Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google results redirected


  • This topic is locked This topic is locked
15 replies to this topic

#1 roblondon

roblondon

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 22 July 2010 - 04:49 AM

Hi,

I have a problem with a brand new computer, i must have picked up some malware from somewhere.

If i perform a search in google and click on the results i get sent to an inorrect page! and it seems to have messed up Firefox's funtionality and prevents Firefox loading certian pages.

All the info is pated / attached below.

Thank you in advance for any help you can provide me.

Roblonodn



DDS (Ver_10-03-17.01) - NTFSx86
Run by Rob Hayday at 8:08:41.35 on 22/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2192 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\astsrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Rob Hayday\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rob Hayday\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rob Hayday\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rob Hayday\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rob Hayday\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AdobeBridge]
uRun: [Google Update] "c:\documents and settings\rob hayday\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Popup] "c:\program files\dell sas raid storage manager\megapopup\Popup.exe"
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\robhay~1\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: NoTrayItemsDisplay = 00000000
mPolicies-system: EnableLUA = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\robhay~1\applic~1\mozilla\firefox\profiles\nhugegrl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.itslondon.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\rob hayday\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-7-21 28552]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2010-7-1 24064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-7 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-7 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-7 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-7 308136]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2010-2-8 376688]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-7-1 13336]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-7-8 10448]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2008-12-11 3575808]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-6 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]

=============== Created Last 30 ================

2010-07-22 07:05:19 0 ----a-w- c:\documents and settings\rob hayday\defogger_reenable
2010-07-21 15:29:47 0 d-----w- c:\docume~1\robhay~1\applic~1\Malwarebytes
2010-07-21 15:29:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 15:29:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-21 15:29:39 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 15:29:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-21 09:37:22 17544 ------w- c:\windows\system32\drivers\RkPavproc1.sys
2010-07-21 09:29:23 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-07-21 09:29:21 0 d-----w- c:\program files\Panda Security
2010-07-21 09:13:37 0 d-----w- c:\docume~1\alluse~1\applic~1\CA
2010-07-21 07:35:51 0 d-----w- c:\docume~1\robhay~1\applic~1\e-Campaign
2010-07-19 06:44:30 0 d--h--w- C:\$AVG
2010-07-16 12:53:19 0 d-----w- c:\docume~1\robhay~1\applic~1\onOne Software
2010-07-16 12:49:50 75776 --sha-r- c:\windows\system32\setupc.dll
2010-07-16 12:41:50 61440 ----a-w- c:\windows\system32\nlssrv32.exe
2010-07-16 12:41:50 57344 ----a-w- c:\windows\system32\ASTSRV.EXE
2010-07-16 12:41:50 227840 ----a-w- c:\windows\system32\Deco_32.dll
2010-07-16 12:41:50 0 d-----w- c:\program files\common files\onOne Software Shared
2010-07-16 12:41:48 0 d-----w- c:\docume~1\alluse~1\applic~1\onOne Software
2010-07-16 12:41:47 0 d-----w- c:\program files\onOne Software
2010-07-15 15:13:28 0 d-----w- c:\docume~1\robhay~1\applic~1\BACS.exe
2010-07-15 13:51:49 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-07-15 13:51:49 160217 ----a-w- c:\windows\system32\PowerToysLicense.rtf
2010-07-14 11:22:00 8 ----a-w- c:\windows\system32\nvModes.dat
2010-07-14 06:49:15 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 16:01:57 66 ----a-w- c:\windows\3exwin.INI
2010-07-12 12:41:43 0 d-----w- C:\HP Color LaserJet 5500
2010-07-12 12:25:10 0 d-----w- c:\program files\3exwin-local
2010-07-12 11:52:41 0 d-----w- c:\docume~1\robhay~1\applic~1\Office Genuine Advantage
2010-07-12 07:16:36 0 d-----w- c:\documents and settings\rob hayday\Tracing
2010-07-09 16:02:59 0 d-----w- c:\windows\SQL9_KB970892_ENU
2010-07-08 13:19:05 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-07-08 13:19:05 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-08 13:19:03 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-07-08 13:18:49 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-07-08 13:18:02 0 d-----w- c:\docume~1\robhay~1\applic~1\Logishrd
2010-07-08 06:39:04 293376 ------w- c:\windows\system32\browserchoice.exe
2010-07-07 16:05:00 0 d-----w- c:\windows\system32\PreInstall
2010-07-07 10:50:54 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-07 10:50:54 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-07-07 10:50:28 0 d-----w- c:\program files\iPod
2010-07-07 10:50:25 0 d-----w- c:\program files\iTunes
2010-07-07 10:50:25 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-07 10:49:45 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-07-07 10:49:45 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-07-07 10:49:12 0 d-----w- c:\program files\Bonjour
2010-07-07 06:48:27 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-07 06:48:26 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-07 06:48:23 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-07 06:48:21 0 d-----w- c:\windows\system32\drivers\Avg
2010-07-07 06:46:45 0 d-----w- c:\program files\AVG
2010-07-07 06:46:35 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-07-07 06:38:28 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-06 14:16:40 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-06 14:16:40 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-06 14:16:40 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-07-06 13:53:57 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-07-06 13:53:57 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-07-06 13:53:57 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-07-06 13:53:57 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-07-06 12:58:36 0 d-----w- c:\docume~1\alluse~1\applic~1\ALM
2010-07-06 12:51:38 46928 ----a-w- c:\windows\system32\AdobePDF.dll
2010-07-06 12:51:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-07-06 12:42:04 0 d-----w- c:\program files\common files\Macrovision Shared
2010-07-06 12:37:51 0 d-----w- c:\docume~1\robhay~1\applic~1\Windows Search
2010-07-06 12:28:43 0 d-----w- c:\docume~1\robhay~1\applic~1\Intel Corporation
2010-07-06 12:28:43 0 d-----w- c:\docume~1\robhay~1\applic~1\Broadcom
2010-07-06 12:28:42 0 d-----w- c:\docume~1\robhay~1\applic~1\Windows Desktop Search
2010-07-06 12:28:42 0 d-----w- c:\docume~1\robhay~1\applic~1\Wave Systems Corp
2010-07-06 12:28:42 0 d-----w- c:\docume~1\robhay~1\applic~1\Roxio Log Files
2010-07-06 12:24:25 3247 ----a-w- c:\windows\system32\wbem\Outlook_01cb1d062bd8f694.mof
2010-07-06 12:23:00 0 d-sh--w- c:\documents and settings\rob hayday\IECompatCache
2010-07-06 12:22:25 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-07-06 12:22:08 0 d-sh--w- c:\documents and settings\rob hayday\PrivacIE
2010-07-06 12:18:55 0 d-sh--w- c:\documents and settings\rob hayday\IETldCache
2010-07-06 12:14:04 0 d-----w- c:\windows\ie8updates
2010-07-06 12:13:41 0 dc-h--w- c:\windows\ie8
2010-07-06 12:13:15 0 d--h--w- c:\windows\msdownld.tmp
2010-07-06 12:12:18 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 12:12:18 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-06 12:12:18 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-06 12:12:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-07-06 12:12:17 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-06 12:12:17 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-07-06 12:12:16 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-07-06 12:10:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-07-06 11:42:54 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-07-02 02:55:14 0 d-----w- c:\windows\system32\ReinstallBackups
2010-07-02 02:55:03 0 d-----w- c:\program files\NVIDIA Corporation
2010-07-02 02:54:26 0 d-----w- c:\program files\Analog Devices
2010-07-01 22:49:58 5204 ---ha-r- C:\dell.sdr
2010-07-01 14:44:22 61 ----a-w- c:\windows\smscfg.ini
2010-07-01 14:44:20 333 ----a-w- c:\windows\system32\$ncsp$.inf
2010-07-01 14:40:58 0 d-----w- c:\program files\Microsoft Small Business
2010-07-01 14:39:57 0 d-----w- c:\program files\MSXML 6.0
2010-07-01 14:38:50 0 d-----w- c:\program files\Microsoft SQL Server
2010-07-01 14:37:25 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-07-01 14:37:23 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-07-01 14:36:42 0 d-----w- c:\program files\Microsoft
2010-07-01 14:36:29 0 d-----w- c:\program files\Windows Live SkyDrive
2010-07-01 14:35:28 0 d-----w- c:\program files\common files\Windows Live
2010-07-01 14:35:24 0 d-----w- c:\program files\common files\SureThing Shared
2010-07-01 14:35:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Uninstall
2010-07-01 14:35:09 0 d-----w- c:\program files\common files\Sonic Shared
2010-07-01 14:35:01 0 d-----w- c:\program files\Roxio
2010-07-01 14:33:20 0 d-----w- c:\windows\SHELLNEW
2010-07-01 14:27:55 0 d-----w- c:\program files\Wave Systems Corp
2010-07-01 14:27:51 0 d-----w- c:\windows\system32\Test
2010-07-01 14:27:50 0 d-----w- c:\windows\Downloaded Installations
2010-07-01 14:27:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Wave Systems Corp
2010-07-01 14:27:41 0 d-----w- c:\program files\NTRU Cryptosystems
2010-07-01 14:27:41 0 d-----w- c:\docume~1\alluse~1\applic~1\NTRU Cryptosystems
2010-07-01 14:26:37 89088 ----a-w- c:\windows\system32\Baspxp32.dll
2010-07-01 14:26:37 0 d-----w- c:\program files\Broadcom
2010-07-01 14:26:20 0 d-----w- c:\windows\Dell
2010-07-01 14:22:55 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-07-01 14:22:54 0 d-----w- C:\Intel
2010-07-01 14:22:34 0 d-----w- c:\program files\Dell SAS RAID Storage Manager
2010-07-01 14:19:15 80368 ----a-w- c:\windows\system32\pbadrvdll.dll
2010-07-01 14:19:15 26608 ----a-w- c:\windows\system32\drivers\PBADRV.sys
2010-07-01 14:15:50 0 d-----w- c:\program files\Winbond Electronics Corporation
2010-07-01 14:15:19 0 d-----w- c:\windows\system32\BioAPIFFDB
2010-07-01 14:14:49 0 d-----w- c:\program files\Dell
2010-07-01 14:14:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-07-01 14:14:27 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-01 14:11:29 0 d-----w- c:\windows\system32\DRM
2010-07-01 14:10:37 0 d-----w- c:\program files\Windows Desktop Search
2010-07-01 14:10:23 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2010-07-01 14:10:23 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2010-07-01 14:10:23 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2010-07-01 14:06:02 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2010-07-01 14:03:43 0 d-----w- c:\program files\MSXML 4.0
2010-07-01 14:02:59 79872 -c----w- c:\windows\system32\dllcache\raschap.dll

==================== Find3M ====================

2010-07-01 22:48:37 5204 ----a-w- c:\windows\system32\drivers\1028_Dell_WOR_T3500.mrk
2010-05-18 15:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 15:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-07 09:28:03 38644 ----a-w- c:\windows\fonts\orator10.ttf
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 06:34:15 1860352 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 22:29:24 53328 ----a-w- c:\windows\system32\LMouFiltCoInst.dll

============= FINISH: 8:08:53.25 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 28 July 2010 - 01:25 PM

Hello and welcome to Bleeping Computer.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:

1. Rerun DDS and post the DDS.txt and Attach.txt logs in your next post/reply.

2. Delete GMER.exe from your computer, then do the following:

Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#3 roblondon

roblondon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 29 July 2010 - 04:33 AM

Hi km2357

thanks for replying to my post!

I have completed the scans as you requested and all the files are attached.

Thanks

Roblondon

Attached Files



#4 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 29 July 2010 - 01:54 PM

Thanks for the logs. smile.gif

From now, please do not attach any logs I ask for, just post them normally. Only attach them if requested to do so.

Thanks. smile.gif


Step # 1 Download and Run CKScanner.exe

Download CKScanner from here:http://downloads.malwareremoval.com/CKScanner.exe
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#5 roblondon

roblondon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 30 July 2010 - 01:56 AM

Hi, scan results as follows...

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe photoshop cs4\presets\brushes\anodyne-stock_cracks.abr
c:\program files\adobe\adobe photoshop cs4\presets\brushes\crispy-cracks-thb.abr
scanner sequence 3.LB.11
----- EOF -----


Thanks again

Roblondon

#6 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 30 July 2010 - 01:52 PM

Step # 1: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please post C:\ComboFix.txt in your next reply.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#7 roblondon

roblondon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 02 August 2010 - 02:18 AM

Hi,

ComboFix Log file attached below

Cheers


ComboFix 10-08-01.01 - Rob Hayday 02/08/2010 8:12.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2199 [GMT 1:00]
Running from: c:\documents and settings\Rob Hayday\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-07-02 to 2010-08-02 )))))))))))))))))))))))))))))))
.

2010-08-02 06:52 . 2010-08-02 06:52 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\AVG9
2010-07-28 12:05 . 2010-07-28 12:05 2605008 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-07-27 16:01 . 2010-07-27 16:01 313376 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-27 13:41 . 2010-07-27 13:41 -------- d-----w- c:\program files\BUFFALO
2010-07-27 13:41 . 2010-07-27 13:41 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\NASNaviator2
2010-07-26 10:12 . 2010-07-26 10:12 -------- d-----w- c:\program files\iPod
2010-07-26 10:06 . 2010-07-26 10:06 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-26 06:53 . 2010-07-26 06:54 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-07-26 06:53 . 2010-07-29 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-21 15:29 . 2010-07-21 15:29 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Malwarebytes
2010-07-21 15:29 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 15:29 . 2010-07-21 15:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 15:29 . 2010-07-21 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-21 15:29 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-21 09:37 . 2009-10-07 14:28 17544 ------w- c:\windows\system32\drivers\RkPavproc1.sys
2010-07-21 09:29 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-07-21 09:29 . 2010-07-21 09:29 -------- d-----w- c:\program files\Panda Security
2010-07-21 09:13 . 2010-07-21 09:13 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2010-07-21 07:39 . 2010-07-21 07:39 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-21 07:39 . 2010-07-21 07:39 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-07-21 07:39 . 2010-07-21 07:39 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-21 07:39 . 2010-07-21 07:39 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-21 07:35 . 2010-07-21 07:38 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\e-Campaign
2010-07-21 07:35 . 2010-07-21 07:35 -------- d-----w- c:\documents and settings\Rob Hayday\Local Settings\Application Data\e-Campaign
2010-07-19 06:44 . 2010-07-19 06:44 -------- d-----w- C:\$AVG
2010-07-16 12:53 . 2010-07-16 12:53 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\onOne Software
2010-07-16 12:49 . 2010-07-16 12:49 75776 --sha-r- c:\windows\system32\setupc.dll
2010-07-15 15:13 . 2010-07-15 15:13 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\BACS.exe
2010-07-15 13:51 . 2003-06-25 15:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-07-14 11:22 . 2010-07-14 11:22 8 ----a-w- c:\windows\system32\nvModes.dat
2010-07-14 07:18 . 2010-07-29 09:23 -------- d-----w- c:\documents and settings\Rob Hayday\Local Settings\Application Data\Temp
2010-07-14 06:49 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 12:58 . 2010-07-13 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-07-12 12:41 . 2010-07-12 12:41 -------- d-----w- C:\HP Color LaserJet 5500
2010-07-12 12:25 . 2010-07-12 12:27 -------- d-----w- c:\program files\3exwin-local
2010-07-12 11:52 . 2010-07-12 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-12 11:52 . 2010-07-12 11:52 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Office Genuine Advantage
2010-07-12 07:16 . 2010-07-21 14:29 -------- d-----w- c:\documents and settings\Rob Hayday\Tracing
2010-07-09 16:02 . 2010-07-09 16:02 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2010-07-09 15:24 . 2010-07-09 15:24 -------- d-----w- c:\program files\7-Zip
2010-07-09 07:15 . 2010-07-09 07:15 -------- d-----w- c:\windows\Sun
2010-07-08 13:19 . 2010-07-08 13:19 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Leadertech
2010-07-08 13:19 . 2010-07-08 13:19 53248 ----a-r- c:\documents and settings\Rob Hayday\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-07-08 13:19 . 2010-08-02 06:40 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-07-08 13:19 . 2008-11-07 17:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-07-08 13:18 . 2010-03-18 09:01 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-07-08 13:18 . 2010-07-08 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-07-08 13:18 . 2010-07-08 13:18 -------- d-----w- c:\program files\Logitech
2010-07-08 13:18 . 2010-07-08 13:19 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-07-08 13:18 . 2010-07-08 13:19 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Logitech
2010-07-08 13:18 . 2010-07-08 13:18 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Logishrd
2010-07-08 06:39 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-07-07 12:45 . 2010-07-30 15:08 0 ----a-w- c:\documents and settings\Rob Hayday\Local Settings\Application Data\prvlcl.dat
2010-07-07 10:51 . 2010-07-09 06:55 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Apple Computer
2010-07-07 10:50 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-07 10:50 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-07-07 10:50 . 2010-07-26 10:12 -------- d-----w- c:\program files\iTunes
2010-07-07 10:50 . 2010-07-07 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-07 10:49 . 2010-07-07 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-07 10:49 . 2010-07-07 10:50 -------- d-----w- c:\program files\QuickTime
2010-07-07 10:49 . 2010-07-07 10:49 -------- d-----w- c:\documents and settings\Rob Hayday\Local Settings\Application Data\Apple
2010-07-07 10:49 . 2010-07-07 10:49 -------- d-----w- c:\program files\Apple Software Update
2010-07-07 10:49 . 2010-04-19 19:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-07-07 10:49 . 2010-04-19 19:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-07-07 10:49 . 2010-07-07 10:49 -------- d-----w- c:\program files\Bonjour
2010-07-07 10:49 . 2010-07-26 10:12 -------- d-----w- c:\program files\Common Files\Apple
2010-07-07 10:49 . 2010-07-07 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-07-07 10:48 . 2010-07-07 10:51 -------- d-----w- c:\documents and settings\Rob Hayday\Local Settings\Application Data\Apple Computer
2010-07-07 06:48 . 2010-07-07 06:48 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-07 06:48 . 2010-07-07 06:48 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-07 06:48 . 2010-07-07 06:48 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-07 06:48 . 2010-07-07 06:48 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-07 06:48 . 2010-08-02 06:31 -------- d-----w- c:\windows\system32\drivers\Avg
2010-07-07 06:46 . 2010-07-07 06:46 -------- d-----w- c:\program files\AVG
2010-07-07 06:46 . 2010-07-19 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-07 06:38 . 2008-04-13 23:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-06 15:35 . 2010-07-06 15:35 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-07-06 14:16 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-06 14:16 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-06 14:10 . 2010-07-06 14:10 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-06 13:53 . 2008-04-14 04:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-07-06 13:53 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-07-06 13:53 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-07-06 13:53 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-07-06 13:17 . 2010-07-07 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-07-06 12:58 . 2010-07-06 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2010-07-06 12:51 . 2009-08-19 22:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-07-06 12:51 . 2009-08-19 22:50 46928 ----a-w- c:\windows\system32\AdobePDF.dll
2010-07-06 12:45 . 2010-07-06 12:45 -------- d-----w- c:\program files\Adobe Media Player
2010-07-06 12:45 . 2010-07-06 12:45 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-06 12:42 . 2010-07-08 06:59 -------- d-----w- c:\documents and settings\Rob Hayday\Local Settings\Application Data\Adobe
2010-07-06 12:42 . 2010-07-06 12:42 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-06 12:39 . 2010-07-13 13:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-06 12:38 . 2010-07-06 12:38 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\CyberLink
2010-07-06 12:37 . 2010-07-06 12:37 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Windows Search
2010-07-06 12:23 . 2010-07-06 12:23 -------- d-sh--w- c:\documents and settings\Rob Hayday\IECompatCache
2010-07-06 12:22 . 2010-07-06 12:22 -------- d-sh--w- c:\documents and settings\Rob Hayday\PrivacIE
2010-07-06 12:19 . 2010-07-06 12:19 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-06 12:18 . 2010-07-06 12:18 -------- d-sh--w- c:\documents and settings\Rob Hayday\IETldCache
2010-07-06 12:18 . 2010-07-06 12:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-07-06 12:14 . 2010-07-08 12:10 -------- d-----w- c:\windows\ie8updates
2010-07-06 12:13 . 2010-07-06 12:13 -------- dc-h--w- c:\windows\ie8
2010-07-06 12:13 . 2010-07-06 12:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-07-06 12:13 . 2010-07-21 13:14 -------- d-----w- c:\documents and settings\Rob Hayday\Local Settings\Application Data\Google
2010-07-06 12:13 . 2010-07-06 12:14 -------- d--h--w- c:\windows\msdownld.tmp
2010-07-06 12:13 . 2010-07-06 12:13 -------- d-----w- c:\program files\Google
2010-07-06 12:12 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-07-06 12:12 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-06 12:12 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-06 12:12 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 12:12 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-06 12:12 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-07-06 12:12 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-07-06 12:10 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-07-06 12:09 . 2010-07-06 12:09 0 ----a-w- c:\windows\nsreg.dat
2010-07-06 12:09 . 2010-07-06 12:09 -------- d-----w- c:\documents and settings\Rob Hayday\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-02 06:28 . 2010-07-06 12:28 0 ----a-w- c:\documents and settings\Rob Hayday\Local Settings\Application Data\WavXMapDrive.bat
2010-07-26 06:40 . 2010-07-01 14:38 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-23 08:35 . 2010-07-01 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-16 12:41 . 2010-07-16 12:41 -------- d-----w- c:\program files\Common Files\onOne Software Shared
2010-07-16 12:41 . 2010-07-16 12:41 -------- d-----w- c:\documents and settings\All Users\Application Data\onOne Software
2010-07-16 12:41 . 2010-07-16 12:41 -------- d-----w- c:\program files\onOne Software
2010-07-16 12:41 . 2010-07-01 14:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-15 13:27 . 2010-07-01 14:36 -------- d-----w- c:\program files\Windows Live
2010-07-13 06:33 . 2010-07-01 14:31 133112 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-12 12:42 . 2010-07-12 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-07-09 16:03 . 2010-07-01 14:38 -------- d-----w- c:\program files\Microsoft SQL Server
2010-07-08 13:19 . 2010-07-08 13:19 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-08 12:17 . 2010-07-01 14:34 -------- d-----w- c:\program files\Microsoft Works
2010-07-02 02:55 . 2010-07-02 02:55 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-02 02:54 . 2010-07-02 02:54 -------- d-----w- c:\program files\Analog Devices
2010-07-01 22:48 . 2010-07-01 22:48 5204 ----a-w- c:\windows\system32\drivers\1028_Dell_WOR_T3500.mrk
2010-07-01 14:44 . 2010-07-06 12:28 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Intel Corporation
2010-07-01 14:44 . 2010-07-06 12:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel Corporation
2010-07-01 14:44 . 2010-07-01 14:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel Corporation
2010-07-01 14:43 . 2010-07-01 14:43 0 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\WavXMapDrive.bat
2010-07-01 14:40 . 2010-07-01 14:40 -------- d-----w- c:\program files\Microsoft Small Business
2010-07-01 14:39 . 2010-07-01 14:39 -------- d-----w- c:\program files\MSXML 6.0
2010-07-01 14:38 . 2010-07-06 12:28 68688 ----a-w- c:\documents and settings\Rob Hayday\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-01 14:38 . 2010-07-01 14:38 -------- d-----w- c:\program files\CyberLink
2010-07-01 14:38 . 2010-07-01 14:22 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-01 14:37 . 2010-07-01 14:37 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-07-01 14:37 . 2010-07-01 14:37 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-07-01 14:36 . 2010-07-01 14:36 -------- d-----w- c:\program files\Microsoft
2010-07-01 14:36 . 2010-07-01 14:36 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-07-01 14:35 . 2010-07-01 14:35 -------- d-----w- c:\program files\Common Files\Windows Live
2010-07-01 14:35 . 2010-07-06 12:28 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Broadcom
2010-07-01 14:35 . 2010-07-06 12:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Broadcom
2010-07-01 14:35 . 2010-07-01 14:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Broadcom
2010-07-01 14:35 . 2010-07-01 14:35 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-07-01 14:35 . 2010-07-01 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Uninstall
2010-07-01 14:35 . 2010-07-01 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-07-01 14:35 . 2010-07-01 14:35 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-07-01 14:35 . 2010-07-01 14:35 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-07-01 14:35 . 2010-07-01 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-07-01 14:35 . 2010-07-01 14:35 -------- d-----w- c:\program files\Roxio
2010-07-01 14:34 . 2010-07-06 12:28 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Roxio Log Files
2010-07-01 14:34 . 2010-07-06 12:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Roxio Log Files
2010-07-01 14:34 . 2010-07-01 14:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\Roxio Log Files
2010-07-01 14:34 . 2010-07-01 14:34 -------- d-----w- c:\program files\Microsoft.NET
2010-07-01 14:32 . 2010-07-01 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-07-01 14:31 . 2010-07-01 14:14 -------- d-----w- c:\program files\Dell
2010-07-01 14:30 . 2010-07-01 14:27 -------- d-----w- c:\program files\Wave Systems Corp
2010-07-01 14:27 . 2010-07-06 12:28 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Wave Systems Corp
2010-07-01 14:27 . 2010-07-06 12:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Wave Systems Corp
2010-07-01 14:27 . 2010-07-01 14:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Wave Systems Corp
2010-07-01 14:27 . 2010-07-01 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Wave Systems Corp
2010-07-01 14:27 . 2010-07-01 14:27 -------- d-----w- c:\program files\NTRU Cryptosystems
2010-07-01 14:27 . 2010-07-01 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NTRU Cryptosystems
2010-07-01 14:26 . 2010-07-01 14:26 -------- d-----w- c:\program files\Broadcom
2010-07-01 14:22 . 2010-07-01 14:22 -------- d-----w- c:\program files\Intel
2010-07-01 14:22 . 2010-07-06 12:28 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\InstallShield
2010-07-01 14:22 . 2010-07-06 12:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\InstallShield
2010-07-01 14:22 . 2010-07-01 14:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2010-07-01 14:22 . 2010-07-01 14:22 -------- d-----w- c:\program files\Dell SAS RAID Storage Manager
2010-07-01 14:19 . 2010-07-01 14:19 -------- d-----w- c:\program files\DIFX
2010-07-01 14:17 . 2010-07-06 12:28 405504 ----a-r- c:\documents and settings\Rob Hayday\Application Data\Microsoft\Installer\{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}\ARPPRODUCTICON.exe
2010-07-01 14:17 . 2010-07-06 12:28 405504 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}\ARPPRODUCTICON.exe
2010-07-01 14:17 . 2010-07-01 14:17 405504 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}\ARPPRODUCTICON.exe
2010-07-01 14:15 . 2010-07-01 14:15 -------- d-----w- c:\program files\Winbond Electronics Corporation
2010-07-01 14:15 . 2010-07-06 12:28 365322 ----a-r- c:\documents and settings\Rob Hayday\Application Data\Microsoft\Installer\{AF7E4468-E364-4991-BC2A-6E8293E1055B}\ARPPRODUCTICON.exe
2010-07-01 14:15 . 2010-07-06 12:28 365322 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{AF7E4468-E364-4991-BC2A-6E8293E1055B}\ARPPRODUCTICON.exe
2010-07-01 14:15 . 2010-07-01 14:15 365322 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{AF7E4468-E364-4991-BC2A-6E8293E1055B}\ARPPRODUCTICON.exe
2010-07-01 14:14 . 2010-07-01 14:14 -------- d-----w- c:\program files\Common Files\Java
2010-07-01 14:14 . 2010-07-01 14:14 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-01 14:13 . 2010-07-01 14:13 -------- d-----w- c:\program files\Java
2010-07-01 14:11 . 2010-07-01 14:10 -------- d-----w- c:\program files\Windows Desktop Search
2010-07-01 14:10 . 2010-07-06 12:28 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Windows Desktop Search
2010-07-01 14:10 . 2010-07-06 12:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Windows Desktop Search
2010-07-01 14:10 . 2010-07-01 14:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2010-07-01 14:03 . 2010-07-01 14:03 -------- d-----w- c:\program files\MSXML 4.0
2010-07-01 14:00 . 2008-04-25 21:28 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-14 14:31 . 2008-04-25 21:27 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.2\ARM\ARM Update\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.2\ARM\ARM Update\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.2\ARM\ARM Update\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.2\ARM\ARM Update\AcrobatUpdater.exe
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 15:35 . 2010-05-18 15:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-11-24 14:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-11-24 14:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-06 39408]
"Google Update"="c:\documents and settings\Rob Hayday\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-06 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-01-19 1044480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-20 13586432]
"Popup"="c:\program files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe" [2007-12-18 81096]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-01-05 158592]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-01-05 34232]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-19 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-07 2065760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-05-18 1311312]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Rob Hayday\Start Menu\Programs\Startup\
BUFFALO NAS Navigator.lnk - c:\program files\BUFFALO\NASNAVI\NasNavi.exe [2010-7-27 1553800]
NAS Scheduler.lnk - c:\program files\BUFFALO\NASNAVI\nassche.exe [2010-7-27 206128]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2010-2-8 1338224]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2009-11-24 132456]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-07 06:48 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell SAS RAID Storage Manager\\MegaPopup\\popup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [21/07/2010 10:29 28552]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [01/07/2010 23:48 24064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [07/07/2010 07:48 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [07/07/2010 07:48 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [07/07/2010 07:47 308136]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [08/02/2010 16:20 376688]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [01/07/2010 15:22 13336]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [08/07/2010 14:18 10448]
R2 NasPmService;NAS PM Service;c:\program files\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> c:\program files\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [11/12/2008 20:08 3575808]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [18/03/2010 10:01 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [18/03/2010 10:01 10448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/07/2010 13:13 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 05:46 284016]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [25/04/2008 17:16 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 12:13]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 12:13]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-803831775-4236801321-34469678-1008Core.job
- c:\documents and settings\Rob Hayday\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-21 12:13]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-803831775-4236801321-34469678-1008UA.job
- c:\documents and settings\Rob Hayday\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-21 12:13]

2010-08-02 c:\windows\Tasks\Zonplrhfly.job
- c:\windows\system32\setupc.dll [2010-07-16 12:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\documents and settings\Rob Hayday\Application Data\Mozilla\Firefox\Profiles\380hzm27.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.itslondon.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Rob Hayday\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-02 08:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\wvauth.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3876)
c:\windows\system32\WININET.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-08-02 08:15:48
ComboFix-quarantined-files.txt 2010-08-02 07:15

Pre-Run: 549,853,618,176 bytes free
Post-Run: 550,217,420,800 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 9E421BD2840B68A77FB6B6ECBCB88E70


#8 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 02 August 2010 - 01:24 PM

Step # 1: Run CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    CODE
    KILLALL::

    File::

    c:\windows\Tasks\Zonplrhfly.job
    c:\windows\system32\setupc.dll



  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.







    Note: This CFScript is for use on roblondon's computer only! Do not use it on your computer.


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


In your next post/reply, I need to see the following:

1. The ComboFix Log that appears after Step 1 has been completed.
2. A fresh DDS Log taken after Step 1 has been completed.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#9 roblondon

roblondon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 03 August 2010 - 01:56 AM

Hi again,

Logs attached below,

Thanks




Combofix---

ComboFix 10-08-02.03 - Rob Hayday 03/08/2010 7:37.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2339 [GMT 1:00]
Running from: c:\documents and settings\Rob Hayday\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rob Hayday\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\setupc.dll"
"c:\windows\Tasks\Zonplrhfly.job"
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\setupc.dll
c:\windows\Tasks\Zonplrhfly.job

.
((((((((((((((((((((((((( Files Created from 2010-07-03 to 2010-08-03 )))))))))))))))))))))))))))))))
.

2010-08-02 06:52 . 2010-08-02 06:52 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\AVG9
2010-07-28 12:05 . 2010-07-28 12:05 2605008 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-07-27 16:01 . 2010-07-27 16:01 313376 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-27 13:41 . 2010-07-27 13:41 -------- d-----w- c:\program files\BUFFALO
2010-07-27 13:41 . 2010-07-27 13:41 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\NASNaviator2
2010-07-26 10:12 . 2010-07-26 10:12 -------- d-----w- c:\program files\iPod
2010-07-26 10:06 . 2010-07-26 10:06 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-26 06:53 . 2010-07-26 06:54 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-07-26 06:53 . 2010-07-29 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-21 15:29 . 2010-07-21 15:29 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Malwarebytes
2010-07-21 15:29 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 15:29 . 2010-07-21 15:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 15:29 . 2010-07-21 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-21 15:29 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-21 09:37 . 2009-10-07 14:28 17544 ------w- c:\windows\system32\drivers\RkPavproc1.sys
2010-07-21 09:29 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-07-21 09:29 . 2010-07-21 09:29 -------- d-----w- c:\program files\Panda Security
2010-07-21 09:13 . 2010-07-21 09:13 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2010-07-21 07:39 . 2010-07-21 07:39 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-21 07:39 . 2010-07-21 07:39 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-07-21 07:39 . 2010-07-21 07:39 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-21 07:39 . 2010-07-21 07:39 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-21 07:35 . 2010-07-21 07:38 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\e-Campaign
2010-07-21 07:35 . 2010-07-21 07:35 -------- d-----w- c:\documents and settings\Rob Hayday\Local Settings\Application Data\e-Campaign
2010-07-19 06:44 . 2010-07-19 06:44 -------- d-----w- C:\$AVG
2010-07-16 12:53 . 2010-07-16 12:53 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\onOne Software
2010-07-15 15:13 . 2010-07-15 15:13 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\BACS.exe
2010-07-15 13:51 . 2003-06-25 15:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-07-14 11:22 . 2010-07-14 11:22 8 ----a-w- c:\windows\system32\nvModes.dat
2010-07-14 07:18 . 2010-07-29 09:23 -------- d-----w- c:\documents and settings\Rob Hayday\Local Settings\Application Data\Temp
2010-07-14 06:49 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 12:58 . 2010-07-13 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-07-12 12:41 . 2010-07-12 12:41 -------- d-----w- C:\HP Color LaserJet 5500
2010-07-12 12:25 . 2010-07-12 12:27 -------- d-----w- c:\program files\3exwin-local
2010-07-12 11:52 . 2010-07-12 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-12 11:52 . 2010-07-12 11:52 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Office Genuine Advantage
2010-07-12 07:16 . 2010-07-21 14:29 -------- d-----w- c:\documents and settings\Rob Hayday\Tracing
2010-07-09 16:02 . 2010-07-09 16:02 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2010-07-09 15:24 . 2010-07-09 15:24 -------- d-----w- c:\program files\7-Zip
2010-07-09 07:15 . 2010-07-09 07:15 -------- d-----w- c:\windows\Sun
2010-07-08 13:19 . 2010-07-08 13:19 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Leadertech
2010-07-08 13:19 . 2010-07-08 13:19 53248 ----a-r- c:\documents and settings\Rob Hayday\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-07-08 13:19 . 2010-08-02 06:40 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-07-08 13:19 . 2008-11-07 17:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-07-08 13:18 . 2010-03-18 09:01 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-07-08 13:18 . 2010-07-08 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-07-08 13:18 . 2010-07-08 13:18 -------- d-----w- c:\program files\Logitech
2010-07-08 13:18 . 2010-07-08 13:19 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-07-08 13:18 . 2010-07-08 13:19 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Logitech
2010-07-08 13:18 . 2010-07-08 13:18 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Logishrd
2010-07-08 06:39 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-07-07 12:45 . 2010-08-02 15:08 0 ----a-w- c:\documents and settings\Rob Hayday\Local Settings\Application Data\prvlcl.dat
2010-07-07 10:51 . 2010-07-09 06:55 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Apple Computer
2010-07-07 10:50 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-07 10:50 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-07-07 10:50 . 2010-07-26 10:12 -------- d-----w- c:\program files\iTunes
2010-07-07 10:50 . 2010-07-07 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-07 10:49 . 2010-07-07 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-07 10:49 . 2010-07-07 10:50 -------- d-----w- c:\program files\QuickTime
2010-07-07 10:49 . 2010-07-07 10:49 -------- d-----w- c:\documents and settings\Rob Hayday\Local Settings\Application Data\Apple
2010-07-07 10:49 . 2010-07-07 10:49 -------- d-----w- c:\program files\Apple Software Update
2010-07-07 10:49 . 2010-04-19 19:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-07-07 10:49 . 2010-04-19 19:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-07-07 10:49 . 2010-07-07 10:49 -------- d-----w- c:\program files\Bonjour
2010-07-07 10:49 . 2010-07-26 10:12 -------- d-----w- c:\program files\Common Files\Apple
2010-07-07 10:49 . 2010-07-07 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-07-07 10:48 . 2010-07-07 10:51 -------- d-----w- c:\documents and settings\Rob Hayday\Local Settings\Application Data\Apple Computer
2010-07-07 06:48 . 2010-07-07 06:48 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-07 06:48 . 2010-07-07 06:48 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-07 06:48 . 2010-07-07 06:48 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-07 06:48 . 2010-07-07 06:48 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-07 06:48 . 2010-08-02 06:31 -------- d-----w- c:\windows\system32\drivers\Avg
2010-07-07 06:46 . 2010-07-07 06:46 -------- d-----w- c:\program files\AVG
2010-07-07 06:46 . 2010-07-19 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-07 06:38 . 2008-04-13 23:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-06 15:35 . 2010-07-06 15:35 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-07-06 14:16 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-06 14:16 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-06 14:10 . 2010-07-06 14:10 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-06 13:53 . 2008-04-14 04:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-07-06 13:53 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-07-06 13:53 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-07-06 13:53 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-07-06 13:17 . 2010-07-07 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-07-06 12:58 . 2010-07-06 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2010-07-06 12:51 . 2009-08-19 22:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-07-06 12:51 . 2009-08-19 22:50 46928 ----a-w- c:\windows\system32\AdobePDF.dll
2010-07-06 12:45 . 2010-07-06 12:45 -------- d-----w- c:\program files\Adobe Media Player
2010-07-06 12:45 . 2010-07-06 12:45 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-06 12:42 . 2010-07-08 06:59 -------- d-----w- c:\documents and settings\Rob Hayday\Local Settings\Application Data\Adobe
2010-07-06 12:42 . 2010-07-06 12:42 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-06 12:39 . 2010-07-13 13:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-06 12:38 . 2010-07-06 12:38 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\CyberLink
2010-07-06 12:37 . 2010-07-06 12:37 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Windows Search
2010-07-06 12:23 . 2010-07-06 12:23 -------- d-sh--w- c:\documents and settings\Rob Hayday\IECompatCache
2010-07-06 12:22 . 2010-07-06 12:22 -------- d-sh--w- c:\documents and settings\Rob Hayday\PrivacIE
2010-07-06 12:19 . 2010-07-06 12:19 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-06 12:18 . 2010-07-06 12:18 -------- d-sh--w- c:\documents and settings\Rob Hayday\IETldCache
2010-07-06 12:18 . 2010-07-06 12:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-07-06 12:14 . 2010-07-08 12:10 -------- d-----w- c:\windows\ie8updates
2010-07-06 12:13 . 2010-07-06 12:13 -------- dc-h--w- c:\windows\ie8
2010-07-06 12:13 . 2010-07-06 12:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-07-06 12:13 . 2010-07-21 13:14 -------- d-----w- c:\documents and settings\Rob Hayday\Local Settings\Application Data\Google
2010-07-06 12:13 . 2010-07-06 12:14 -------- d--h--w- c:\windows\msdownld.tmp
2010-07-06 12:13 . 2010-07-06 12:13 -------- d-----w- c:\program files\Google
2010-07-06 12:12 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-07-06 12:12 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-06 12:12 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-06 12:12 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 12:12 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-06 12:12 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-07-06 12:12 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-07-06 12:10 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-07-06 12:09 . 2010-07-06 12:09 0 ----a-w- c:\windows\nsreg.dat
2010-07-06 12:09 . 2010-07-06 12:09 -------- d-----w- c:\documents and settings\Rob Hayday\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 06:41 . 2010-07-06 12:28 0 ----a-w- c:\documents and settings\Rob Hayday\Local Settings\Application Data\WavXMapDrive.bat
2010-07-26 06:40 . 2010-07-01 14:38 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-23 08:35 . 2010-07-01 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-16 12:41 . 2010-07-16 12:41 -------- d-----w- c:\program files\Common Files\onOne Software Shared
2010-07-16 12:41 . 2010-07-16 12:41 -------- d-----w- c:\documents and settings\All Users\Application Data\onOne Software
2010-07-16 12:41 . 2010-07-16 12:41 -------- d-----w- c:\program files\onOne Software
2010-07-16 12:41 . 2010-07-01 14:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-15 13:27 . 2010-07-01 14:36 -------- d-----w- c:\program files\Windows Live
2010-07-13 06:33 . 2010-07-01 14:31 133112 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-12 12:42 . 2010-07-12 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-07-09 16:03 . 2010-07-01 14:38 -------- d-----w- c:\program files\Microsoft SQL Server
2010-07-08 13:19 . 2010-07-08 13:19 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-08 12:17 . 2010-07-01 14:34 -------- d-----w- c:\program files\Microsoft Works
2010-07-02 02:55 . 2010-07-02 02:55 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-02 02:54 . 2010-07-02 02:54 -------- d-----w- c:\program files\Analog Devices
2010-07-01 22:48 . 2010-07-01 22:48 5204 ----a-w- c:\windows\system32\drivers\1028_Dell_WOR_T3500.mrk
2010-07-01 14:44 . 2010-07-06 12:28 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Intel Corporation
2010-07-01 14:44 . 2010-07-06 12:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel Corporation
2010-07-01 14:44 . 2010-07-01 14:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel Corporation
2010-07-01 14:43 . 2010-07-01 14:43 0 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\WavXMapDrive.bat
2010-07-01 14:40 . 2010-07-01 14:40 -------- d-----w- c:\program files\Microsoft Small Business
2010-07-01 14:39 . 2010-07-01 14:39 -------- d-----w- c:\program files\MSXML 6.0
2010-07-01 14:38 . 2010-07-06 12:28 68688 ----a-w- c:\documents and settings\Rob Hayday\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-01 14:38 . 2010-07-01 14:38 -------- d-----w- c:\program files\CyberLink
2010-07-01 14:38 . 2010-07-01 14:22 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-01 14:37 . 2010-07-01 14:37 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-07-01 14:37 . 2010-07-01 14:37 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-07-01 14:36 . 2010-07-01 14:36 -------- d-----w- c:\program files\Microsoft
2010-07-01 14:36 . 2010-07-01 14:36 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-07-01 14:35 . 2010-07-01 14:35 -------- d-----w- c:\program files\Common Files\Windows Live
2010-07-01 14:35 . 2010-07-06 12:28 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Broadcom
2010-07-01 14:35 . 2010-07-06 12:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Broadcom
2010-07-01 14:35 . 2010-07-01 14:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Broadcom
2010-07-01 14:35 . 2010-07-01 14:35 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-07-01 14:35 . 2010-07-01 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Uninstall
2010-07-01 14:35 . 2010-07-01 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-07-01 14:35 . 2010-07-01 14:35 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-07-01 14:35 . 2010-07-01 14:35 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-07-01 14:35 . 2010-07-01 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-07-01 14:35 . 2010-07-01 14:35 -------- d-----w- c:\program files\Roxio
2010-07-01 14:34 . 2010-07-06 12:28 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Roxio Log Files
2010-07-01 14:34 . 2010-07-06 12:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Roxio Log Files
2010-07-01 14:34 . 2010-07-01 14:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\Roxio Log Files
2010-07-01 14:34 . 2010-07-01 14:34 -------- d-----w- c:\program files\Microsoft.NET
2010-07-01 14:32 . 2010-07-01 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-07-01 14:31 . 2010-07-01 14:14 -------- d-----w- c:\program files\Dell
2010-07-01 14:30 . 2010-07-01 14:27 -------- d-----w- c:\program files\Wave Systems Corp
2010-07-01 14:27 . 2010-07-06 12:28 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Wave Systems Corp
2010-07-01 14:27 . 2010-07-06 12:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Wave Systems Corp
2010-07-01 14:27 . 2010-07-01 14:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Wave Systems Corp
2010-07-01 14:27 . 2010-07-01 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Wave Systems Corp
2010-07-01 14:27 . 2010-07-01 14:27 -------- d-----w- c:\program files\NTRU Cryptosystems
2010-07-01 14:27 . 2010-07-01 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NTRU Cryptosystems
2010-07-01 14:26 . 2010-07-01 14:26 -------- d-----w- c:\program files\Broadcom
2010-07-01 14:22 . 2010-07-01 14:22 -------- d-----w- c:\program files\Intel
2010-07-01 14:22 . 2010-07-06 12:28 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\InstallShield
2010-07-01 14:22 . 2010-07-06 12:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\InstallShield
2010-07-01 14:22 . 2010-07-01 14:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2010-07-01 14:22 . 2010-07-01 14:22 -------- d-----w- c:\program files\Dell SAS RAID Storage Manager
2010-07-01 14:19 . 2010-07-01 14:19 -------- d-----w- c:\program files\DIFX
2010-07-01 14:17 . 2010-07-06 12:28 405504 ----a-r- c:\documents and settings\Rob Hayday\Application Data\Microsoft\Installer\{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}\ARPPRODUCTICON.exe
2010-07-01 14:17 . 2010-07-06 12:28 405504 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}\ARPPRODUCTICON.exe
2010-07-01 14:17 . 2010-07-01 14:17 405504 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}\ARPPRODUCTICON.exe
2010-07-01 14:15 . 2010-07-01 14:15 -------- d-----w- c:\program files\Winbond Electronics Corporation
2010-07-01 14:15 . 2010-07-06 12:28 365322 ----a-r- c:\documents and settings\Rob Hayday\Application Data\Microsoft\Installer\{AF7E4468-E364-4991-BC2A-6E8293E1055B}\ARPPRODUCTICON.exe
2010-07-01 14:15 . 2010-07-06 12:28 365322 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{AF7E4468-E364-4991-BC2A-6E8293E1055B}\ARPPRODUCTICON.exe
2010-07-01 14:15 . 2010-07-01 14:15 365322 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{AF7E4468-E364-4991-BC2A-6E8293E1055B}\ARPPRODUCTICON.exe
2010-07-01 14:14 . 2010-07-01 14:14 -------- d-----w- c:\program files\Common Files\Java
2010-07-01 14:14 . 2010-07-01 14:14 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-01 14:13 . 2010-07-01 14:13 -------- d-----w- c:\program files\Java
2010-07-01 14:11 . 2010-07-01 14:10 -------- d-----w- c:\program files\Windows Desktop Search
2010-07-01 14:10 . 2010-07-06 12:28 -------- d-----w- c:\documents and settings\Rob Hayday\Application Data\Windows Desktop Search
2010-07-01 14:10 . 2010-07-06 12:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Windows Desktop Search
2010-07-01 14:10 . 2010-07-01 14:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2010-07-01 14:03 . 2010-07-01 14:03 -------- d-----w- c:\program files\MSXML 4.0
2010-07-01 14:00 . 2008-04-25 21:28 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-14 14:31 . 2008-04-25 21:27 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.2\ARM\ARM Update\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.2\ARM\ARM Update\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.2\ARM\ARM Update\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.2\ARM\ARM Update\AcrobatUpdater.exe
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 15:35 . 2010-05-18 15:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-08-02_07.15.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-03 06:41 . 2010-08-03 06:41 16384 c:\windows\temp\Perflib_Perfdata_3f0.dat
+ 2008-04-25 16:16 . 2010-08-03 06:35 97930 c:\windows\system32\perfc009.dat
- 2008-04-25 16:16 . 2010-08-02 06:31 97930 c:\windows\system32\perfc009.dat
+ 2008-04-25 16:16 . 2010-08-03 06:35 514092 c:\windows\system32\perfh009.dat
- 2008-04-25 16:16 . 2010-08-02 06:31 514092 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-11-24 14:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-11-24 14:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-06 39408]
"Google Update"="c:\documents and settings\Rob Hayday\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-06 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-01-19 1044480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-20 13586432]
"Popup"="c:\program files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe" [2007-12-18 81096]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-01-05 158592]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-01-05 34232]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-19 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-07 2065760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-05-18 1311312]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Rob Hayday\Start Menu\Programs\Startup\
BUFFALO NAS Navigator.lnk - c:\program files\BUFFALO\NASNAVI\NasNavi.exe [2010-7-27 1553800]
NAS Scheduler.lnk - c:\program files\BUFFALO\NASNAVI\nassche.exe [2010-7-27 206128]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2010-2-8 1338224]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2009-11-24 132456]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-07 06:48 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell SAS RAID Storage Manager\\MegaPopup\\popup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BUFFALO\\NASNAVI\\NasNavi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [21/07/2010 10:29 28552]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [01/07/2010 23:48 24064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [07/07/2010 07:48 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [07/07/2010 07:48 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [07/07/2010 07:47 308136]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [08/02/2010 16:20 376688]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [01/07/2010 15:22 13336]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [08/07/2010 14:18 10448]
R2 NasPmService;NAS PM Service;c:\program files\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> c:\program files\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [11/12/2008 20:08 3575808]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [18/03/2010 10:01 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [18/03/2010 10:01 10448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/07/2010 13:13 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 05:46 284016]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [25/04/2008 17:16 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 12:13]

2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 12:13]

2010-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-803831775-4236801321-34469678-1008Core.job
- c:\documents and settings\Rob Hayday\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-21 12:13]

2010-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-803831775-4236801321-34469678-1008UA.job
- c:\documents and settings\Rob Hayday\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-21 12:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\documents and settings\Rob Hayday\Application Data\Mozilla\Firefox\Profiles\380hzm27.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.itslondon.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Rob Hayday\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-03 07:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(792)
c:\windows\system32\wvauth.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1020)
c:\windows\system32\WININET.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\astsrv.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\BUFFALO\NASNAVI\nassvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
c:\program files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
c:\windows\system32\SearchProtocolHost.exe
.
**************************************************************************
.
Completion time: 2010-08-03 07:44:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-03 06:44

Pre-Run: 550,035,578,880 bytes free
Post-Run: 550,038,294,528 bytes free

- - End Of File - - A8FE62542083A06473BAD982E8602FDA



DDS.txt


DDS (Ver_10-03-17.01) - NTFSx86
Run by Rob Hayday at 7:48:02.25 on 03/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2063 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\astsrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
C:\Program Files\BUFFALO\NASNAVI\nassche.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rob Hayday\Local Settings\Temporary Internet Files\Content.IE5\YL3Z1RXU\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\rob hayday\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Popup] "c:\program files\dell sas raid storage manager\megapopup\Popup.exe"
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\robhay~1\startm~1\programs\startup\buffal~1.lnk - c:\program files\buffalo\nasnavi\NasNavi.exe
StartupFolder: c:\docume~1\robhay~1\startm~1\programs\startup\nassch~1.lnk - c:\program files\buffalo\nasnavi\nassche.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\robhay~1\applic~1\mozilla\firefox\profiles\380hzm27.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.itslondon.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\rob hayday\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-7-21 28552]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2010-7-1 24064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-7 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-7 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-7 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-7 308136]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2010-2-8 376688]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-7-1 13336]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-7-8 10448]
R2 NasPmService;NAS PM Service;c:\program files\buffalo\nasnavi\nassvc.exe -service_execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> c:\program files\buffalo\nasnavi\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2008-12-11 3575808]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-3-18 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-3-18 10448]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-6 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]

=============== Created Last 30 ================

2010-08-02 07:56:02 7680 --sha-w- c:\windows\Thumbs.db
2010-08-02 07:12:13 0 d-sha-r- C:\cmdcons
2010-08-02 07:10:30 98816 ----a-w- c:\windows\sed.exe
2010-08-02 07:10:30 77312 ----a-w- c:\windows\MBR.exe
2010-08-02 07:10:30 256512 ----a-w- c:\windows\PEV.exe
2010-08-02 07:10:30 161792 ----a-w- c:\windows\SWREG.exe
2010-08-02 06:52:33 0 d-----w- c:\docume~1\robhay~1\applic~1\AVG9
2010-07-29 06:46:21 0 ----a-w- c:\documents and settings\rob hayday\defogger_reenable
2010-07-27 13:41:52 0 d-----w- c:\program files\BUFFALO
2010-07-27 13:41:24 0 d-----w- c:\docume~1\robhay~1\applic~1\NASNaviator2
2010-07-26 10:12:14 0 d-----w- c:\program files\iPod
2010-07-21 15:29:47 0 d-----w- c:\docume~1\robhay~1\applic~1\Malwarebytes
2010-07-21 15:29:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 15:29:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-21 15:29:39 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 15:29:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-21 09:37:22 17544 ------w- c:\windows\system32\drivers\RkPavproc1.sys
2010-07-21 09:29:23 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-07-21 09:29:21 0 d-----w- c:\program files\Panda Security
2010-07-21 09:13:37 0 d-----w- c:\docume~1\alluse~1\applic~1\CA
2010-07-21 07:35:51 0 d-----w- c:\docume~1\robhay~1\applic~1\e-Campaign
2010-07-19 06:44:30 0 d-----w- C:\$AVG
2010-07-16 12:53:19 0 d-----w- c:\docume~1\robhay~1\applic~1\onOne Software
2010-07-16 12:41:50 61440 ----a-w- c:\windows\system32\nlssrv32.exe
2010-07-16 12:41:50 57344 ----a-w- c:\windows\system32\ASTSRV.EXE
2010-07-16 12:41:50 227840 ----a-w- c:\windows\system32\Deco_32.dll
2010-07-16 12:41:50 0 d-----w- c:\program files\common files\onOne Software Shared
2010-07-16 12:41:48 0 d-----w- c:\docume~1\alluse~1\applic~1\onOne Software
2010-07-16 12:41:47 0 d-----w- c:\program files\onOne Software
2010-07-15 15:13:28 0 d-----w- c:\docume~1\robhay~1\applic~1\BACS.exe
2010-07-15 13:51:49 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-07-15 13:51:49 160217 ----a-w- c:\windows\system32\PowerToysLicense.rtf
2010-07-14 11:22:00 8 ----a-w- c:\windows\system32\nvModes.dat
2010-07-14 06:49:15 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 16:01:57 66 ----a-w- c:\windows\3exwin.INI
2010-07-12 12:41:43 0 d-----w- C:\HP Color LaserJet 5500
2010-07-12 12:25:10 0 d-----w- c:\program files\3exwin-local
2010-07-12 11:52:41 0 d-----w- c:\docume~1\robhay~1\applic~1\Office Genuine Advantage
2010-07-12 07:16:36 0 d-----w- c:\documents and settings\rob hayday\Tracing
2010-07-09 16:02:59 0 d-----w- c:\windows\SQL9_KB970892_ENU
2010-07-08 13:19:05 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-07-08 13:19:05 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-08 13:19:03 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-07-08 13:18:49 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-07-08 13:18:02 0 d-----w- c:\docume~1\robhay~1\applic~1\Logishrd
2010-07-08 06:39:04 293376 ------w- c:\windows\system32\browserchoice.exe
2010-07-07 16:05:00 0 d-----w- c:\windows\system32\PreInstall
2010-07-07 10:50:54 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-07 10:50:54 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-07-07 10:50:25 0 d-----w- c:\program files\iTunes
2010-07-07 10:50:25 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-07 10:49:45 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-07-07 10:49:45 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-07-07 10:49:12 0 d-----w- c:\program files\Bonjour
2010-07-07 06:48:27 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-07 06:48:26 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-07 06:48:23 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-07 06:48:21 0 d-----w- c:\windows\system32\drivers\Avg
2010-07-07 06:46:45 0 d-----w- c:\program files\AVG
2010-07-07 06:46:35 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-07-07 06:38:28 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-06 14:16:40 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-06 14:16:40 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-06 14:16:40 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-07-06 13:53:57 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-07-06 13:53:57 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-07-06 13:53:57 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-07-06 13:53:57 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-07-06 12:58:36 0 d-----w- c:\docume~1\alluse~1\applic~1\ALM
2010-07-06 12:51:38 46928 ----a-w- c:\windows\system32\AdobePDF.dll
2010-07-06 12:51:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-07-06 12:42:04 0 d-----w- c:\program files\common files\Macrovision Shared
2010-07-06 12:37:51 0 d-----w- c:\docume~1\robhay~1\applic~1\Windows Search
2010-07-06 12:28:43 0 d-----w- c:\docume~1\robhay~1\applic~1\Intel Corporation
2010-07-06 12:28:43 0 d-----w- c:\docume~1\robhay~1\applic~1\Broadcom
2010-07-06 12:28:42 0 d-----w- c:\docume~1\robhay~1\applic~1\Windows Desktop Search
2010-07-06 12:28:42 0 d-----w- c:\docume~1\robhay~1\applic~1\Wave Systems Corp
2010-07-06 12:28:42 0 d-----w- c:\docume~1\robhay~1\applic~1\Roxio Log Files
2010-07-06 12:24:25 3247 ----a-w- c:\windows\system32\wbem\Outlook_01cb1d062bd8f694.mof
2010-07-06 12:23:00 0 d-sh--w- c:\documents and settings\rob hayday\IECompatCache
2010-07-06 12:22:25 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-07-06 12:22:08 0 d-sh--w- c:\documents and settings\rob hayday\PrivacIE
2010-07-06 12:18:55 0 d-sh--w- c:\documents and settings\rob hayday\IETldCache
2010-07-06 12:14:04 0 d-----w- c:\windows\ie8updates
2010-07-06 12:13:41 0 dc-h--w- c:\windows\ie8
2010-07-06 12:13:15 0 d--h--w- c:\windows\msdownld.tmp
2010-07-06 12:12:18 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 12:12:18 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-06 12:12:18 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-06 12:12:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-07-06 12:12:17 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-06 12:12:17 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-07-06 12:12:16 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-07-06 12:10:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-07-06 11:42:54 0 d-----w- c:\windows\system32\SoftwareDistribution

==================== Find3M ====================

2010-07-01 22:48:37 5204 ----a-w- c:\windows\system32\drivers\1028_Dell_WOR_T3500.mrk
2010-07-01 14:14:18 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-18 15:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 15:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-07 09:28:03 38644 ----a-w- c:\windows\fonts\orator10.ttf
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

============= FINISH: 7:48:09.70 ===============



Attach.txt



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 06/07/2010 13:28:34
System Uptime: 08/03/2010 07:40:41 (3552 hours ago)

Motherboard: Dell Inc. | | 09KPNV
Processor: Intel® Xeon® CPU W3530 @ 2.80GHz | CPU | 2800/4800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 559 GiB total, 512.284 GiB free.
D: is CDROM ()
E: is CDROM ()
L: is NetworkDisk (NTFS) - 451 GiB total, 415.435 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 19/07/2010 07:36:06 - System Checkpoint
RP2: 20/07/2010 13:14:18 - System Checkpoint
RP3: 21/07/2010 08:39:29 - Avg Update
RP4: 22/07/2010 13:17:46 - System Checkpoint
RP5: 23/07/2010 13:41:59 - System Checkpoint
RP6: 24/07/2010 12:59:00 - Software Distribution Service 3.0
RP7: 26/07/2010 09:38:35 - System Checkpoint
RP8: 27/07/2010 13:00:52 - System Checkpoint
RP9: 28/07/2010 13:35:20 - System Checkpoint
RP10: 29/07/2010 15:41:41 - System Checkpoint
RP11: 02/08/2010 08:10:34 - ComboFix created restore point

==== Installed Programs ======================

2007 Microsoft Office system
7-Zip 4.65
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.3.3 - CPSID_83708
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Design Premium
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Alt-Tab Task Switcher Powertoy for Windows XP
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
BioAPI Framework
Bonjour
Broadcom NetXtreme-I Netlink Driver and Management Installer
BUFFALO NAS Navigator
Business Contact Manager for Outlook 2007 SP2
Connect
DCP32MMWrapper
Dell Control Point
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell Embassy Trust Suite by Wave Systems
Dell SAS RAID Storage Manager
Dell SAS RAID Storage Manager v2.66-00
Dell Security Device Driver Pack
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
eReg
ESC Home Page Plugin
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Gemalto
Genuine Fractals 6.0.6 Professional Edition
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958244)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB968764)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Rapid Storage Technology
iTunes
Java Auto Updater
Java™ 6 Update 20
Junk Mail filter update
kuler
Logitech SetPoint 6.1
Magnifier Powertoy for Windows XP
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6.0 Parser
NTRU TCG Software Stack
NVIDIA Drivers
NVIDIA Performance Drivers
OGA Notifier 2.0.0048.0
Panda ActiveScan 2.0
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
PowerDVD DX
Preboot Manager
Private Information Manager
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Wizards
Segoe UI
SO32MMWrapper
Suite Shared Configuration CS4
Trusted Drive Manager
tsp patch
Tweak UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb2202131)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
UPEK TouchChip Fingerprint Reader
Virtual Desktop Manager Powertoy for Windows XP
Wave Infrastructure Installer
Wave Support Software
WebFldrs XP
Winbond TPM Device Driver
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Search 4.0
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

29/07/2010 09:54:55, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg9wd service.
03/08/2010 07:37:49, error: Service Control Manager [7034] - The TdmService service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The NVIDIA Performance Driver Service service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The NAS PM Service service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The Dell ControlPoint System Manager service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The Business Contact Manager SQL Server Startup Service service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The AST Service service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
03/08/2010 07:37:49, error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/08/2010 07:37:49, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
03/08/2010 07:37:49, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/08/2010 07:31:00, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
02/08/2010 08:12:29, error: Service Control Manager [7034] - The SSMFramework service terminated unexpectedly. It has done this 1 time(s).
02/08/2010 08:12:29, error: Service Control Manager [7034] - The MRMonitor service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================


#10 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 03 August 2010 - 01:37 PM

Step # 1 Update Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u21.
  • Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Remove the following old versions of Java:

  • Java™ 6 Update 20

  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • From your desktop double-click on the download to install the newest version.



Step # 2: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleanerİ by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.



Step # 3 Run Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware.
  • Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
  • Next click the Scanner tab and select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • You can also access the log by doing the following:
  • Click on the Malwarebytes' Anti-Malware icon to launch the program.
  • Click on the Logs tab.
  • Click on the log at the bottom of those listed to highlight it.
  • Click Open.


Post the MalwareBytes' Log in your next post/reply.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#11 roblondon

roblondon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 04 August 2010 - 01:59 AM

Thanks

Log Attached


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4387

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/08/2010 07:55:33
mbam-log-2010-08-04 (07-55-33).txt

Scan type: Quick scan
Objects scanned: 143166
Time elapsed: 2 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#12 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 04 August 2010 - 01:26 PM

Step # 1: Run Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.


In your next post/reply, I need to see the following:

1. Kaspersky Log
2. A fresh DDS Log
3. How is your computer doing, any problems?

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#13 roblondon

roblondon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 05 August 2010 - 04:26 AM

--------------------------------------------------------------------------------
Hi,

Computer is running well, I haven't been redirected from google for a while. Looking good.

logs attached

Cheers


KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, August 5, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, August 05, 2010 02:32:08
Records in database: 4149482
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 06/07/2010 13:28:34
System Uptime: 08/05/2010 07:40:29 (2139 hours ago)

Motherboard: Dell Inc. | | 09KPNV
Processor: Intel® Xeon® CPU W3530 @ 2.80GHz | CPU | 2799/4800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 559 GiB total, 511.951 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
L: is NetworkDisk (NTFS) - 451 GiB total, 415.393 GiB free.
X: is NetworkDisk (NTFS) - 928 GiB total, 928.089 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 19/07/2010 07:36:06 - System Checkpoint
RP2: 20/07/2010 13:14:18 - System Checkpoint
RP3: 21/07/2010 08:39:29 - Avg Update
RP4: 22/07/2010 13:17:46 - System Checkpoint
RP5: 23/07/2010 13:41:59 - System Checkpoint
RP6: 24/07/2010 12:59:00 - Software Distribution Service 3.0
RP7: 26/07/2010 09:38:35 - System Checkpoint
RP8: 27/07/2010 13:00:52 - System Checkpoint
RP9: 28/07/2010 13:35:20 - System Checkpoint
RP10: 29/07/2010 15:41:41 - System Checkpoint
RP11: 02/08/2010 08:10:34 - ComboFix created restore point
RP12: 03/08/2010 08:13:57 - System Checkpoint
RP13: 03/08/2010 17:01:47 - Software Distribution Service 3.0
RP14: 04/08/2010 07:45:18 - Removed Java™ 6 Update 20
RP15: 04/08/2010 07:47:09 - Installed Java™ 6 Update 21

==== Installed Programs ======================

2007 Microsoft Office system
7-Zip 4.65
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.3.3 - CPSID_83708
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Design Premium
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Alt-Tab Task Switcher Powertoy for Windows XP
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
BioAPI Framework
Bonjour
Broadcom NetXtreme-I Netlink Driver and Management Installer
BUFFALO NAS Navigator
Business Contact Manager for Outlook 2007 SP2
Connect
DCP32MMWrapper
Dell Control Point
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell Embassy Trust Suite by Wave Systems
Dell SAS RAID Storage Manager
Dell SAS RAID Storage Manager v2.66-00
Dell Security Device Driver Pack
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
eReg
ESC Home Page Plugin
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Gemalto
Genuine Fractals 6.0.6 Professional Edition
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958244)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB968764)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Rapid Storage Technology
iTunes
Java Auto Updater
Java™ 6 Update 21
Junk Mail filter update
kuler
Logitech SetPoint 6.1
Magnifier Powertoy for Windows XP
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6.0 Parser
NTRU TCG Software Stack
NVIDIA Drivers
NVIDIA Performance Drivers
OGA Notifier 2.0.0048.0
Panda ActiveScan 2.0
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
PowerDVD DX
Preboot Manager
Private Information Manager
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Wizards
Segoe UI
SO32MMWrapper
Suite Shared Configuration CS4
Trusted Drive Manager
tsp patch
Tweak UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb2202131)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
UPEK TouchChip Fingerprint Reader
Virtual Desktop Manager Powertoy for Windows XP
Wave Infrastructure Installer
Wave Support Software
WebFldrs XP
Winbond TPM Device Driver
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Search 4.0
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

29/07/2010 09:54:55, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg9wd service.
03/08/2010 07:37:49, error: Service Control Manager [7034] - The TdmService service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The NVIDIA Performance Driver Service service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The NAS PM Service service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The Dell ControlPoint System Manager service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The Business Contact Manager SQL Server Startup Service service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The AST Service service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
03/08/2010 07:37:49, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
03/08/2010 07:37:49, error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/08/2010 07:37:49, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
03/08/2010 07:37:49, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/08/2010 07:31:00, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
02/08/2010 08:12:29, error: Service Control Manager [7034] - The SSMFramework service terminated unexpectedly. It has done this 1 time(s).
02/08/2010 08:12:29, error: Service Control Manager [7034] - The MRMonitor service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
L:\
X:\

Scan statistics:
Objects scanned: 150128
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:39:09

No threats found. Scanned area is clean.

Selected area has been scanned.



DDS

DDS (Ver_10-03-17.01) - NTFSx86
Run by Rob Hayday at 10:22:26.70 on 05/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.1577 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\astsrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\BUFFALO\NASNAVI\nassche.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\3exwin-local\3exwin.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Rob Hayday\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\rob hayday\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Popup] "c:\program files\dell sas raid storage manager\megapopup\Popup.exe"
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\robhay~1\startm~1\programs\startup\buffal~1.lnk - c:\program files\buffalo\nasnavi\NasNavi.exe
StartupFolder: c:\docume~1\robhay~1\startm~1\programs\startup\nassch~1.lnk - c:\program files\buffalo\nasnavi\nassche.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\robhay~1\applic~1\mozilla\firefox\profiles\380hzm27.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.itslondon.co.uk/|http://www.google.co.uk
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\rob hayday\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-7-21 28552]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2010-7-1 24064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-7 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-7 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-7 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-7 308136]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2010-2-8 376688]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-7-1 13336]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-7-8 10448]
R2 NasPmService;NAS PM Service;c:\program files\buffalo\nasnavi\nassvc.exe -service_execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> c:\program files\buffalo\nasnavi\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2008-12-11 3575808]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-3-18 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-3-18 10448]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-6 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]

=============== Created Last 30 ================

2010-08-04 16:01:05 0 d-----w- c:\program files\Western Digital
2010-08-04 16:01:00 20992 ----a-w- c:\windows\jestertb.dll
2010-08-04 06:47:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-04 06:45:28 0 d-----w- c:\windows\system32\appmgmt
2010-08-02 07:56:02 7680 --sha-w- c:\windows\Thumbs.db
2010-08-02 07:12:13 0 d-sha-r- C:\cmdcons
2010-08-02 07:10:30 98816 ----a-w- c:\windows\sed.exe
2010-08-02 07:10:30 77312 ----a-w- c:\windows\MBR.exe
2010-08-02 07:10:30 256512 ----a-w- c:\windows\PEV.exe
2010-08-02 07:10:30 161792 ----a-w- c:\windows\SWREG.exe
2010-08-02 06:52:33 0 d-----w- c:\docume~1\robhay~1\applic~1\AVG9
2010-07-29 06:46:21 0 ----a-w- c:\documents and settings\rob hayday\defogger_reenable
2010-07-27 13:41:52 0 d-----w- c:\program files\BUFFALO
2010-07-27 13:41:24 0 d-----w- c:\docume~1\robhay~1\applic~1\NASNaviator2
2010-07-26 10:12:14 0 d-----w- c:\program files\iPod
2010-07-21 15:29:47 0 d-----w- c:\docume~1\robhay~1\applic~1\Malwarebytes
2010-07-21 15:29:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 15:29:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-21 15:29:39 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 15:29:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-21 09:37:22 17544 ------w- c:\windows\system32\drivers\RkPavproc1.sys
2010-07-21 09:29:23 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-07-21 09:29:21 0 d-----w- c:\program files\Panda Security
2010-07-21 09:13:37 0 d-----w- c:\docume~1\alluse~1\applic~1\CA
2010-07-21 07:35:51 0 d-----w- c:\docume~1\robhay~1\applic~1\e-Campaign
2010-07-19 06:44:30 0 d-----w- C:\$AVG
2010-07-16 12:53:19 0 d-----w- c:\docume~1\robhay~1\applic~1\onOne Software
2010-07-16 12:41:50 61440 ----a-w- c:\windows\system32\nlssrv32.exe
2010-07-16 12:41:50 57344 ----a-w- c:\windows\system32\ASTSRV.EXE
2010-07-16 12:41:50 227840 ----a-w- c:\windows\system32\Deco_32.dll
2010-07-16 12:41:50 0 d-----w- c:\program files\common files\onOne Software Shared
2010-07-16 12:41:48 0 d-----w- c:\docume~1\alluse~1\applic~1\onOne Software
2010-07-16 12:41:47 0 d-----w- c:\program files\onOne Software
2010-07-15 15:13:28 0 d-----w- c:\docume~1\robhay~1\applic~1\BACS.exe
2010-07-15 13:51:49 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-07-15 13:51:49 160217 ----a-w- c:\windows\system32\PowerToysLicense.rtf
2010-07-14 11:22:00 8 ----a-w- c:\windows\system32\nvModes.dat
2010-07-14 06:49:15 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 16:01:57 66 ----a-w- c:\windows\3exwin.INI
2010-07-12 12:41:43 0 d-----w- C:\HP Color LaserJet 5500
2010-07-12 12:25:10 0 d-----w- c:\program files\3exwin-local
2010-07-12 11:52:41 0 d-----w- c:\docume~1\robhay~1\applic~1\Office Genuine Advantage
2010-07-12 07:16:36 0 d-----w- c:\documents and settings\rob hayday\Tracing
2010-07-09 16:02:59 0 d-----w- c:\windows\SQL9_KB970892_ENU
2010-07-08 13:19:05 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-07-08 13:19:05 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-08 13:19:03 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-07-08 13:18:49 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-07-08 13:18:02 0 d-----w- c:\docume~1\robhay~1\applic~1\Logishrd
2010-07-08 06:39:04 293376 ------w- c:\windows\system32\browserchoice.exe
2010-07-07 16:05:00 0 d-----w- c:\windows\system32\PreInstall
2010-07-07 10:50:54 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-07 10:50:54 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-07-07 10:50:25 0 d-----w- c:\program files\iTunes
2010-07-07 10:50:25 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-07 10:49:45 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-07-07 10:49:45 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-07-07 10:49:12 0 d-----w- c:\program files\Bonjour
2010-07-07 06:48:27 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-07 06:48:26 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-07 06:48:23 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-07 06:48:21 0 d-----w- c:\windows\system32\drivers\Avg
2010-07-07 06:46:45 0 d-----w- c:\program files\AVG
2010-07-07 06:46:35 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-07-07 06:38:28 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-06 14:16:40 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-06 14:16:40 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-06 14:16:40 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-07-06 13:53:57 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-07-06 13:53:57 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-07-06 13:53:57 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-07-06 13:53:57 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-07-06 12:58:36 0 d-----w- c:\docume~1\alluse~1\applic~1\ALM
2010-07-06 12:51:38 46928 ----a-w- c:\windows\system32\AdobePDF.dll
2010-07-06 12:51:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-07-06 12:42:04 0 d-----w- c:\program files\common files\Macrovision Shared
2010-07-06 12:37:51 0 d-----w- c:\docume~1\robhay~1\applic~1\Windows Search
2010-07-06 12:28:43 0 d-----w- c:\docume~1\robhay~1\applic~1\Intel Corporation
2010-07-06 12:28:43 0 d-----w- c:\docume~1\robhay~1\applic~1\Broadcom
2010-07-06 12:28:42 0 d-----w- c:\docume~1\robhay~1\applic~1\Windows Desktop Search
2010-07-06 12:28:42 0 d-----w- c:\docume~1\robhay~1\applic~1\Wave Systems Corp
2010-07-06 12:28:42 0 d-----w- c:\docume~1\robhay~1\applic~1\Roxio Log Files
2010-07-06 12:24:25 3247 ----a-w- c:\windows\system32\wbem\Outlook_01cb1d062bd8f694.mof
2010-07-06 12:23:00 0 d-sh--w- c:\documents and settings\rob hayday\IECompatCache
2010-07-06 12:22:25 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-07-06 12:22:08 0 d-sh--w- c:\documents and settings\rob hayday\PrivacIE
2010-07-06 12:18:55 0 d-sh--w- c:\documents and settings\rob hayday\IETldCache
2010-07-06 12:14:04 0 d-----w- c:\windows\ie8updates
2010-07-06 12:13:41 0 dc-h--w- c:\windows\ie8
2010-07-06 12:13:15 0 d--h--w- c:\windows\msdownld.tmp
2010-07-06 12:12:18 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 12:12:18 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-06 12:12:18 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-06 12:12:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-07-06 12:12:17 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-06 12:12:17 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-07-06 12:12:16 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-07-06 12:10:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-07-06 11:42:54 0 d-----w- c:\windows\system32\SoftwareDistribution

==================== Find3M ====================

2010-08-04 06:47:12 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-01 22:48:37 5204 ----a-w- c:\windows\system32\drivers\1028_Dell_WOR_T3500.mrk
2010-05-18 15:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 15:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-07 09:28:03 38644 ----a-w- c:\windows\fonts\orator10.ttf

============= FINISH: 10:22:37.09 ===============


#14 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 05 August 2010 - 01:55 PM

Great to hear that your computer is running well. smile.gif

If there are no more problems, then you're good to go. smile.gif


You can delete the following off of your computer:

DDS.scr
The two DDS Logs
GMER.zip
GMER.exe
The GMER Log
CKScanner.exe
The CKScanner Log


To remove ComboFix, do the following:

Go to Start > Run - type in ComboFix /Uninstall & click OK

Empty your Recycle Bin.


Please take the time to read my All Clean Post.

Please follow these simple steps in order to keep your computer clean and secure:

This is a good time to clear your existing system restore points and establish a new clean restore point
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Make sure the C:\ drive is selected and click OK. If your computer's Hard Drive is not located on C:, change it to the correct drive letter then click OK.
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
  • This will remove all restore points except the new one you just created.
.

Clearing your restore points is not something you should do on a regular basis. Normally, this process only needs to be done after clearing out an infestation of malware.


Make your Internet Explorer more secure This can be done by following these simple instructions:
  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub frames across different domains to Prompt
  5. When all these settings have been made, click on the OK button.
  6. If it asks you if you want to save the settings, press the Yes button.
  7. Next press the Apply button and then the OK to exit the Internet Properties page.
Set correct settings for files that should be hidden in Windows XP
  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
  • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
  • If unchecked please checkHide protected operating system files (Recommended)
  • If necessary check "Display content of system folders"
  • If necessary Uncheck Hide file extensions for known file types.
  • Click OK
  • Use An Antivirus Software and Keep It Updated - It is very important that your computer has an antivirus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a day. If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out.
  • Visit Microsoft's Update Site Frequently It is important that you visit Microsoft Updates regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install SpywareBlaster SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line Anti Malware
  • Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. Click the start button on the task bar at the bottom of your screen
    2. Click run
    3. In the dialog box, type services.msc
    4. hit enter, then locate dns client
    5. Highlight it, then doubleclick it.
    6. On the dropdown box, change the setting from automatic to manual.
    7. Click ok..
  • Use an alternative instant messenger program.Trillian and Miranda IM These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Please read Tony Klein's excellent article: How I got Infected in the First Place
  • Please read Understanding Spyware, Browser Hijackers, and Dialers
  • Please read Simple and easy ways to keep your computer safe and secure on the Internet
  • If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox or
    Opera.
    If you decide to use either FireFox or Opera, it is very important that you keep them up to date and check frequently for updates of the browser of your choice.
  • Update all these programs regularly Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  • If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back.
  • Follow these steps and your potential for being infected again will reduce dramatically.

    Here's a good website to read about Malware prevention:

    http://users.telenet.be/bluepatchy/miekiem...prevention.html

    If your computer is running slow, click here for instructions on how to help speed up your computer.

    Good luck!

    Please reply one last time so that I know you have read my post and this thread can be closed.

    MalWare Removal University Master

    Member of ASAP
    unite_Invision.png


    #15 roblondon

    roblondon
    • Topic Starter

    • Members
    • 16 posts
    • OFFLINE
    •  
    • Local time:08:00 PM

    Posted 06 August 2010 - 01:48 AM

    Great!

    Thanks so much for your help and advice!

    Teally appreciate it.

    All seems to be working fine!

    Cheers

    Rob




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users