Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox redirect & opening up of pages automatically


  • This topic is locked This topic is locked
22 replies to this topic

#1 sugarwaffles

sugarwaffles

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mahopac, NY
  • Local time:10:31 AM

Posted 17 July 2010 - 06:25 PM

I have never posted on a forum for help before ever...I am not too computer savvy as you guys and I desperately need help. About a month ago I believe that I have gotten spyware on my computer. I use firefox as my only browser. When I go to search for something in yahoo, i click on a link and it takes me to a completely different site. Sometimes while i'm on a site another browser tab opens up too. I have tried using rkill, SAS, Malware bytes, in normal mode and safe mode. I have Windows XP. Also once overnight, I woke up to my computer on a blue screen which said something about a physical memory dump. I restarted my computer and everything was still there...not sure what that means either.

Any suggestions would be most appreciated.

Thanks a million.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Deb & Greg at 19:50:51.46 on Sat 07/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.206 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\umonit.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Documents and Settings\Deb & Greg\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.optonline.net
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {F4D76F09-7896-458a-890F-E1F05C46069F} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [UMonit] c:\windows\system32\umonit.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: creditonebank.com\www
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230307641781
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\deb&gr~1\applic~1\mozilla\firefox\profiles\yuvte3hw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\deb & greg\application data\mozilla\firefox\profiles\yuvte3hw.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-4-1 26624]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-16 64160]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-28 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-8-12 10384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-19 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-8-1 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-2-28 144704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-14 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2005-8-23 6016]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-2-28 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-28 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-28 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-28 40552]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\documents and settings\deb & greg\local settings\temp\{6a73e241-5602-4aa7-a501-1fc3dce44267}\fsgk.sys --> c:\documents and settings\deb & greg\local settings\temp\{6a73e241-5602-4aa7-a501-1fc3dce44267}\fsgk.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-28 34248]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2004-12-10 30336]
S3 SASENUM;SASENUM;\??\c:\docume~1\deb&gr~1\locals~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\deb&gr~1\locals~1\temp\sas_selfextract\SASENUM.SYS [?]

=============== Created Last 30 ================

2010-07-17 20:37:57 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-15 10:55:48 1352 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-07-15 00:08:32 1986560 ---ha-w- C:\SZKGFS.dat
2010-07-14 23:53:31 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2010-07-14 23:52:11 0 d-----w- c:\program files\common files\iS3
2010-07-14 23:52:09 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-07-14 23:14:39 0 ----a-w- c:\documents and settings\deb & greg\defogger_reenable
2010-07-02 03:12:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-29 23:04:23 112 ----a-w- c:\docume~1\alluse~1\applic~1\hgTGm6Gd.dat
2010-06-28 23:10:52 0 d-----w- c:\docume~1\deb&gr~1\applic~1\SUPERAntiSpyware.com
2010-06-28 23:10:52 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-06-25 15:56:15 0 d-----w- c:\program files\iPod
2010-06-25 15:55:41 0 d-----w- c:\program files\iTunes
2010-06-25 15:43:59 0 d-----w- c:\program files\Bonjour
2010-06-22 23:45:05 0 d-----w- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-04-20 00:47:44 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2008-09-12 12:34:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091220080913\index.dat

============= FINISH: 19:53:41.60 ===============

Attached Files


Edited by Orange Blossom, 18 July 2010 - 02:34 PM.
Moved back to log forum. Logs edited in just before topic moved. ~ OB


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:31 PM

Posted 25 July 2010 - 06:19 AM

Hello sugarwaffles, My names Syler and I will be helping you to solve your malware issues.

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have
since resolved your issues I would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized



Please follow these instructions to disable any CD Emulation programs using DeFogger.
  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.



Then please post back here with the following logs:
  • OTL.txt
  • Extra.txt
  • Gmer log

Thanks

unite.jpg


#3 sugarwaffles

sugarwaffles
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mahopac, NY
  • Local time:10:31 AM

Posted 25 July 2010 - 04:23 PM

Hi Syler,

Thank you for helping me. I could not get the GMER log for you. In the middle of the scan which I let scan for several hours, just froze up and didnt finish. I had to manually restart my computer to get anything to work again because all was frozen. Therefore, I can only get you the otl and extra logs.

OTL.txt

OTL logfile created on: 7/25/2010 11:04:17 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Deb & Greg\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 626.00 Mb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 230.01 Gb Total Space | 199.00 Gb Free Space | 86.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE
Current User Name: Deb & Greg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/25 10:53:51 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Deb & Greg\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/10 06:58:32 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/01 22:22:33 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/01 22:22:32 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/11/07 16:43:36 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/11/07 16:39:36 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/08/23 16:05:59 | 000,053,248 | ---- | M] (General) -- C:\WINDOWS\system32\umonit.exe
PRC - [2005/04/25 09:49:52 | 000,086,142 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/03/23 00:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2003/10/29 03:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/07/25 10:53:51 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Deb & Greg\Desktop\OTL.exe
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 02:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2008/11/07 16:41:46 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/05/13 13:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/13 13:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2006/11/03 19:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpShHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/01 22:22:32 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2008/11/07 16:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/04/25 09:49:52 | 000,086,142 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\zumbus.sys -- (zumbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\DEB&GR~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS -- (SASENUM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Deb & Greg\Local Settings\Temp\{6A73E241-5602-4AA7-A501-1FC3DCE44267}\fsgk.sys -- (F-Secure Standalone Minifilter)
DRV - [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/04/27 21:23:34 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/04/01 18:44:18 | 000,026,624 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2008/09/26 09:53:00 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/09/26 09:52:00 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/09/26 09:52:00 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/05/31 21:20:17 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/08/23 16:05:59 | 000,006,016 | ---- | M] (Genesys Logic) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fixustor.sys -- (fixustor)
DRV - [2005/05/31 05:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/05/31 05:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/05/31 05:33:00 | 000,086,876 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/05/31 05:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/05/31 05:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/05/31 05:33:00 | 000,015,069 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/05/31 05:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/05/31 05:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/05/31 05:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/05/13 10:37:28 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2005/05/13 10:37:20 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2005/04/25 14:28:14 | 000,871,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor)
DRV - [2005/04/22 03:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/04/21 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2005/03/31 20:22:16 | 000,180,096 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/03/30 05:03:06 | 001,035,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/12/10 09:42:08 | 000,030,336 | ---- | M] (Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2004/11/02 16:12:14 | 000,019,456 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/04/14 12:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 12:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 12:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 12:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2003/11/17 22:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 22:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 22:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/11/08 20:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/23 15:00:00 | 000,022,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,StartPage = http://www.optonline.net
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3270965237-1128889633-988477020-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
IE - HKU\S-1-5-21-3270965237-1128889633-988477020-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\S-1-5-21-3270965237-1128889633-988477020-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3270965237-1128889633-988477020-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3270965237-1128889633-988477020-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/23 17:31:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/11/28 15:24:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/12 03:29:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/25 11:36:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/30 07:20:23 | 000,000,000 | ---D | M]

[2009/03/16 21:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb & Greg\Application Data\Mozilla\Extensions
[2009/03/16 21:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb & Greg\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/22 14:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb & Greg\Application Data\Mozilla\Firefox\Profiles\yuvte3hw.default\extensions
[2009/08/17 19:27:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Deb & Greg\Application Data\Mozilla\Firefox\Profiles\yuvte3hw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/04/23 18:04:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Deb & Greg\Application Data\Mozilla\Firefox\Profiles\yuvte3hw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/03/13 19:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb & Greg\Application Data\Mozilla\Firefox\Profiles\yuvte3hw.default\extensions\moveplayer@movenetworks.com
[2010/05/19 15:28:03 | 000,001,840 | ---- | M] () -- C:\Documents and Settings\Deb & Greg\Application Data\Mozilla\Firefox\Profiles\yuvte3hw.default\searchplugins\bing.xml
[2007/05/31 19:59:17 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Deb & Greg\Application Data\Mozilla\Firefox\Profiles\yuvte3hw.default\searchplugins\siteadvisor.xml
[2010/07/22 14:58:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/15 16:02:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/09/06 16:21:15 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/06/15 23:19:40 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/07/14 19:57:51 | 000,351,657 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 12058 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - No CLSID value found.
O3 - HKU\S-1-5-21-3270965237-1128889633-988477020-1005\..\Toolbar\WebBrowser: (no name) - {F4D76F09-7896-458A-890F-E1F05C46069F} - No CLSID value found.
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe (General)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3270965237-1128889633-988477020-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3270965237-1128889633-988477020-1005\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3270965237-1128889633-988477020-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3270965237-1128889633-988477020-1005\..Trusted Domains: creditonebank.com ([www] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1230307641781 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Deb & Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Deb & Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{690d3b21-af95-11de-8f57-00123f712b3f}\Shell\AutoRun\command - "" = M:\setup.exe -- File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3270965237-1128889633-988477020-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder.lnk - C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe - (Creative Home)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
MsConfig - StartUpReg: DVDLauncher - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe File not found
MsConfig - StartUpReg: Microsoft Works Update Detection - hkey= - key= - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
MsConfig - StartUpReg: Optimum Online net guide - hkey= - key= - C:\Program Files\Optimum Online\Netsurf.exe (Netsurfer, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe File not found
MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/07/25 11:04:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/25 10:53:05 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Deb & Greg\Desktop\OTL.exe
[2010/07/17 19:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deb & Greg\Desktop\gmer
[2010/07/17 16:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/17 01:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/15 07:19:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Deb & Greg\Recent
[2010/07/14 19:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/07/14 19:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/07/14 19:52:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/07/14 18:50:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deb & Greg\Desktop\malware3
[2010/06/30 17:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2010/06/29 19:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2010/06/28 19:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deb & Greg\Application Data\SUPERAntiSpyware.com
[2010/06/28 19:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/06/28 19:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deb & Greg\Desktop\malware2
[2010/06/28 19:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deb & Greg\Desktop\malware
[2010/06/28 19:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deb & Greg\My Documents\Downloads
[2010/06/26 12:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\FileOpen
[2010/06/26 12:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/06/25 11:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/25 11:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/25 11:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2006/03/06 19:44:12 | 000,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/25 11:01:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/25 10:59:47 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/07/25 10:55:58 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Deb & Greg\Desktop\gmer.zip
[2010/07/25 10:55:03 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Deb & Greg\Desktop\3wybntef.exe
[2010/07/25 10:53:51 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Deb & Greg\Desktop\OTL.exe
[2010/07/25 10:41:59 | 000,010,607 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/07/25 10:41:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/25 10:41:27 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/25 10:37:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/25 00:15:03 | 009,596,928 | ---- | M] () -- C:\Documents and Settings\Deb & Greg\ntuser.dat
[2010/07/25 00:14:39 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Deb & Greg\ntuser.ini
[2010/07/25 00:14:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/07/25 00:12:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At121.job
[2010/07/25 00:11:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At217.job
[2010/07/24 23:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/07/24 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2010/07/24 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/07/24 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/07/24 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At240.job
[2010/07/24 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At216.job
[2010/07/24 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At192.job
[2010/07/24 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At168.job
[2010/07/24 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At144.job
[2010/07/24 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At120.job
[2010/07/24 22:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/07/24 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2010/07/24 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/07/24 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/07/24 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At239.job
[2010/07/24 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At215.job
[2010/07/24 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At191.job
[2010/07/24 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At167.job
[2010/07/24 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At143.job
[2010/07/24 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At119.job
[2010/07/24 21:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/07/24 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2010/07/24 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/07/24 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/07/24 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At238.job
[2010/07/24 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At214.job
[2010/07/24 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At190.job
[2010/07/24 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At166.job
[2010/07/24 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At142.job
[2010/07/24 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At118.job
[2010/07/24 20:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/07/24 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2010/07/24 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/07/24 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/07/24 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At237.job
[2010/07/24 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At213.job
[2010/07/24 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At189.job
[2010/07/24 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At165.job
[2010/07/24 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At141.job
[2010/07/24 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At117.job
[2010/07/24 19:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/07/24 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2010/07/24 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/07/24 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/07/24 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At236.job
[2010/07/24 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At212.job
[2010/07/24 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At188.job
[2010/07/24 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At164.job
[2010/07/24 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At140.job
[2010/07/24 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At116.job
[2010/07/24 18:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/07/24 18:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2010/07/24 18:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/07/24 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/07/24 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At235.job
[2010/07/24 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At211.job
[2010/07/24 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At187.job
[2010/07/24 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At163.job
[2010/07/24 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At139.job
[2010/07/24 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At115.job
[2010/07/24 17:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/07/24 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2010/07/24 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/07/24 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/07/24 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At234.job
[2010/07/24 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At210.job
[2010/07/24 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At186.job
[2010/07/24 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At162.job
[2010/07/24 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At138.job
[2010/07/24 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At114.job
[2010/07/24 16:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/07/24 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2010/07/24 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/07/24 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/07/24 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At233.job
[2010/07/24 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At209.job
[2010/07/24 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At185.job
[2010/07/24 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At161.job
[2010/07/24 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At137.job
[2010/07/24 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At113.job
[2010/07/24 15:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/07/24 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2010/07/24 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/07/24 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/07/24 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At232.job
[2010/07/24 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At208.job
[2010/07/24 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At184.job
[2010/07/24 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At160.job
[2010/07/24 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At136.job
[2010/07/24 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At112.job
[2010/07/24 14:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/07/24 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2010/07/24 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/07/24 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/07/24 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At231.job
[2010/07/24 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At207.job
[2010/07/24 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At183.job
[2010/07/24 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At159.job
[2010/07/24 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At135.job
[2010/07/24 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At111.job
[2010/07/24 13:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/07/24 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2010/07/24 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/07/24 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/07/24 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At230.job
[2010/07/24 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At206.job
[2010/07/24 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At182.job
[2010/07/24 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At158.job
[2010/07/24 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At134.job
[2010/07/24 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At110.job
[2010/07/24 12:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/07/24 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2010/07/24 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/07/24 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/07/24 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At229.job
[2010/07/24 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At205.job
[2010/07/24 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At181.job
[2010/07/24 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At157.job
[2010/07/24 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At133.job
[2010/07/24 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At109.job
[2010/07/24 11:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/07/24 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2010/07/24 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/07/24 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/07/24 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At228.job
[2010/07/24 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At204.job
[2010/07/24 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At180.job
[2010/07/24 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At156.job
[2010/07/24 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At132.job
[2010/07/24 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At108.job
[2010/07/24 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2010/07/24 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/07/24 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/07/24 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At227.job
[2010/07/24 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At203.job
[2010/07/24 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At179.job
[2010/07/24 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At155.job
[2010/07/24 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At131.job
[2010/07/24 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At107.job
[2010/07/24 09:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/07/24 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2010/07/24 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/07/24 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/07/24 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At226.job
[2010/07/24 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At202.job
[2010/07/24 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At178.job
[2010/07/24 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At154.job
[2010/07/24 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At130.job
[2010/07/24 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At106.job
[2010/07/24 08:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/07/24 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2010/07/24 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/07/24 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/07/24 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At225.job
[2010/07/24 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At201.job
[2010/07/24 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At177.job
[2010/07/24 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At153.job
[2010/07/24 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At129.job
[2010/07/24 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At105.job
[2010/07/24 07:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/07/24 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2010/07/24 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/07/24 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/07/24 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At224.job
[2010/07/24 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At200.job
[2010/07/24 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At176.job
[2010/07/24 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At152.job
[2010/07/24 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At128.job
[2010/07/24 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At104.job
[2010/07/24 06:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/07/24 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2010/07/24 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/07/24 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/07/24 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At223.job
[2010/07/24 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At199.job
[2010/07/24 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At175.job
[2010/07/24 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At151.job
[2010/07/24 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At127.job
[2010/07/24 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At103.job
[2010/07/24 05:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/07/24 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2010/07/24 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/07/24 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/07/24 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At222.job
[2010/07/24 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At198.job
[2010/07/24 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At174.job
[2010/07/24 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At150.job
[2010/07/24 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At126.job
[2010/07/24 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At102.job
[2010/07/24 04:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/07/24 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2010/07/24 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/07/24 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/07/24 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At221.job
[2010/07/24 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At197.job
[2010/07/24 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At173.job
[2010/07/24 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At149.job
[2010/07/24 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At125.job
[2010/07/24 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At101.job
[2010/07/24 03:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/07/24 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2010/07/24 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/07/24 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/07/24 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At220.job
[2010/07/24 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At196.job
[2010/07/24 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At172.job
[2010/07/24 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At148.job
[2010/07/24 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At124.job
[2010/07/24 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At100.job
[2010/07/24 02:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/07/24 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At99.job
[2010/07/24 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2010/07/24 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/07/24 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/07/24 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At219.job
[2010/07/24 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At195.job
[2010/07/24 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At171.job
[2010/07/24 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At147.job
[2010/07/24 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At123.job
[2010/07/24 01:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/07/24 01:00:22 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/07/24 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At98.job
[2010/07/24 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2010/07/24 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/07/24 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/07/24 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At218.job
[2010/07/24 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At194.job
[2010/07/24 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At170.job
[2010/07/24 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At146.job
[2010/07/24 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At122.job
[2010/07/24 00:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/07/24 00:43:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At145.job
[2010/07/24 00:37:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At169.job
[2010/07/24 00:33:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/07/24 00:31:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At193.job
[2010/07/24 00:29:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At97.job
[2010/07/24 00:16:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2010/07/20 19:19:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/19 21:22:58 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/17 19:50:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Deb & Greg\defogger_reenable
[2010/07/17 19:47:49 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Deb & Greg\Desktop\dds.scr
[2010/07/17 16:38:02 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/17 11:45:11 | 004,828,906 | -H-- | M] () -- C:\Documents and Settings\Deb & Greg\Local Settings\Application Data\IconCache.db
[2010/07/17 01:46:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/07/15 06:56:47 | 000,001,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/07/15 01:26:12 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/07/14 20:08:32 | 001,986,560 | -H-- | M] () -- C:\SZKGFS.dat
[2010/07/14 18:53:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/14 18:23:31 | 010,083,384 | ---- | M] () -- C:\Documents and Settings\Deb & Greg\Desktop\SAS_842F8266.COM
[2010/07/14 18:21:55 | 000,363,008 | ---- | M] () -- C:\Documents and Settings\Deb & Greg\Desktop\rkill.com
[2010/07/14 18:19:44 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Deb & Greg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/13 18:46:54 | 000,263,872 | ---- | M] () -- C:\Documents and Settings\Deb & Greg\Desktop\maiden.jpg
[2010/07/10 22:53:10 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Deb & Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word (2).lnk
[2010/06/30 17:35:52 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hgTGm6Gd.dat
[2010/06/30 07:20:24 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/29 00:08:55 | 000,000,580 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/06/28 19:07:29 | 010,343,019 | ---- | M] () -- C:\Documents and Settings\Deb & Greg\Desktop\malware.zip
[2010/06/25 12:00:03 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/25 10:54:51 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Deb & Greg\Desktop\3wybntef.exe
[2010/07/17 19:48:01 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Deb & Greg\Desktop\gmer.zip
[2010/07/17 19:47:49 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Deb & Greg\Desktop\dds.scr
[2010/07/17 16:38:02 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/15 06:55:48 | 000,001,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/07/14 20:08:32 | 001,986,560 | -H-- | C] () -- C:\SZKGFS.dat
[2010/07/14 19:14:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Deb & Greg\defogger_reenable
[2010/07/13 18:39:22 | 000,263,872 | ---- | C] () -- C:\Documents and Settings\Deb & Greg\Desktop\maiden.jpg
[2010/07/01 23:12:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At240.job
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At239.job
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At238.job
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At237.job
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At236.job
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At235.job
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At234.job
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At233.job
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At232.job
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At231.job
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At230.job
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At229.job
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At228.job
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At227.job
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At226.job
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At225.job
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At224.job
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At223.job
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At222.job
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At221.job
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At220.job
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At219.job
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At218.job
[2010/06/30 17:35:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At217.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At216.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At215.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At214.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At213.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At212.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At211.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At210.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At209.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At208.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At207.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At206.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At205.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At204.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At203.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At202.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At201.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At200.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At199.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At198.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At197.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At196.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At195.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At194.job
[2010/06/30 15:33:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At193.job
[2010/06/30 13:31:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At192.job
[2010/06/30 13:31:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At191.job
[2010/06/30 13:31:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At190.job
[2010/06/30 13:31:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At189.job
[2010/06/30 13:31:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At188.job
[2010/06/30 13:31:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At187.job
[2010/06/30 13:31:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At186.job
[2010/06/30 13:31:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At185.job
[2010/06/30 13:31:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At184.job
[2010/06/30 13:31:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At183.job
[2010/06/30 13:31:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At182.job
[2010/06/30 13:31:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At181.job
[2010/06/30 13:31:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At180.job
[2010/06/30 13:31:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At179.job
[2010/06/30 13:31:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At178.job
[2010/06/30 13:31:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At177.job
[2010/06/30 13:31:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At176.job
[2010/06/30 13:31:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At175.job
[2010/06/30 13:31:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At174.job
[2010/06/30 13:31:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At173.job
[2010/06/30 13:31:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At172.job
[2010/06/30 13:31:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At171.job
[2010/06/30 13:31:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At170.job
[2010/06/30 13:31:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At169.job
[2010/06/30 11:29:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At168.job
[2010/06/30 11:29:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At167.job
[2010/06/30 11:29:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At166.job
[2010/06/30 11:29:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At165.job
[2010/06/30 11:29:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At164.job
[2010/06/30 11:29:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At163.job
[2010/06/30 11:29:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At162.job
[2010/06/30 11:29:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At161.job
[2010/06/30 11:29:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At160.job
[2010/06/30 11:29:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At159.job
[2010/06/30 11:29:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At158.job
[2010/06/30 11:29:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At157.job
[2010/06/30 11:29:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At156.job
[2010/06/30 11:29:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At155.job
[2010/06/30 11:29:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At154.job
[2010/06/30 11:29:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At153.job
[2010/06/30 11:29:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At152.job
[2010/06/30 11:29:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At151.job
[2010/06/30 11:29:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At150.job
[2010/06/30 11:29:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At149.job
[2010/06/30 11:29:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At148.job
[2010/06/30 11:29:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At147.job
[2010/06/30 11:29:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At146.job
[2010/06/30 11:29:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At145.job
[2010/06/30 09:26:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At144.job
[2010/06/30 09:26:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At143.job
[2010/06/30 09:26:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At142.job
[2010/06/30 09:26:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At141.job
[2010/06/30 09:26:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At140.job
[2010/06/30 09:26:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At139.job
[2010/06/30 09:26:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At138.job
[2010/06/30 09:26:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At137.job
[2010/06/30 09:26:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At136.job
[2010/06/30 09:26:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At135.job
[2010/06/30 09:26:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At134.job
[2010/06/30 09:26:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At133.job
[2010/06/30 09:26:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At132.job
[2010/06/30 09:26:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At131.job
[2010/06/30 09:26:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At130.job
[2010/06/30 09:26:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At129.job
[2010/06/30 09:26:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At128.job
[2010/06/30 09:26:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At127.job
[2010/06/30 09:26:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At126.job
[2010/06/30 09:26:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At125.job
[2010/06/30 09:26:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At124.job
[2010/06/30 09:26:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At123.job
[2010/06/30 09:26:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At122.job
[2010/06/30 09:26:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At121.job
[2010/06/30 06:24:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At120.job
[2010/06/30 06:24:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At119.job
[2010/06/30 06:24:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At118.job
[2010/06/30 06:24:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At117.job
[2010/06/30 06:24:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At116.job
[2010/06/30 06:24:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At115.job
[2010/06/30 06:24:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At114.job
[2010/06/30 06:24:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At113.job
[2010/06/30 06:24:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At112.job
[2010/06/30 06:24:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At111.job
[2010/06/30 06:24:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At110.job
[2010/06/30 06:24:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At109.job
[2010/06/30 06:24:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At108.job
[2010/06/30 06:24:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At107.job
[2010/06/30 06:24:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At106.job
[2010/06/30 06:24:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At105.job
[2010/06/30 06:24:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At104.job
[2010/06/30 06:24:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At103.job
[2010/06/30 06:24:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At102.job
[2010/06/30 06:24:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At99.job
[2010/06/30 06:24:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At98.job
[2010/06/30 06:24:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At97.job
[2010/06/30 06:24:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At101.job
[2010/06/30 06:24:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At100.job
[2010/06/30 04:22:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2010/06/30 04:22:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
[2010/06/30 04:22:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2010/06/30 04:22:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
[2010/06/30 04:22:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2010/06/30 04:22:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
[2010/06/30 04:22:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2010/06/30 04:22:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
[2010/06/30 04:22:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2010/06/30 04:22:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
[2010/06/30 04:22:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2010/06/30 04:22:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
[2010/06/30 04:22:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2010/06/30 04:22:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
[2010/06/30 04:22:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2010/06/30 04:22:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
[2010/06/30 04:22:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2010/06/30 04:22:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
[2010/06/30 04:22:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2010/06/30 04:22:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
[2010/06/30 04:22:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2010/06/30 04:22:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
[2010/06/30 04:22:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2010/06/30 04:22:24 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2010/06/30 02:20:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010/06/30 02:20:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010/06/30 02:20:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010/06/30 02:20:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010/06/30 02:20:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010/06/30 02:20:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010/06/30 02:20:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010/06/30 02:20:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010/06/30 02:20:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010/06/30 02:20:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010/06/30 02:20:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010/06/30 02:20:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010/06/30 02:20:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010/06/30 02:20:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010/06/30 02:20:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010/06/30 02:20:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010/06/30 02:20:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010/06/30 02:20:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010/06/30 02:20:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010/06/30 02:20:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010/06/30 02:20:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010/06/30 02:20:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010/06/30 02:20:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010/06/30 02:20:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2010/06/29 19:04:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/06/29 19:04:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/06/29 19:04:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/06/29 19:04:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/06/29 19:04:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/06/29 19:04:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/06/29 19:04:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/06/29 19:04:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/06/29 19:04:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/06/29 19:04:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/06/29 19:04:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/06/29 19:04:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/06/29 19:04:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/06/29 19:04:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/06/29 19:04:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/06/29 19:04:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/06/29 19:04:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/06/29 19:04:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/06/29 19:04:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/06/29 19:04:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/06/29 19:04:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/06/29 19:04:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/06/29 19:04:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/06/29 19:04:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/06/29 19:04:23 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hgTGm6Gd.dat
[2010/06/29 18:39:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/06/29 18:39:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/06/29 18:39:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/06/29 18:39:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/06/29 18:39:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/06/29 18:39:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/06/29 18:39:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/06/29 18:39:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/06/29 18:39:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/06/29 18:39:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/06/29 18:39:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/06/29 18:39:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/06/29 18:39:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/06/29 18:39:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/06/29 18:39:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/06/29 18:39:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/06/29 18:39:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/06/29 18:39:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/06/29 18:39:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/06/29 18:39:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/06/29 18:39:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/06/29 18:39:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/06/29 18:39:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/06/29 18:39:27 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/06/28 19:07:11 | 010,343,019 | ---- | C] () -- C:\Documents and Settings\Deb & Greg\Desktop\malware.zip
[2010/06/25 11:57:47 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/06 17:53:38 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009/10/03 12:33:59 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.dll
[2009/04/01 18:44:18 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2008/02/07 21:46:20 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/01/12 11:08:49 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/01/12 11:08:49 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/05/31 21:20:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2007/05/31 21:20:02 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/03/14 21:23:18 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/06 19:44:12 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2005/12/28 22:48:14 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/10/13 19:02:30 | 000,004,024 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/09/15 20:13:33 | 000,001,020 | ---- | C] () -- C:\WINDOWS\EQNEDIT.INI
[2005/09/05 11:22:22 | 000,000,890 | ---- | C] () -- C:\WINDOWS\disney.ini
[2005/08/27 10:49:19 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/08/25 14:37:48 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/08/25 14:37:16 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2005/08/25 14:36:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/08/23 16:14:46 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005/08/23 16:06:12 | 000,000,703 | ---- | C] () -- C:\WINDOWS\System32\iconcfg.ini
[2005/08/23 11:56:02 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2005/08/23 11:55:52 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/08/23 11:46:03 | 000,000,227 | ---- | C] () -- C:\WINDOWS\EPSON CX6600 Installer.ini
[2005/08/10 23:32:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2005/08/10 20:33:47 | 000,000,580 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/26 03:31:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/26 03:26:39 | 000,000,313 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/26 03:04:38 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 18:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/12/10 09:42:08 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/04/15 20:00:00 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2002/02/27 09:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 09:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 09:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2001/08/23 15:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >
[2005/08/23 15:55:21 | 000,135,168 | ---- | M] (Netsurfer, Inc.) -- C:\DHCPD.exe
[2005/08/23 15:55:21 | 000,790,528 | ---- | M] (Netsurfer, Inc.) -- C:\setup32.exe
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Deb & Greg\My Documents\old pics028.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Deb & Greg\My Documents\old pics027.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Deb & Greg\My Documents\old pics026.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Deb & Greg\My Documents\DSCN0363.JPG:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Deb & Greg\My Documents\DSCN0362.JPG:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Deb & Greg\My Documents\DSCN0361.JPG:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Deb & Greg\My Documents\DSCN0360.JPG:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Deb & Greg\Desktop\maiden.jpg:SummaryInformation
< End of report >

Extra.txt

OTL Extras logfile created on: 7/25/2010 11:04:17 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Deb & Greg\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 626.00 Mb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 230.01 Gb Total Space | 199.00 Gb Free Space | 86.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE
Current User Name: Deb & Greg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3270965237-1128889633-988477020-1005\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Grouper\Grouper.exe" = C:\Program Files\Grouper\Grouper.exe:*:Disabled:Grouper -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Deb & Greg\Desktop\utorrent.exe" = C:\Documents and Settings\Deb & Greg\Desktop\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{001AB29C-5468-4972-8D24-2EBDB2B12133}" = Camera Window DVC
"{001EB665-D9EC-415E-9E13-AD2125B2B992}" = RAW Image Task 2.1
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{0FE55E01-5D5A-4823-A71E-F4F5E8BB473D}" = TaxCut New Jersey 2007
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 20
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{276E3ECB-E9E9-494E-A3F9-173BAD7D9643}" = C4400
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36BD0774-6CD6-4FF9-A148-83CA09AC123E}" = Intel® PROSafe for Wired Connections
"{385A96ED-83C8-4D5A-A092-54DB74762C34}" = REA's TESTware for the CLEP Analyzing and Interpreting Literature
"{39468292-5D68-4E93-9E09-5D9D5CA00E7A}" = FileOpen Client Installer
"{3B901CB2-9DAF-43FC-BDD2-4149AF19381C}" = Hallmark Card Studio 2006 Deluxe
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{403EF592-953B-4794-BCEF-ECAB835C2095}" = Intel® PROSafe for Wired Connections
"{4204BDAC-5D3B-4EE3-A85A-D10B0D07B34B}" = REA's TESTware for the CLEP Chemistry
"{42A9C870-5845-4878-9AA5-9E33E403DF88}" = REA's TESTware for the CLEP General Subject Exams
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4CC59DA1-469B-49A5-9F6B-C4D26990294A}" = PS_AIO_03_C4400_ProductContext
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{5646D023-0634-41F8-967D-513565E4F9D8}" = Hallmark Mother's/Father's Day Card Pack
"{58381EE3-A57D-448F-BC8E-FFC66987615E}" = TaxCut New York 2007
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5A3FEF2D-0E14-412E-869C-421AB373EE43}" = C4400_Help
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{663E217E-FC26-4249-9E8E-F190CD63E737}" = TaxCut Premium + State 2007
"{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}" = Canon PhotoRecord
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{68D27126-BF6A-457D-8DD0-5F35E8D41310}" = MovieEdit Task
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A255918-B37A-4B0E-A567-4F4D261E741B}" = REA's TESTware for CLEP American Literature
"{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}" = Camera Window DS
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B8F4E1F-8B6D-4611-92A0-49FA0E8E213A}" = REA's TESTware for the CLEP Principles of Marketing
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89EB3ED7-225A-412E-B048-623D502C000F}" = Camera Window MC
"{8A5EBB62-ADE7-41E2-8884-1517DE3505D1}" = DeductionPro 2007
"{8ACECB7C-5EB2-42B3-A2E1-B91878B6C5D7}" = PS_AIO_03_C4400_Software
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AD708DF0-9F04-4CB3-821A-85804A833B4D}" = ArcSoft Camera Suite
"{AE704636-ECD0-426C-952E-05B8DABD1949}" = EPSON PhotoStarter3.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BDED3A49-8F4F-4ED8-9ED3-B6F6EC175B5F}" = ACL Components XI
"{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = RemoteCapture 2.7.0
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C424D5B8-BDE9-48FD-805E-FF276FCC76DF}" = ACL Desktop Education Edition
"{C6141748-CA45-4F24-A519-2401F2CCA01D}" = TaxCut New Jersey 2008
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE0E9F96-A1B9-455F-8DEF-B36E01EC7417}" = REA's TESTware for the CLEP Microeconomics
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D76BED01-214C-4AD6-B9E5-C49724ED7C87}" = Hallmark Mother's/Father's Day Card Pack
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0905}" = Microsoft Digital Image Pro 9
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
"{E4375AC9-EDE1-4943-A0E3-801CEB7041DF}" = Dell Support 3.2.1
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EEDD3865-9AD5-4D38-AC07-4B5E3FFAC5F8}" = REA's TESTware for the CLEP Principles of Management
"{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = File Viewer Utility 1.2
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8CF247C-B969-45B7-B379-AE4FDD293AFF}" = REA's TESTware for the CLEP Biology
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DDXL" = DDXL
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DSMT6" = MathType 6
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"EPSON Scanner" = EPSON Scan
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{001AB29C-5468-4972-8D24-2EBDB2B12133}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{001EB665-D9EC-415E-9E13-AD2125B2B992}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{68D27126-BF6A-457D-8DD0-5F35E8D41310}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{89EB3ED7-225A-412E-B048-623D502C000F}" = Canon Camera Window MC 5 for ZoomBrowser EX
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = Canon Utilities File Viewer Utility 1.2
"LimeWire" = LimeWire 5.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maui_Wowee_1.0" = Ancient Sudoku
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyPublisher BookMaker" = MyPublisher BookMaker
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Optimum Online net guide" = Optimum Online net guide
"Panda ActiveScan" = Panda ActiveScan
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"PictureIt_POD_v9" = Microsoft Digital Image Library 9
"PictureIt_v9" = Microsoft Digital Image Pro 9
"PROSetDX" = Intel® PRO Network Connections Software v9.2.4.11
"Shop for HP Supplies" = Shop for HP Supplies
"Silent Package Run-Time Sample" = EPSON CX6600 Reference Guide
"Snood_is1" = Snood for Windows version 3.52-W
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"ST6UNST #1" = Business Law
"Trillian" = Trillian
"uTorrent" = µTorrent
"Viewpoint Manager" = View

Attached Files


Edited by sugarwaffles, 25 July 2010 - 04:25 PM.


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:31 PM

Posted 26 July 2010 - 11:05 AM

Hello,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\zumbus.sys -- (zumbus)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\DEB&GR~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS -- (SASENUM)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Deb & Greg\Local Settings\Temp\{6A73E241-5602-4AA7-A501-1FC3DCE44267}\fsgk.sys -- (F-Secure Standalone Minifilter)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - No CLSID value found.
    O3 - HKU\S-1-5-21-3270965237-1128889633-988477020-1005\..\Toolbar\WebBrowser: (no name) - {F4D76F09-7896-458A-890F-E1F05C46069F} - No CLSID value found.
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
    O33 - MountPoints2\{690d3b21-af95-11de-8f57-00123f712b3f}\Shell\AutoRun\command - "" = M:\setup.exe -- File not found
    O37 - HKU\S-1-5-21-3270965237-1128889633-988477020-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE - File not found
    MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe File not found
    MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe File not found
    MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe File not found
    [2010/07/14 18:50:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deb & Greg\Desktop\malware3
    [2010/06/28 19:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deb & Greg\Desktop\malware2
    [2010/06/28 19:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deb & Greg\Desktop\malware
    [2010/07/25 10:59:47 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
    [2010/07/25 00:14:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
    [2010/07/25 00:12:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At121.job
    [2010/07/25 00:11:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At217.job
    [2010/07/24 23:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
    [2010/07/24 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
    [2010/07/24 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
    [2010/07/24 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
    [2010/07/24 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At240.job
    [2010/07/24 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At216.job
    [2010/07/24 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At192.job
    [2010/07/24 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At168.job
    [2010/07/24 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At144.job
    [2010/07/24 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At120.job
    [2010/07/24 22:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
    [2010/07/24 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
    [2010/07/24 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
    [2010/07/24 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
    [2010/07/24 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At239.job
    [2010/07/24 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At215.job
    [2010/07/24 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At191.job
    [2010/07/24 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At167.job
    [2010/07/24 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At143.job
    [2010/07/24 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At119.job
    [2010/07/24 21:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
    [2010/07/24 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
    [2010/07/24 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
    [2010/07/24 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
    [2010/07/24 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At238.job
    [2010/07/24 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At214.job
    [2010/07/24 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At190.job
    [2010/07/24 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At166.job
    [2010/07/24 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At142.job
    [2010/07/24 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At118.job
    [2010/07/24 20:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
    [2010/07/24 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
    [2010/07/24 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
    [2010/07/24 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
    [2010/07/24 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At237.job
    [2010/07/24 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At213.job
    [2010/07/24 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At189.job
    [2010/07/24 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At165.job
    [2010/07/24 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At141.job
    [2010/07/24 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At117.job
    [2010/07/24 19:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
    [2010/07/24 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
    [2010/07/24 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
    [2010/07/24 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
    [2010/07/24 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At236.job
    [2010/07/24 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At212.job
    [2010/07/24 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At188.job
    [2010/07/24 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At164.job
    [2010/07/24 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At140.job
    [2010/07/24 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At116.job
    [2010/07/24 18:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
    [2010/07/24 18:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
    [2010/07/24 18:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
    [2010/07/24 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
    [2010/07/24 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At235.job
    [2010/07/24 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At211.job
    [2010/07/24 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At187.job
    [2010/07/24 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At163.job
    [2010/07/24 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At139.job
    [2010/07/24 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At115.job
    [2010/07/24 17:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
    [2010/07/24 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
    [2010/07/24 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
    [2010/07/24 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
    [2010/07/24 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At234.job
    [2010/07/24 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At210.job
    [2010/07/24 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At186.job
    [2010/07/24 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At162.job
    [2010/07/24 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At138.job
    [2010/07/24 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At114.job
    [2010/07/24 16:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
    [2010/07/24 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
    [2010/07/24 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
    [2010/07/24 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
    [2010/07/24 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At233.job
    [2010/07/24 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At209.job
    [2010/07/24 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At185.job
    [2010/07/24 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At161.job
    [2010/07/24 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At137.job
    [2010/07/24 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At113.job
    [2010/07/24 15:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
    [2010/07/24 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
    [2010/07/24 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
    [2010/07/24 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
    [2010/07/24 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At232.job
    [2010/07/24 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At208.job
    [2010/07/24 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At184.job
    [2010/07/24 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At160.job
    [2010/07/24 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At136.job
    [2010/07/24 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At112.job
    [2010/07/24 14:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
    [2010/07/24 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
    [2010/07/24 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
    [2010/07/24 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
    [2010/07/24 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At231.job
    [2010/07/24 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At207.job
    [2010/07/24 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At183.job
    [2010/07/24 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At159.job
    [2010/07/24 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At135.job
    [2010/07/24 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At111.job
    [2010/07/24 13:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
    [2010/07/24 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
    [2010/07/24 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
    [2010/07/24 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
    [2010/07/24 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At230.job
    [2010/07/24 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At206.job
    [2010/07/24 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At182.job
    [2010/07/24 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At158.job
    [2010/07/24 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At134.job
    [2010/07/24 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At110.job
    [2010/07/24 12:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
    [2010/07/24 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
    [2010/07/24 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
    [2010/07/24 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
    [2010/07/24 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At229.job
    [2010/07/24 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At205.job
    [2010/07/24 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At181.job
    [2010/07/24 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At157.job
    [2010/07/24 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At133.job
    [2010/07/24 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At109.job
    [2010/07/24 11:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
    [2010/07/24 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
    [2010/07/24 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
    [2010/07/24 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
    [2010/07/24 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At228.job
    [2010/07/24 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At204.job
    [2010/07/24 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At180.job
    [2010/07/24 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At156.job
    [2010/07/24 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At132.job
    [2010/07/24 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At108.job
    [2010/07/24 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
    [2010/07/24 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
    [2010/07/24 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
    [2010/07/24 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At227.job
    [2010/07/24 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At203.job
    [2010/07/24 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At179.job
    [2010/07/24 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At155.job
    [2010/07/24 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At131.job
    [2010/07/24 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At107.job
    [2010/07/24 09:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
    [2010/07/24 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
    [2010/07/24 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
    [2010/07/24 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
    [2010/07/24 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At226.job
    [2010/07/24 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At202.job
    [2010/07/24 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At178.job
    [2010/07/24 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At154.job
    [2010/07/24 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At130.job
    [2010/07/24 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At106.job
    [2010/07/24 08:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
    [2010/07/24 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
    [2010/07/24 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
    [2010/07/24 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
    [2010/07/24 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At225.job
    [2010/07/24 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At201.job
    [2010/07/24 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At177.job
    [2010/07/24 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At153.job
    [2010/07/24 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At129.job
    [2010/07/24 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At105.job
    [2010/07/24 07:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
    [2010/07/24 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
    [2010/07/24 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
    [2010/07/24 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
    [2010/07/24 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At224.job
    [2010/07/24 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At200.job
    [2010/07/24 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At176.job
    [2010/07/24 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At152.job
    [2010/07/24 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At128.job
    [2010/07/24 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At104.job
    [2010/07/24 06:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
    [2010/07/24 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
    [2010/07/24 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
    [2010/07/24 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
    [2010/07/24 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At223.job
    [2010/07/24 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At199.job
    [2010/07/24 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At175.job
    [2010/07/24 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At151.job
    [2010/07/24 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At127.job
    [2010/07/24 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At103.job
    [2010/07/24 05:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
    [2010/07/24 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
    [2010/07/24 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
    [2010/07/24 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
    [2010/07/24 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At222.job
    [2010/07/24 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At198.job
    [2010/07/24 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At174.job
    [2010/07/24 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At150.job
    [2010/07/24 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At126.job
    [2010/07/24 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At102.job
    [2010/07/24 04:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
    [2010/07/24 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
    [2010/07/24 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
    [2010/07/24 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
    [2010/07/24 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At221.job
    [2010/07/24 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At197.job
    [2010/07/24 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At173.job
    [2010/07/24 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At149.job
    [2010/07/24 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At125.job
    [2010/07/24 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At101.job
    [2010/07/24 03:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
    [2010/07/24 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
    [2010/07/24 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
    [2010/07/24 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
    [2010/07/24 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At220.job
    [2010/07/24 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At196.job
    [2010/07/24 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At172.job
    [2010/07/24 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At148.job
    [2010/07/24 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At124.job
    [2010/07/24 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At100.job
    [2010/07/24 02:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2010/07/24 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At99.job
    [2010/07/24 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
    [2010/07/24 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
    [2010/07/24 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
    [2010/07/24 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At219.job
    [2010/07/24 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At195.job
    [2010/07/24 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At171.job
    [2010/07/24 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At147.job
    [2010/07/24 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At123.job
    [2010/07/24 01:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2010/07/24 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At98.job
    [2010/07/24 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
    [2010/07/24 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
    [2010/07/24 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
    [2010/07/24 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At218.job
    [2010/07/24 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At194.job
    [2010/07/24 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At170.job
    [2010/07/24 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At146.job
    [2010/07/24 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At122.job
    [2010/07/24 00:59:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2010/07/24 00:43:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At145.job
    [2010/07/24 00:37:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At169.job
    [2010/07/24 00:33:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
    [2010/07/24 00:31:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At193.job
    [2010/07/24 00:29:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At97.job
    [2010/07/24 00:16:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
    [2010/06/30 17:35:52 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hgTGm6Gd.dat
    [2010/06/28 19:07:29 | 010,343,019 | ---- | M] () -- C:\Documents and Settings\Deb & Greg\Desktop\malware.zip
    [2009/10/06 17:53:38 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\explorer.exe"=-
    :Commands
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.



Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box
    "%userprofile%\desktop\mbr.exe" -t

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe from.
  • Copy and paste the contents of mbr.log on your next reply.


Then please post back here with the following logs:
  • OTL results
  • New OTL log
  • mbr.log

Thanks

unite.jpg


#5 sugarwaffles

sugarwaffles
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mahopac, NY
  • Local time:10:31 AM

Posted 26 July 2010 - 05:05 PM

Attached are the three logs that you requested.

Thanks again.

Attached Files



#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:31 PM

Posted 27 July 2010 - 06:31 AM

When posting the logs can you please copy and paste the into the topic, rather than attaching them, unless you are having
problems pasting them. How is the computer is running now, are still having any problems?

The mbr log is not complete ,can you do it again please the following way.
  • Go to Start >> Run
  • Copy and paste the following command line into the Run box, then click OK.
cmd /c "%userprofile%\desktop\mbr.exe" -t& start mbr.log
  • A file called mbr.log will pop up please post the contents in your reply.

unite.jpg


#7 sugarwaffles

sugarwaffles
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mahopac, NY
  • Local time:10:31 AM

Posted 27 July 2010 - 05:28 PM

I get this error when trying to do the mbr log.

"Windows cannot find mbr.log"

Also, I am still getting redirects and everytime I go to bleepingcomputer.com another tab opens up which wants me to download a registry cleaner. I do not allow it to download. The file it tries to get me to download is regalivesetup.exe from regalive.lg1.simplecdn.net.

Edited by sugarwaffles, 27 July 2010 - 10:07 PM.


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:31 PM

Posted 28 July 2010 - 06:33 AM

QUOTE
I get this error when trying to do the mbr log.

"Windows cannot find mbr.log"


You need to make sure mbr.exe is still on your desktop, if you have deleted it, download a new copy and do the
last step again then post the log.

unite.jpg


#9 sugarwaffles

sugarwaffles
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mahopac, NY
  • Local time:10:31 AM

Posted 28 July 2010 - 07:35 AM

I have downloaded the MBR file now 3 separate times. I went to Start then run and copied and pasted your command. I tried it about 7 times and it still doesn't work.

Do you think that there is something in my computer preventing the mbr from running for me?


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:31 PM

Posted 28 July 2010 - 08:10 AM

Let's try something else then.


Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#11 sugarwaffles

sugarwaffles
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mahopac, NY
  • Local time:10:31 AM

Posted 28 July 2010 - 02:15 PM

As the combofix program began scanning, two minutes into the scan, my computer went to a blue screen saying "problem detected and windows has been shut down to prevent damage"..._pool_caller...also something about a physical memory dump being complete.

So I restarted my computer and tried again. And I received the same blue screen again.

What should I do?

Thanks.

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:31 PM

Posted 28 July 2010 - 04:40 PM

Please try running combofix in safe mode and see if it completes. Are the redirects only occurring in firefox or
does this happen in IE aswell?

unite.jpg


#13 sugarwaffles

sugarwaffles
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mahopac, NY
  • Local time:10:31 AM

Posted 28 July 2010 - 09:25 PM

After completing in Safe Mode, here is the Combofix log.

Also, I normally do not use IE but I tested it to see if it redirects like in firefox and it does redirect when I search for something. Also I havent tried either browsers subsequent to running combofix.

ComboFix 10-07-27.04 - Administrator 07/28/2010 20:58:08.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.390 [GMT -4:00]
Running from: c:\documents and settings\Deb & Greg\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll

Infected copy of c:\windows\system32\drivers\imapi.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-29 )))))))))))))))))))))))))))))))
.

2010-07-29 00:44 . 2010-07-29 00:44 -------- d-----w- c:\documents and settings\Deb & Greg\Local Settings\Application Data\Viewpoint
2010-07-28 18:58 . 2010-07-28 18:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Viewpoint
2010-07-28 18:57 . 2010-07-28 18:57 -------- d-----w- c:\program files\Common Files\Viewpoint
2010-07-25 15:04 . 2010-07-25 15:04 -------- d-----w- C:\_OTL
2010-07-17 20:37 . 2010-07-17 20:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-17 16:47 . 2010-07-17 16:47 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-17 15:49 . 2010-07-17 15:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-07-15 00:08 . 2010-07-15 00:08 1986560 ---ha-w- C:\SZKGFS.dat
2010-07-14 23:53 . 2010-07-14 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-07-14 23:52 . 2010-07-14 23:52 -------- d-----w- c:\program files\Common Files\iS3
2010-07-14 23:52 . 2010-07-15 11:00 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-07-02 03:12 . 2010-07-17 05:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-30 21:00 . 2010-06-30 21:00 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-06-30 21:00 . 2010-06-30 21:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2010-06-29 23:19 . 2010-06-29 23:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-28 18:57 . 2005-07-26 07:26 -------- d-----w- c:\program files\Viewpoint
2010-07-28 18:57 . 2005-07-26 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-07-25 14:38 . 2007-01-24 23:24 -------- d-----w- c:\program files\McAfee
2010-07-15 19:18 . 2007-02-28 12:31 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-15 11:30 . 2008-04-22 22:42 -------- d-----w- c:\program files\Yahoo!
2010-07-15 11:15 . 2007-01-25 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-15 10:56 . 2010-07-15 10:55 1352 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-07-14 02:29 . 2008-08-30 17:20 -------- d-----w- c:\documents and settings\Deb & Greg\Application Data\Idihna
2010-07-14 02:29 . 2007-09-07 17:45 -------- d-----w- c:\documents and settings\Deb & Greg\Application Data\Oloqy
2010-07-14 02:29 . 2008-10-19 05:29 -------- d-----w- c:\documents and settings\Deb & Greg\Application Data\Ypve
2010-07-07 00:40 . 2009-03-18 10:30 -------- d-----w- c:\documents and settings\Deb & Greg\Application Data\Muyx
2010-07-03 18:23 . 2010-05-12 01:15 -------- d-----w- c:\program files\QuickTime
2010-07-01 02:23 . 2007-01-25 23:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-29 23:27 . 2008-04-06 21:42 -------- d-----w- c:\program files\Linksys EasyLink Advisor
2010-06-29 23:27 . 2007-02-16 08:14 -------- d-----w- c:\program files\Dell Support
2010-06-29 22:39 . 2010-06-25 15:55 -------- d-----w- c:\program files\iTunes
2010-06-28 23:10 . 2010-06-28 23:10 -------- d-----w- c:\documents and settings\Deb & Greg\Application Data\SUPERAntiSpyware.com
2010-06-28 23:10 . 2010-06-28 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-26 16:07 . 2010-06-26 16:07 -------- d-----w- c:\documents and settings\LocalService\Application Data\FileOpen
2010-06-25 16:53 . 2008-01-12 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-06-25 15:56 . 2010-06-25 15:56 -------- d-----w- c:\program files\iPod
2010-06-25 15:56 . 2009-01-18 01:06 -------- d-----w- c:\program files\Common Files\Apple
2010-06-25 15:54 . 2009-02-17 00:53 -------- d-----w- c:\documents and settings\Deb & Greg\Application Data\uTorrent
2010-06-25 15:44 . 2010-06-25 15:43 -------- d-----w- c:\program files\Bonjour
2010-06-25 15:26 . 2007-08-06 00:21 -------- d-----w- c:\documents and settings\Deb & Greg\Application Data\LimeWire
2010-06-23 23:50 . 2010-06-23 23:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-21 18:14 . 2009-10-03 15:52 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-11 22:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
CODE
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Dell Support\DSAgnt .exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Linksys EasyLink Advisor\LinksysAgent .exe
c:\program files\McAfee.com\Agent\mcagent .exe
c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr .exe
c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext .exe
c:\program files\QuickTime\qttask                                                                                                                                                                                 .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [N/A]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"UMonit"="c:\windows\system32\umonit.exe" [2005-08-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-7-26 24576]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-12 809488]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 20:41 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk
backup=c:\windows\pss\Event Planner Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 03:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-03-30 02:05 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 21:19 53248 ----a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-03-13 14:34 81920 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2003-06-04 03:29 50688 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimum Online net guide]
2005-08-11 00:13 1630208 ----a-w- c:\program files\Optimum Online\Netsurf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Deb & Greg\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/16/2009 9:21 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [8/23/2005 4:06 PM 6016]
S0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [4/1/2009 6:44 PM 26624]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [8/12/2009 9:53 PM 10384]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/19/2008 1:24 PM 93320]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/14/2007 2:20 PM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-07-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 02:22]

2010-07-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2005-08-10 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-11 00:12]

2010-07-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-28 16:22]

2010-07-28 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-28 16:22]

2010-07-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.optonline.net
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\documents and settings\Deb & Greg\Desktop\HijackThis.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-28 21:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe?USB\V?L??5e3&?L??\???8????????L??8????L??B\RO????8???????????????????????????h??????w?L???????????b@?????????????????<$?|?????$?|???w??@????w????????????????????@???????????????t??????????????|X$?|?????$?|Q$?|??????????????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,f5,6a,e0,09,e5,85,4b,b9,48,70,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,f5,6a,e0,09,e5,85,4b,b9,48,70,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,f5,6a,e0,09,e5,85,4b,b9,48,70,\

[HKEY_USERS\S-1-5-21-3270965237-1128889633-988477020-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,fc,ac,c4,92,23,eb,4d,b7,b4,ea,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,fc,ac,c4,92,23,eb,4d,b7,b4,ea,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(260)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\l3codeca.acm

- - - - - - - > 'explorer.exe'(232)
c:\windows\system32\WININET.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2010-07-28 21:24:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-29 01:24

Pre-Run: 213,555,085,312 bytes free
Post-Run: 213,449,449,472 bytes free

- - End Of File - - 85677F52A71E235B08D6797992DE965E


#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:31 PM

Posted 29 July 2010 - 05:49 AM

Hi,

Please let me know in your next reply how the machine is running.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
RenV::
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Dell Support\DSAgnt .exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Linksys EasyLink Advisor\LinksysAgent .exe
c:\program files\McAfee.com\Agent\mcagent .exe
c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr .exe
c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext .exe
c:\program files\QuickTime\qttask                                                                                                                                                                                 .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
Folder::
c:\documents and settings\Deb & Greg\Application Data\Idihna
c:\documents and settings\Deb & Greg\Application Data\Oloqy
c:\documents and settings\Deb & Greg\Application Data\Ypve
c:\documents and settings\Deb & Greg\Application Data\Muyx
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_USERS\S-1-5-21-3270965237-1128889633-988477020-500\Software\Microsoft\Internet Explorer\User Preferences]


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

unite.jpg


#15 sugarwaffles

sugarwaffles
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mahopac, NY
  • Local time:10:31 AM

Posted 29 July 2010 - 06:06 PM

I've tested various searches and all have not redirected. So far firefox and IE do not redirect me anymore after testing various searches.

Here is the new log. My computer does react rather slowly usually and opening firefox or IE takes a while.

ComboFix 10-07-27.04 - Deb & Greg 07/29/2010 17:45:51.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.320 [GMT -4:00]
Running from: c:\documents and settings\Deb & Greg\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Deb & Greg\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Deb & Greg\Application Data\Idihna
c:\documents and settings\Deb & Greg\Application Data\Muyx
c:\documents and settings\Deb & Greg\Application Data\Muyx\pouz.loy
c:\documents and settings\Deb & Greg\Application Data\Muyx\pouz.tmp
c:\documents and settings\Deb & Greg\Application Data\Oloqy
c:\documents and settings\Deb & Greg\Application Data\Ypve

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-29 )))))))))))))))))))))))))))))))
.

2010-07-29 04:18 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-29 00:44 . 2010-07-29 00:44 -------- d-----w- c:\documents and settings\Deb & Greg\Local Settings\Application Data\Viewpoint
2010-07-28 18:58 . 2010-07-28 18:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Viewpoint
2010-07-28 18:57 . 2010-07-28 18:57 -------- d-----w- c:\program files\Common Files\Viewpoint
2010-07-25 15:04 . 2010-07-25 15:04 -------- d-----w- C:\_OTL
2010-07-17 20:37 . 2010-07-17 20:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-17 16:47 . 2010-07-17 16:47 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-17 15:49 . 2010-07-17 15:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-07-15 00:08 . 2010-07-15 00:08 1986560 ---ha-w- C:\SZKGFS.dat
2010-07-14 23:53 . 2010-07-14 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-07-14 23:52 . 2010-07-14 23:52 -------- d-----w- c:\program files\Common Files\iS3
2010-07-14 23:52 . 2010-07-15 11:00 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-07-02 03:12 . 2010-07-17 05:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-30 21:00 . 2010-06-30 21:00 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-06-30 21:00 . 2010-06-30 21:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2010-06-29 23:19 . 2010-06-29 23:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-29 21:45 . 2010-05-12 01:15 -------- d-----w- c:\program files\QuickTime
2010-07-29 21:45 . 2007-01-25 23:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-29 21:45 . 2010-06-25 15:55 -------- d-----w- c:\program files\iTunes
2010-07-29 21:45 . 2008-04-06 21:42 -------- d-----w- c:\program files\Linksys EasyLink Advisor
2010-07-29 21:45 . 2007-02-16 08:14 -------- d-----w- c:\program files\Dell Support
2010-07-28 18:57 . 2005-07-26 07:26 -------- d-----w- c:\program files\Viewpoint
2010-07-28 18:57 . 2005-07-26 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-07-25 14:38 . 2007-01-24 23:24 -------- d-----w- c:\program files\McAfee
2010-07-15 19:18 . 2007-02-28 12:31 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-15 11:30 . 2008-04-22 22:42 -------- d-----w- c:\program files\Yahoo!
2010-07-15 11:15 . 2007-01-25 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-15 10:56 . 2010-07-15 10:55 1352 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-06-28 23:10 . 2010-06-28 23:10 -------- d-----w- c:\documents and settings\Deb & Greg\Application Data\SUPERAntiSpyware.com
2010-06-28 23:10 . 2010-06-28 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-26 16:07 . 2010-06-26 16:07 -------- d-----w- c:\documents and settings\LocalService\Application Data\FileOpen
2010-06-25 16:53 . 2008-01-12 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-06-25 15:56 . 2010-06-25 15:56 -------- d-----w- c:\program files\iPod
2010-06-25 15:56 . 2009-01-18 01:06 -------- d-----w- c:\program files\Common Files\Apple
2010-06-25 15:54 . 2009-02-17 00:53 -------- d-----w- c:\documents and settings\Deb & Greg\Application Data\uTorrent
2010-06-25 15:44 . 2010-06-25 15:43 -------- d-----w- c:\program files\Bonjour
2010-06-25 15:26 . 2007-08-06 00:21 -------- d-----w- c:\documents and settings\Deb & Greg\Application Data\LimeWire
2010-06-23 23:50 . 2010-06-23 23:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-14 14:31 . 2004-08-11 22:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-21 18:14 . 2009-10-03 15:52 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-11 22:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
CODE
<pre>
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\McAfee.com\Agent\mcagent .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"UMonit"="c:\windows\system32\umonit.exe" [2005-08-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-7-26 24576]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-12 809488]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 20:41 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk
backup=c:\windows\pss\Event Planner Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 03:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-03-30 02:05 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 21:19 53248 ----a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-03-13 14:34 81920 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2003-06-04 03:29 50688 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimum Online net guide]
2005-08-11 00:13 1630208 ----a-w- c:\program files\Optimum Online\Netsurf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Deb & Greg\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [4/1/2009 6:44 PM 26624]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/16/2009 9:21 PM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [8/12/2009 9:53 PM 10384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/19/2008 1:24 PM 93320]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/14/2007 2:20 PM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [8/23/2005 4:06 PM 6016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-07-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 02:22]

2010-07-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2005-08-10 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-11 00:12]

2010-07-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-28 16:22]

2010-07-29 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-28 16:22]

2010-07-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: creditonebank.com\www
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-29 18:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe?USB\V?L??5e3&?L??\???8????????L??8????L??B\RO????8???????????????????????????h??????w?L???????????b@?????????????????<$?|?????$?|???w??@????w????????????????????@???????????????t??????????????|X$?|?????$?|Q$?|??????????????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3072)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\stsystra.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-07-29 18:16:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-29 22:16

Pre-Run: 213,296,070,656 bytes free
Post-Run: 213,291,700,224 bytes free

- - End Of File - - B4AD45591CD3C7E42B5764606547A4B8

Edited by sugarwaffles, 29 July 2010 - 06:10 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users