6/2/2010 8:27:07 AM | Computer Name = CHRIS-PC | Source = Google Update | ID = 20
Description =

Error - 6/2/2010 9:27:06 AM | Computer Name = CHRIS-PC | Source = Google Update | ID = 20
Description =

Error - 6/2/2010 10:27:07 AM | Computer Name = CHRIS-PC | Source = Google Update | ID = 20
Description =

Error - 6/2/2010 11:27:05 AM | Computer Name = CHRIS-PC | Source = Google Update | ID = 20
Description =

Error - 6/2/2010 12:27:06 PM | Computer Name = CHRIS-PC | Source = Google Update | ID = 20
Description =

Error - 6/3/2010 2:03:36 PM | Computer Name = CHRIS-PC | Source = Acronis True Image Echo Server | ID = 5
Description = Operation has completed with errors.

Error - 6/4/2010 6:56:56 PM | Computer Name = CHRIS-PC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 11/30/2009 12:15:07 PM | Computer Name = CHRIS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 137370
seconds with 1320 seconds of active time. This session ended with a crash.

Error - 12/4/2009 7:44:26 PM | Computer Name = CHRIS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 155441
seconds with 12780 seconds of active time. This session ended with a crash.

Error - 12/7/2009 1:10:34 PM | Computer Name = CHRIS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 206784
seconds with 4680 seconds of active time. This session ended with a crash.

Error - 1/26/2010 10:30:35 PM | Computer Name = CHRIS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 120211
seconds with 3900 seconds of active time. This session ended with a crash.

Error - 2/18/2010 7:11:19 PM | Computer Name = CHRIS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 273202
seconds with 35040 seconds of active time. This session ended with a crash.

Error - 3/29/2010 6:42:43 PM | Computer Name = CHRIS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1660113
seconds with 95340 seconds of active time. This session ended with a crash.

Error - 4/7/2010 4:13:00 PM | Computer Name = CHRIS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6008
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 5/2/2010 11:56:31 PM | Computer Name = CHRIS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 297058
seconds with 15480 seconds of active time. This session ended with a crash.

Error - 5/14/2010 4:42:11 PM | Computer Name = CHRIS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 108273
seconds with 8580 seconds of active time. This session ended with a crash.

Error - 6/1/2010 2:30:36 PM | Computer Name = CHRIS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10741
seconds with 5940 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/7/2010 11:56:51 AM | Computer Name = CHRIS-PC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/7/2010 12:46:43 PM | Computer Name = CHRIS-PC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/7/2010 12:59:48 PM | Computer Name = CHRIS-PC | Source = Srv | ID = 2011
Description = The server's configuration parameter "irpstacksize" is too small for
the server to use a local device. Please increase the value of this parameter.

Error - 6/7/2010 1:00:09 PM | Computer Name = CHRIS-PC | Source = Srv | ID = 2011
Description = The server's configuration parameter "irpstacksize" is too small for
the server to use a local device. Please increase the value of this parameter.

Error - 6/7/2010 1:00:09 PM | Computer Name = CHRIS-PC | Source = Srv | ID = 2011
Description = The server's configuration parameter "irpstacksize" is too small for
the server to use a local device. Please increase the value of this parameter.

Error - 6/7/2010 1:00:09 PM | Computer Name = CHRIS-PC | Source = Srv | ID = 2011
Description = The server's configuration parameter "irpstacksize" is too small for
the server to use a local device. Please increase the value of this parameter.

Error - 6/7/2010 1:00:09 PM | Computer Name = CHRIS-PC | Source = Srv | ID = 2011
Description = The server's configuration parameter "irpstacksize" is too small for
the server to use a local device. Please increase the value of this parameter.

Error - 6/7/2010 1:00:09 PM | Computer Name = CHRIS-PC | Source = Srv | ID = 2011
Description = The server's configuration parameter "irpstacksize" is too small for
the server to use a local device. Please increase the value of this parameter.

Error - 6/8/2010 11:45:03 AM | Computer Name = CHRIS-PC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/9/2010 10:59:13 AM | Computer Name = CHRIS-PC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2


< End of report >

I'm amazed you can make any sense of this stuff. Thank you!

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 AM

Posted 10 June 2010 - 05:56 PM

You're welcome. smile.gif

Glad no more re-direction.

QUOTE
the inability to connect to secure websites (all security certificates are deemed invalid) and now that "no longer default browser" issue.

What do you mean by cannot connect to secure websites? What secure websites and all security certificates does not work? What happens?

Let's get an online scan here...

Run ESET Online Scan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
You can refer to this animation by neomage if needed.


Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 kurisu

kurisu
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 10 June 2010 - 07:23 PM

Hello EB, I'm running the scan as I write this. When starting the ESET online scan, I checked the "scan archives" button as instructed. The program was set by default to remove any threats and I left that checked as it was a default and you didn't mention otherwise.

As I'm waiting for the scan to run (software is downloading the signature database still, and I'm writing this post on my notebook), I'll expand on my mention of secure websites. Nothing regarding secure websites has changed since my previous post, so I'm just cutting and pasting that description.

Any time I attempt to open a secure website, I always get a warning that:

"This CA Root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities store."

For example, I'm trying to connect to my company's exchange server, which is at intermedia. If I click on the install certificate button (in this, or ANY other secure site), I get the following message (except the thumbprint is different), which I had to type in manually because I could not select text in the message, so there may be typos:

"You are about to install a certificate from a certification authority (CA) claiming to represent:

owa3.intermedia.net

Windows cannot validate that the certificate is actually from "owa3.intermedia.net". You should confirm its origin by contacting "owa3.intermedia.net". The following number will assist you in this process:

Thumbprint (sha1): AE9EA218 1CD2529A D3CD93A1 356EF524 15240665

Warning: If you install this root certificate, Windows will automatically trust any certificate issued by this CA. Installing a certificate with an unconfirmed thumbprint is a security risk. If you click "Yes" you acknowledge this risk.

Do you want to install this certificate?"

I get the same warnings anytime I try to access any secure site -- the exchange server, amazon.com, wherever. I could probaly access the websites if I accepted the certificates, but I don't know whether I should or not because I don't know whether this problem is related to an active virus or anything. So it's not precisely true to say that I CAN'T access the secure sites, it's more accurate to say that I can't access them without accepting security certificates that Windows is telling me can't be verified. So I just don't access secure sites with that computer anymore.

OK, the scan is still going (only at 25% after a half an hour or so). It apparently already found 2 threats, "a variant of Java/TrojanDownloader.Agent.NAN trojan". I have a meeting tonight, and I probably won't be able to upload the logs until after I get back.

I'll repost later tonight.

Chris

#12 kurisu

kurisu
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 10 June 2010 - 09:28 PM

Hello again EB, I'm posting the ESET log, the DDS log and the DDS Attach log:

ESET:

C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\37\301cb0e5-6a375269 multiple threats deleted - quarantined
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\4\436a0444-3d1a7df7 a variant of Java/TrojanDownloader.Agent.NAN trojan deleted - quarantined

DDS:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Admin at 19:09:13.39 on Thu 06/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1374 [GMT -7:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaseya\Agent\AgentMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Acronis\TrueImage\TrueImageNotify.exe
C:\Program Files\Common Files\Acronis\TrueImage\TrueImageService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
C:\Program Files\Acronis\TrueImageServer\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageServer\TimounterMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DocuSign Web\DocuSignExpress.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ScanSoft\PaperPort\PaprPort.exe
C:\Program Files\ScanSoft\PaperPort\PPLINKS.EXE
C:\Program Files\ScanSoft\PaperPort\ppscanmg.exe
C:\Program Files\ScanSoft\PaperPort\ppprint.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
C:\Program Files\Acronis\TrueImageServer\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageServer\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Lyra Wireless Remote\Lyraw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DocuSign Web\DocuSignExpress.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: CDelHotkeys Object: {78875f5c-a685-4405-8dc5-d48dc65452b0} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [IE Privacy Keeper] "c:\program files\unh solutions\ie privacy keeper\IEPrivacyKeeper.exe" -startup
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Kaseya Agent Service Helper] "c:\program files\kaseya\agent\KaUsrTsk.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimageserver\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimageserver\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [LyraWirelessRemote] "c:\program files\lyra wireless remote\Lyraw.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\docusi~1.lnk - c:\program files\docusign web\DocuSignExpress.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\ie_banner_deny.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\SCIEPlgn.dll
IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: car.org\www
Trusted Zone: winforms.com\support
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229112070930
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} - hxxps://www.rtierra.com/inc/kaxRemote.dll
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cornellalumni.webex.com/client/T26L/training/ieatgpc.cab
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
TCP: {7D5C43C3-7E01-4CDD-BD43-2483B1839CB0} = 208.67.222.222,20.67.220.220
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-7-18 112144]
R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-11-9 201504]
R2 AVP;Kaspersky Anti-Virus 6.0;c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe [2007-11-19 231952]
R2 CmosTime;CmosTime;c:\windows\system32\cmostime.sys [2005-9-14 3502]
R2 KaseyaAgent;Kaseya Agent;c:\program files\kaseya\agent\AgentMon.exe [2009-11-24 610304]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2008-11-20 8960]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-5 136176]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys --> c:\windows\system32\drivers\Diag69xp.sys [?]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2008-11-20 16640]

=============== Created Last 30 ================

2010-06-10 23:44:49 0 d-----w- c:\program files\ESET
2010-06-09 18:55:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-01 23:09:08 0 ----a-w- c:\documents and settings\admin\defogger_reenable
2010-06-01 01:00:48 0 dc-h--w- c:\windows\ie8
2010-06-01 00:14:36 0 d-sh--w- c:\documents and settings\admin\IECompatCache
2010-05-29 16:45:20 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes
2010-05-29 00:36:42 0 d-----w- c:\documents and settings\admin\ZipForm
2010-05-29 00:30:31 0 d-sh--w- c:\documents and settings\admin\PrivacIE
2010-05-28 23:22:02 0 d-sha-r- C:\cmdcons
2010-05-28 23:17:54 98816 ----a-w- c:\windows\sed.exe
2010-05-28 23:17:54 77312 ----a-w- c:\windows\MBR.exe
2010-05-28 23:17:54 256512 ----a-w- c:\windows\PEV.exe
2010-05-28 23:17:54 161792 ----a-w- c:\windows\SWREG.exe
2010-05-28 22:36:20 0 d-----w- c:\docume~1\admin\applic~1\Delicious IE Extension
2010-05-28 22:22:51 0 d-----w- c:\docume~1\admin\applic~1\Zeon
2010-05-28 22:07:08 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-22 03:26:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-05-22 00:54:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-22 00:54:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-22 00:54:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-22 00:54:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-06-11 01:00:00 89816864 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-06-10 23:52:01 2571040 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-06-10 10:29:16 995408 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-06-10 10:29:16 244616 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 09:37:02 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-05 09:37:02 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 00:08:34 97852 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

============= FINISH: 19:09:27.97 ===============

DDS Attach:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/12/2008 10:17:42 AM
System Uptime: 6/10/2010 3:29:31 AM (16 hours ago)

Motherboard: Dell Inc. | | 0P301D
Processor: Intel Pentium III Xeon processor | Socket 775 | 2659/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 159.881 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
H: is FIXED (FAT32) - 466 GiB total, 465.527 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP542: 5/28/2010 3:13:05 PM - System Checkpoint
RP543: 5/28/2010 3:24:10 PM - Removed Dell Support Center (Support Software).
RP544: 5/28/2010 3:25:41 PM - Removed Desktop Doctor
RP545: 5/29/2010 8:31:51 AM - Software Distribution Service 3.0
RP546: 5/31/2010 3:35:46 PM - System Checkpoint
RP547: 5/31/2010 5:16:40 PM - Installed Microsoft Fix it 50191
RP548: 5/31/2010 6:01:05 PM - Installed Windows Internet Explorer 8.
RP549: 5/31/2010 6:01:54 PM - Software Distribution Service 3.0
RP550: 5/31/2010 9:29:51 PM - Software Distribution Service 3.0
RP551: 6/2/2010 12:07:27 PM - System Checkpoint
RP552: 6/3/2010 12:18:46 PM - System Checkpoint
RP553: 6/4/2010 3:00:14 AM - Software Distribution Service 3.0
RP554: 6/5/2010 3:18:34 AM - System Checkpoint
RP555: 6/6/2010 12:16:32 PM - System Checkpoint
RP556: 6/7/2010 12:36:23 PM - System Checkpoint
RP557: 6/8/2010 12:48:36 PM - System Checkpoint
RP558: 6/9/2010 8:10:06 AM - OTL Restore Point
RP559: 6/10/2010 3:00:22 AM - Software Distribution Service 3.0

==== Installed Programs ======================

AC3Filter (remove only)
Acronis True Image Echo Server
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.3.2 - CPSID_53951
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe PageMaker 7.0
Adobe Photoshop CS
Adobe Shockwave Player 11.5
AirPort
Allway Sync version 8.5.1
Amazon MP3 Downloader 1.0.10
Anvil Studio
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Atmosphere Lite v6.0
Audacity 1.2.6
Blowfish Advanced CS
Bonjour
BrainWave Generator
Browser Address Error Redirector
Canon MP Navigator 2.2
Canon MP830
Canon Utilities Easy-PhotoPrint
Cool Timer 3.6
Delicious Add-on for Internet Explorer
Diagnostics Utility
DocuSign Web
Dragon NaturallySpeaking 10
DVD Shrink 3.1.7
DVDFab 6.2.1.8 (31/12/2009)
DVDFab 7.0.4.0 (15/04/2010)
ESET Online Scanner v3
Exact Audio Copy 0.99pb4
ffdshow [rev 3078] [2009-09-17]
FinkelSupport
FLAC 1.2.1b (remove only)
FormViewer
Garmin USB Drivers
Garmin WebUpdater
GOM Player
Google Earth Plug-in
Google SketchUp 7
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB946554)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IE Privacy Keeper
Image Resizer Powertoy for Windows XP
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java™ 6 Update 20
Java™ 6 Update 7
Kaseya Agent
Kaspersky Anti-Virus 6.0 for Windows Workstations
Kaspersky Internet Security 2009
Lexmark Printer Software Uninstall
LightScribe System Software 1.10.16.1
Malwarebytes' Anti-Malware
Memorex exPressit Label Design Studio
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mind Stereo 1.1.1
MotionDV STUDIO 5.6E LE for DV
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
neroxml
Neuro-Programmer 2.5
OmniPage SE 2.0
Palm Desktop by ACCESS
PaperPort Image Printer
PowerDVD DX
Presto! PageManager 7.15.11
pzizz
Quicken Lawyer 2002 Personal Deluxe
Quicken WillMaker Plus 2008
QuickTime
RCA Lyra Wireless Remote
Realtek High Definition Audio Driver
Rhapsody
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
ScanSoft PaperPort 11
ScanSoft PDF Create! 4
SearchAssist
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Simple File Shredder 2.6
SONAR 6 LE
Sonic CinePlayer Decoder Pack
Transcriber 1.5.1
Tweak UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb983486)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
Visual C++ Runtime for Dragon NaturallySpeaking
VLC media player 0.9.8a
VNC Enterprise Edition E4.4.3
VST Bridge 1.1
WebEx
WebFldrs XP
Winamp (remove only)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Presentation Foundation
WinRAR archiver
WinZip 14.5
XML Paper Specification Shared Components Pack 1.0
Xvid 1.2.2 final uninstall

==== Event Viewer Messages From Past Week ========

6/7/2010 9:59:48 AM, error: Srv [2011] - The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.
6/6/2010 11:56:52 AM, error: System Error [1003] - Error code 10000050, parameter1 e612b000, parameter2 00000000, parameter3 92b7ec3e, parameter4 00000001.
6/6/2010 11:55:28 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
6/5/2010 9:36:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/5/2010 8:49:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm kl1 klif
6/5/2010 8:48:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

==== End Of File ===========================


Also, the thing I was talking about in a post above, where IE kept on not being the default browser had mysteriously stopped happening, sometime yesterday. I didn't make any changes to the system, nor run any other virus scanning programs or anything, so I don't know why it stopped doing that.

Lastly, Windows is indicating that I need to update a bunch of things:

Update for Root Certificates [May 2010] (KB931125)
Download size: 328 KB , less than 1 minute
This item updates the list of root certificates on your computer to the list that is accepted by Microsoft as part of the Microsoft Root Certificate Program. Adding additional root certificates to your computer enables you to use Extended Validation (EV) certificates in Internet Explorer 7, a greater range of security enhanced Web browsing, encrypted e-mail, and security enhanced code delivery. After you install this item, you may have to restart your computer. Once you have installed this item, it cannot be removed. Details...
Don't show this update again

Microsoft .NET Framework 2.0 Service Pack 2 Update for Windows Server 2003 and Windows XP x86 (KB976569)
Download size: 11.2 MB , less than 1 minute
Install this update to resolve some known incompatibilities in generic types using the BinaryFormatter or NetDataContractSerializer serialized and deserialized across a mixed .NET Framework 3.5 SP1 and .NET Framework 4 environment. After you install this item, you may have to restart your computer. Details...
Don't show this update again

Update for Windows XP (KB971513)
Download size: 744 KB , less than 1 minute
The Windows Automation API library contains the latest version of the Microsoft User Interface Automation (UI Automation) and Microsoft Active Accessibility libraries that are provided in Windows 7. After you install this item, you may have to restart your computer. Details...
Don't show this update again

Windows PowerShell 1.0 for Windows XP (KB926139)
Download size: 1.6 MB , less than 1 minute
Windows PowerShell is a new command-line shell and scripting language designed for system administration and automation. Built on the .NET Framework, Windows PowerShell enables IT professionals and developers to control and automate the administration of Windows and applications. After you install this item, you may have to restart your computer. Details...
Don't show this update again

Microsoft Base Smart Card Cryptographic Service Provider Package: x86 (KB909520)
Download size: 626 KB , less than 1 minute
Base Smart Card Cryptographic Service Provider (Base CSP) allows smart card vendors to more easily enable their smart cards on Windows with a lightweight proprietary card module instead of a full proprietary CSP. After you install this item, you may have to restart your computer. Details...
Don't show this update again

Windows Search 4.0 for Windows XP (KB940157)
Download size: 5.3 MB , less than 1 minute
Windows Search 4.0 helps you to find, preview, and use your documents, e-mail, music, photos, and other items. On an upgrade from previous versions, you will need to rebuild your index. After you install this item, you may have to restart your computer. Details...
Don't show this update again

Windows Media Player 11
Download size: 24.6 MB , less than 1 minute
Windows Media Player 11 offers great new ways to store and enjoy digital media beyond music. It's easier than ever to access all of your video, pictures, and recorded TV on your computer. Play it, view it, organize it, sync it to a portable device for viewing on the go, or share with devices around your home—all from one place. After you install this item, you may have to restart your computer. Details...
Don't show this update again


One of the conditions of asking for your help was not making any changes to my system that you didn't ask me to do. Is it OK for me to let Windows update these things, or should I hold on until we're done completely?

Thanks EB!

Chris

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 AM

Posted 11 June 2010 - 06:43 PM

Hello again.

Yes, go ahead and update Windows, as we're like pretty much done. smile.gif

You can update it and let me know how it goes.

Then, just uninstall this older version of Java: Java™ 6 Update 7

Then, if you have no other problem, we can wrap up and give you some prevention tips. smile.gif

~EB
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 kurisu

kurisu
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 12 June 2010 - 11:03 AM

Wow, almost done -- that's great news! I updated Windows and all seemed to go fine. One of the updates was related to the security certificates (the update for root certificates, May 2010), and I was hoping that it might resolve the issue with the security certificates (see post #11 above). Unfortunately, though, that's still going on. This problem only started when I started having all the virus trouble and I was hoping that once I got rid of whatever was infecting my computer, that issue'd go away, too. Do you by any chance know why that would be going on or how to fix that??

OK, thank you for your help, EB; I'm very relieved that this is almost over. I'm definitely looking forward to wrapping up and getting some great prevention tips (clearly running Kaspersky isn't enough!)

Chris

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 AM

Posted 14 June 2010 - 09:36 PM

Regarding the Security Root, accepting them shouldn't be a problem or major concern here.

You can try running Dial-a-Fix to re-register some .dll files...

Download and Run Dial-a-Fix

This program fixes many common problems in Windows.
  1. Please download Dial-A-Fix from one of the following mirrors:
  2. Extract the zip file to your desktop.
  3. Double click Dial-a-Fix.exe to start the program.
  4. Press the green double checkmark box (Looks like this: )
  5. UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
  6. When the window looks like this, press the GO button in the bottom of the window.
  7. Exit/Close Dial-A-Fix



Please follow/read the steps below to remove the tools we used and for some more information. smile.gif


Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything assoicated with it.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Congratulations! You now appear clean! specool.gif

Now that you are clean, please follow and read some of the prevention tips >over here<. Is your system a bit slow? If so, try some of the points and things suggested here.

If you would like, visit my http://computermalwaresecurity.blogspot.com/ and Subscribe/Follow along.


If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users