Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Olmarik.AGG trojan & Java/TrojanDownloader.OpenStream.NAU trojan & Rootkit.Win32.TDSS.tdl3(snapman)


  • This topic is locked This topic is locked
21 replies to this topic

#1 thanks_in_advance

thanks_in_advance

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 30 October 2010 - 12:23 PM

Went to a website. It downloaded 2 Pdf's & they opened immediately. Microsoft Security Essentials caught some of it and proceeded to clean but then issued a warning about a suspicious file and asked to submit it to them, which I did. After cleaning with Essentials, I then installed ThreatFire as a precaution. Shortly thereafter, I was getting browser redirects. I rebooted and was booted into Windows Classic Theme along with Internet redirects, my audio disabled and overall a slow computer. Wouldn't let me install Malwarebytes, SuperAntivirus, etc.

I proceeded to research and did the following:
  • Ran online ESET scanner - this detected 2 trojans. One a variant of Java/TrojanDownloader.OpenStream.NAU trojan and the second was "y3c793yWS.sys" - Win32/Olmarik.AGG trojan. These were both cleaned but after re-boot still having same problems.
  • In desperation, ran ComboFix. It quarantined "g2mdlhlpx.exe". I checked this on virustotal.com and they said Safety score: 88.9%. I have not reinstalled this file. It's likely safe.
  • I was able to rename the MalwareBytes & SuperAntispyware executable and then run them. They only found cookies.
  • Finally ran TDSS rootkit removing tool and this found Rootkit.Win32.TDSS.tdl3(snapman) and cleaned it. After a reboot, this effectively restored the computer by restoring the replacing the trojan'd windows .sys file causing the Windows locked theme & audio and other problems. Everything seems back to normal but you can never be sure.
  • I also Ran Norman_TDSS_Cleaner and that found nothing

I want to be sure everything is cleaned now. I've re-run TDSS rootkit scanner, Full Eset scan, Malwarebytes, SuperAntispyware and all are negative. Computer seems to be working fine again.

Below are the log files I will present for Review
  • DDS Log
  • Hijackthis
  • OTL - standard OTL on all users
  • OTL with the below parameters (this file will be attached since post was too long)
CODE
msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90


DDS Log
DDS (Ver_10-10-21.02) - NTFSx86
Run by Scott at 11:32:54.21 on Sat 10/30/2010
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3070.1645 [GMT -4:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Ditto\Ditto.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\X1\X1FileMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureText.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files\X1\X1Systray.exe
C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files\X1\X1.exe
C:\Program Files\X1\X1Service.exe
C:\Program Files\TechSmith\Snagit 10\snagiteditor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Scott\Desktop\Latest Scans\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Ditto] c:\program files\ditto\Ditto.exe
uRun: [Google Update] "c:\users\scott\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [X1FileMonitor.exe] c:\program files\x1\X1FileMonitor.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\HammerTime2.exe
mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
StartupFolder: c:\users\scott\appdata\roaming\micros~1\windows\startm~1\programs\startup\act!by~1.lnk - c:\program files\act\act for windows\ActSage.exe
StartupFolder: c:\users\scott\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\scott\appdata\roaming\micros~1\windows\startm~1\programs\startup\outlook.lnk - c:\program files\microsoft office\office12\OUTLOOK.EXE
StartupFolder: c:\users\scott\appdata\roaming\microsoft\windows\start menu\programs\startup\PureText.exe
StartupFolder: c:\users\scott\appdata\roaming\micros~1\windows\startm~1\programs\startup\trillian.lnk - c:\program files\trillian\trillian.exe
StartupFolder: c:\users\scott\appdata\roaming\micros~1\windows\startm~1\programs\startup\x1syst~1.lnk - c:\program files\x1\X1Systray.exe
StartupFolder: c:\users\scott\appdata\roaming\micros~1\windows\startm~1\programs\startup\x1.lnk - c:\program files\x1\X1.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoho~1.lnk - c:\program files\autohotkey\AutoHotkey.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 10\Snagit32.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\scott\appdata\roaming\mozilla\firefox\profiles\rknlhgbg.default\
FF - prefs.js: browser.startup.homepage - Google.com
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - component: c:\users\scott\appdata\roaming\mozilla\firefox\profiles\rknlhgbg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDimdimControl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\users\scott\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\scott\appdata\local\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [2009-11-20 902592]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-3-29 134024]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-3-29 810120]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-3-29 96896]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-5 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-10-16 47640]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-4-3 240232]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2009-3-28 34128]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2010-1-20 81920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-10 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-3-10 25112]
S3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2009-10-9 3328]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-13 1343400]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\drivers\wip0204.sys [2010-2-20 23480]

=============== Created Last 30 ================

2010-10-30 15:28:57 -------- d-sh--w- C:\$RECYCLE.BIN
2010-10-30 15:19:57 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{13b62430-3720-43dc-9d58-1cf2fcc8bb92}\mpengine.dll
2010-10-30 15:17:39 -------- d-----w- c:\users\scott\appdata\roaming\Malwarebytes
2010-10-30 15:12:10 -------- d-----w- c:\users\scott\appdata\roaming\SUPERAntiSpyware.com
2010-10-30 14:26:20 -------- d-----w- c:\users\scott\appdata\local\ESET
2010-10-30 06:30:40 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-10-30 06:18:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-30 06:08:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-30 06:08:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-30 06:08:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2
2010-10-30 06:08:32 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-30 05:39:36 -------- d-----w- c:\users\scott\appdata\local\temp
2010-10-30 04:53:18 -------- d-----w- C:\scanman
2010-10-30 04:32:01 98816 ----a-w- c:\windows\sed.exe
2010-10-30 04:32:01 84992 ----a-w- c:\windows\MBR.exe
2010-10-30 04:32:01 256512 ----a-w- c:\windows\PEV.exe
2010-10-30 04:32:01 161792 ----a-w- c:\windows\SWREG.exe
2010-10-30 04:25:20 -------- d-----w- c:\windows\system32\%LocalAppData%
2010-10-30 01:36:41 -------- d-----w- c:\windows\system32\wbem\Logs
2010-10-30 01:36:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-30 01:36:32 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-10-30 00:01:50 -------- d-----w- c:\program files\ESET
2010-10-29 23:52:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-29 23:02:08 -------- d-----w- c:\program files\ThreatFire
2010-10-29 23:02:08 -------- d-----w- c:\progra~2\PC Tools
2010-10-26 18:39:35 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-26 18:39:35 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-26 18:39:35 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-26 18:39:35 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-26 18:39:32 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-25 13:51:43 -------- d-----w- c:\users\scott\dwhelper
2010-10-19 16:31:32 -------- d-----w- c:\users\scott\appdata\roaming\webex
2010-10-06 20:54:22 -------- d-----w- c:\users\scott\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-10-06 14:40:48 279552 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-10-06 14:40:48 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-10-06 14:40:30 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2010-10-06 14:40:11 -------- d-----w- c:\program files\Feedback Tool
2010-10-01 14:38:53 -------- d-----w- C:\_gsdata_

==================== Find3M ====================

2010-10-30 15:16:37 1056 --sha-w- c:\progra~2\KGyGaAvL.sys
2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-30 22:06:59 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-09-30 22:06:59 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2010-09-30 22:06:58 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-09-30 22:06:58 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 04:46:36 1355264 ----a-w- c:\windows\system32\jscript9.dll
2010-09-01 04:44:32 367104 ----a-w- c:\windows\system32\html.iec
2010-09-01 04:44:30 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 04:44:24 1122304 ----a-w- c:\windows\system32\wininet.dll
2010-09-01 04:44:06 424960 ----a-w- c:\windows\system32\vbscript.dll
2010-09-01 04:43:22 23552 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-01 04:43:12 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-01 04:43:12 114176 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-01 04:43:10 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2010-09-01 04:43:10 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2010-09-01 04:42:58 51200 ----a-w- c:\windows\system32\admparse.dll
2010-09-01 04:42:54 75264 ----a-w- c:\windows\system32\iesetup.dll
2010-09-01 04:42:48 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2010-09-01 04:42:42 150016 ----a-w- c:\windows\system32\iexpress.exe
2010-09-01 04:42:42 149504 ----a-w- c:\windows\system32\wextract.exe
2010-09-01 04:42:20 33280 ----a-w- c:\windows\system32\imgutil.dll
2010-09-01 04:42:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2010-09-01 04:42:12 11264 ----a-w- c:\windows\system32\mshta.exe
2010-09-01 04:42:10 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:42:04 63488 ----a-w- c:\windows\system32\tdc.ocx
2010-09-01 04:41:46 160768 ----a-w- c:\windows\system32\msls31.dll
2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46:48 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-08-21 05:36:33 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 06:15:05 804864 ----a-w- c:\windows\system32\FntCache.dll
2010-08-16 06:14:36 1076224 ----a-w- c:\windows\system32\DWrite.dll
2010-08-16 06:14:24 737280 ----a-w- c:\windows\system32\d2d1.dll
2010-08-16 06:14:24 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-08-16 06:14:24 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

============= FINISH: 11:33:09.56 ===============

Hijackthis Log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:36:01 AM, on 10/30/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Ditto\Ditto.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\X1\X1FileMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureText.exe
C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files\X1\X1Systray.exe
C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files\X1\X1.exe
C:\Program Files\X1\X1Service.exe
C:\Program Files\TechSmith\Snagit 10\snagiteditor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Scott\Desktop\Latest Scans\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe"
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\Act for Windows\ActSage.exe" -preload
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [GoToMeeting] "C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [X1FileMonitor.exe] C:\Program Files\X1\X1FileMonitor.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\HammerTime2.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: ACT! by Sage.lnk = C:\Program Files\ACT\Act for Windows\ActSage.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OUTLOOK.lnk = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
O4 - Startup: PureText.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe
O4 - Startup: X1.lnk = C:\Program Files\X1\X1.exe
O4 - Global Startup: AutoHotkey.lnk = C:\Program Files\AutoHotkey\AutoHotkey.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Snagit 10.lnk = C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ACT! Scheduler - Sage Software, Inc. - C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 14464 bytes

OTL Standard
OTL logfile created on: 10/30/2010 11:34:21 AM - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Scott\Desktop\Latest Scans
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 15.05 Gb Free Space | 20.21% Space Free | Partition Type: NTFS
Drive E: | 1.89 Gb Total Space | 1.24 Gb Free Space | 65.45% Space Free | Partition Type: FAT
Drive F: | 60.98 Mb Total Space | 29.49 Mb Free Space | 48.36% Space Free | Partition Type: FAT
Drive G: | 1397.25 Gb Total Space | 370.56 Gb Free Space | 26.52% Space Free | Partition Type: NTFS

Computer Name: SCOTT-PC | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/29 19:24:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\Latest Scans\OTL.exe
PRC - [2010/10/18 09:43:04 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/09/30 18:07:07 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/09/23 16:44:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/13 19:01:58 | 000,094,024 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 10\TscHelp.exe
PRC - [2010/04/13 19:01:56 | 000,079,688 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
PRC - [2010/04/13 19:01:52 | 007,384,904 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 10\SnagitEditor.exe
PRC - [2010/04/13 19:01:52 | 007,046,984 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
PRC - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/03/29 17:12:18 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010/03/29 17:11:50 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010/02/22 18:42:46 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/02/02 04:32:46 | 000,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/01/31 11:01:28 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/01/20 21:12:24 | 000,028,672 | ---- | M] (Sage Software, Inc.) -- C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/25 14:57:38 | 000,245,248 | ---- | M] () -- C:\Program Files\AutoHotkey\AutoHotkey.exe
PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/08/16 12:56:22 | 000,716,800 | ---- | M] () -- C:\Program Files\Ditto\Ditto.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/22 20:03:18 | 000,960,568 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/06/22 19:57:20 | 000,377,248 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/06/22 19:57:12 | 000,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/06/22 19:37:38 | 004,355,464 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/04/01 00:49:20 | 002,533,048 | ---- | M] (X1 Technologies, Inc.) -- C:\Program Files\X1\X1.exe
PRC - [2009/04/01 00:49:16 | 002,140,856 | ---- | M] (X1 Technologies, Inc.) -- C:\Program Files\X1\X1Service.exe
PRC - [2009/04/01 00:49:16 | 000,370,360 | ---- | M] () -- C:\Program Files\X1\X1FileMonitor.exe
PRC - [2009/04/01 00:49:16 | 000,353,976 | ---- | M] (X1 Technologies, Inc.) -- C:\Program Files\X1\X1Systray.exe
PRC - [2008/10/02 12:23:16 | 000,546,288 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/02/08 07:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2003/08/21 02:00:00 | 000,028,672 | ---- | M] (http://www.SteveMiller.net) -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureText.exe


========== Modules (SafeList) ==========

MOD - [2010/10/29 19:24:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\Latest Scans\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/08/16 12:53:46 | 000,045,056 | ---- | M] () -- C:\Program Files\Ditto\focus.dll
MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/30 18:07:07 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/09/23 16:44:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/08/16 02:15:05 | 000,804,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/13 03:00:23 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/29 17:16:36 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/03/29 17:12:18 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/31 11:01:28 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/01/20 21:23:24 | 000,081,920 | ---- | M] (Sage Software, Inc.) [Auto | Stopped] -- C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe -- (ACT! Scheduler)
SRV - [2010/01/07 14:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 14:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/12/14 15:10:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/22 19:57:12 | 000,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/11/18 15:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/02/08 07:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\Scott\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/10/30 11:11:47 | 000,138,208 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/09/30 18:06:59 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/03/29 17:13:48 | 000,096,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2010/03/29 17:12:00 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/03/29 17:07:44 | 000,134,024 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010/03/10 08:16:12 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/11 03:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/20 20:41:25 | 000,902,592 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm228.sys -- (tdrpman228) Acronis Try&Decide and Restore Points filter (build 228)
DRV - [2009/11/20 20:41:20 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/11/20 20:41:20 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/10/09 15:00:44 | 000,003,328 | ---- | M] (Famatech International Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rminiv3.sys -- (mirrorv3)
DRV - [2009/10/08 14:13:10 | 000,217,664 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/26 22:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/01 14:51:54 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009/03/28 20:08:40 | 000,034,128 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2008/12/31 01:43:48 | 000,023,480 | ---- | M] (Wippien Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wip0204.sys -- (wip0204)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/12/06 09:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 55 76 EA BE 77 CB 01 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 55 76 EA BE 77 CB 01 [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1636264073-2185046941-3571425239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1636264073-2185046941-3571425239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 29 1C 4C F5 02 72 CB 01 [binary data]
IE - HKU\S-1-5-21-1636264073-2185046941-3571425239-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1636264073-2185046941-3571425239-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "Google.com"
FF - prefs.js..extensions.enabledItems: abhere2@moztw.org:3.6.20100818
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: beysim@beysim.net:1.7
FF - prefs.js..extensions.enabledItems: rankchecker@seobook.com:1.7.5
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19
FF - prefs.js..extensions.enabledItems: SimpleBlock@aksoftware.ne1.net:0.0.6
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: statusbar@toodledo.com:1.70
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/01 11:11:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/10/03 23:38:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 23:01:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 23:01:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 23:01:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 23:01:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/10/29 23:10:06 | 000,000,000 | ---D | M]

[2010/03/31 17:13:42 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Mozilla\Extensions
[2010/03/31 17:13:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2010/10/30 11:20:05 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\extensions
[2010/09/07 10:59:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/01/05 11:19:48 | 000,000,000 | ---D | M] (ShowIP) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2010/08/11 08:33:49 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/10/25 09:50:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/03/04 15:43:46 | 000,000,000 | ---D | M] (Answers) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2010/03/12 17:50:53 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/08/18 14:01:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/23 09:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/06/14 14:07:20 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/08/20 16:07:30 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\extensions\abhere2@moztw.org
[2009/12/16 16:58:25 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\extensions\beysim@beysim.net
[2009/10/26 08:40:39 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\extensions\LogMeInClient@logmein.com
[2010/10/18 10:23:01 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\extensions\rankchecker@seobook.com
[2010/10/18 10:23:02 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\extensions\SimpleBlock@aksoftware.ne1.net
[2010/08/17 09:28:11 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\extensions\statusbar@toodledo.com
[2010/10/18 10:23:02 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\extensions\yslow@yahoo-inc.com
[2010/05/19 09:54:13 | 000,001,828 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\searchplugins\bing.xml
[2010/02/12 15:23:15 | 000,004,153 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\searchplugins\youtube.xml
[2010/10/30 11:20:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/29 23:01:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/03/10 13:03:54 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/09/22 15:14:24 | 000,176,128 | ---- | M] (Dimdim, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npDimdimControl.dll
[2009/10/03 23:52:47 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/10/30 01:12:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-1636264073-2185046941-3571425239-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\.DEFAULT..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-18..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-1636264073-2185046941-3571425239-1000..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe ()
O4 - HKU\S-1-5-21-1636264073-2185046941-3571425239-1000..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKU\S-1-5-21-1636264073-2185046941-3571425239-1000..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKU\S-1-5-21-1636264073-2185046941-3571425239-1000..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-1636264073-2185046941-3571425239-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\HammerTime2.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1636264073-2185046941-3571425239-1000..\Run: [X1FileMonitor.exe] C:\Program Files\X1\X1FileMonitor.exe ()
O4 - Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ACT! by Sage.lnk = C:\Program Files\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
O4 - Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureText.exe (http://www.SteveMiller.net)
O4 - Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O4 - Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe (X1 Technologies, Inc.)
O4 - Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\X1.lnk = C:\Program Files\X1\X1.exe (X1 Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1636264073-2185046941-3571425239-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1636264073-2185046941-3571425239-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1636264073-2185046941-3571425239-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/30 11:31:21 | 000,000,000 | ---D | C] -- C:\Users\Scott\Desktop\Latest Scans
[2010/10/30 11:28:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/30 11:21:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/30 11:17:39 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Malwarebytes
[2010/10/30 11:16:01 | 000,000,000 | ---D | C] -- C:\Users\Scott\Desktop\GooredFix Backups
[2010/10/30 11:12:10 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/30 10:26:20 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\ESET
[2010/10/30 02:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/30 02:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/30 02:08:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/30 02:08:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/30 02:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware 2
[2010/10/30 02:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/30 01:39:36 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\temp
[2010/10/30 00:53:18 | 000,000,000 | ---D | C] -- C:\scanman
[2010/10/30 00:32:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/30 00:32:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/30 00:32:01 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/30 00:31:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/30 00:31:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/30 00:25:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LocalAppData%
[2010/10/29 23:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010/10/29 21:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/29 21:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/29 21:36:32 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/10/29 21:36:32 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/10/29 21:36:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/10/29 21:36:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/10/29 20:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/29 19:52:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/29 19:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2010/10/29 19:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/10/29 15:14:00 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\HPAppData
[2010/10/26 14:39:35 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/10/26 14:39:35 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/10/26 14:39:35 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/10/26 14:39:35 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/10/26 14:39:32 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010/10/25 10:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/10/25 09:51:43 | 000,000,000 | ---D | C] -- C:\Users\Scott\dwhelper
[2010/10/19 12:31:32 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Documents\cache
[2010/10/19 12:31:32 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\webex
[2010/10/12 19:05:24 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/12 19:05:20 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/12 19:05:20 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/12 19:05:17 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/12 19:05:16 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/12 19:05:16 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/12 19:05:15 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
[2010/10/06 16:54:22 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/06 10:41:35 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/10/06 10:41:35 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/06 10:41:35 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/10/06 10:41:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/06 10:41:35 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/06 10:41:35 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/06 10:41:34 | 002,381,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/06 10:41:34 | 001,355,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2010/10/06 10:41:34 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/10/06 10:41:34 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/10/06 10:41:34 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/10/06 10:41:34 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/10/06 10:41:34 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/10/06 10:41:34 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/10/06 10:41:34 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/10/06 10:41:34 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/10/06 10:41:34 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/10/06 10:41:34 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/10/06 10:41:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/06 10:41:33 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/10/06 10:41:33 | 000,460,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/06 10:41:33 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/10/06 10:41:33 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/06 10:41:33 | 000,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/10/06 10:41:33 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/10/06 10:41:33 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/06 10:41:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/06 10:41:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/10/06 10:41:33 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/10/06 10:41:33 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2010/10/06 10:41:32 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/06 10:41:32 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/10/06 10:41:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/06 10:41:32 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/06 10:41:32 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/06 10:41:32 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/06 10:41:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/10/06 10:41:32 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/06 10:41:31 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/10/06 10:41:15 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/10/06 10:41:15 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2010/10/06 10:41:15 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2010/10/06 10:41:01 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/10/06 10:41:01 | 000,804,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/10/06 10:41:01 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/10/06 10:41:00 | 001,076,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/10/06 10:41:00 | 000,737,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/10/06 10:40:48 | 000,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/10/06 10:40:48 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/10/06 10:40:30 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2010/10/06 10:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool
[2010/10/01 10:38:53 | 000,000,000 | ---D | C] -- C:\_gsdata_
[2009/10/05 09:49:14 | 000,627,504 | ---- | C] (Sage Software ) -- C:\Users\Scott\AppData\Roaming\ACT1200HotFix_SS_ST.exe

========== Files - Modified Within 30 Days ==========

[2010/10/30 11:23:14 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1636264073-2185046941-3571425239-1000UA.job
[2010/10/30 11:20:28 | 000,720,260 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/30 11:20:28 | 000,141,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/30 11:19:04 | 000,013,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/30 11:19:04 | 000,013,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/30 11:16:37 | 000,001,056 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/10/30 11:12:05 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/30 11:11:58 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/10/30 11:11:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/30 11:11:49 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/30 11:11:47 | 000,138,208 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2010/10/30 02:18:57 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2010/10/30 02:08:36 | 000,000,993 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/30 01:12:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/29 23:36:28 | 001,030,268 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2010/10/29 16:35:28 | 000,011,522 | ---- | M] () -- C:\Users\Scott\Documents\Amortizing website costs.xlsx
[2010/10/29 02:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/28 20:23:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1636264073-2185046941-3571425239-1000Core.job
[2010/10/28 18:21:27 | 000,084,992 | ---- | M] () -- C:\Windows\MBR.exe
[2010/10/28 16:30:00 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\GoodSync - Z Drive.job
[2010/10/28 12:55:44 | 000,016,881 | ---- | M] () -- C:\Users\Scott\Documents\Proposal Competitor Analysis.docx
[2010/10/27 10:33:49 | 000,034,839 | ---- | M] () -- C:\Users\Scott\Documents\FP Trials.xlsx
[2010/10/27 08:52:59 | 002,098,623 | R--- | M] () -- C:\Users\Scott\Documents\seo1-sample.pdf
[2010/10/25 17:18:30 | 000,014,087 | ---- | M] () -- C:\Users\Scott\Documents\Lending Luxury Estimates for Work.xlsx
[2010/10/25 10:44:23 | 000,000,097 | ---- | M] () -- C:\Users\Scott\Desktop\Mark Zuckerberg on What 'The Social Network' Got Right and Wrong (VIDEO) - The Moviefone Blog.URL
[2010/10/25 09:41:37 | 000,035,282 | ---- | M] () -- C:\Users\Scott\Documents\WE 10-29-2010.docx
[2010/10/21 14:30:15 | 000,066,724 | ---- | M] () -- C:\Users\Scott\Documents\Sales Greater than 15000.xlsx
[2010/10/19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/18 10:15:01 | 000,034,580 | ---- | M] () -- C:\Users\Scott\Documents\WE 10-22-2010.docx
[2010/10/14 16:06:33 | 000,089,088 | ---- | M] () -- C:\Users\Scott\Documents\Modern AC Logos.pub
[2010/10/14 10:51:21 | 000,024,836 | ---- | M] () -- C:\Users\Scott\Documents\Solving Problems.docx
[2010/10/13 18:45:22 | 000,016,580 | ---- | M] () -- C:\Users\Scott\Documents\Goals.docx
[2010/10/13 03:21:23 | 003,845,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/12 16:08:36 | 000,119,259 | ---- | M] () -- C:\Users\Scott\Documents\Artistic Presentation.pdf
[2010/10/12 11:40:22 | 000,002,116 | ---- | M] () -- C:\Users\Scott\Desktop\Wiki.RDP
[2010/10/11 15:30:24 | 000,190,995 | ---- | M] () -- C:\Users\Scott\Documents\Glasses.docx
[2010/10/11 10:39:54 | 000,034,528 | ---- | M] () -- C:\Users\Scott\Documents\WE 10-15-2010.docx
[2010/10/11 10:17:01 | 000,034,894 | ---- | M] () -- C:\Users\Scott\Documents\WE 10-185-2010.docx
[2010/10/07 11:37:47 | 000,025,986 | ---- | M] () -- C:\Users\Scott\Documents\Modern AC Logo Redraw Invoice.pdf
[2010/10/06 18:23:12 | 019,416,033 | ---- | M] () -- C:\Users\Scott\Documents\Designer Applications.docx
[2010/10/06 14:01:41 | 000,001,411 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/06 10:03:18 | 000,002,066 | -H-- | M] () -- C:\Users\Scott\Documents\Default.rdp
[2010/10/05 17:28:53 | 000,007,650 | ---- | M] () -- C:\Users\Scott\AppData\Local\Resmon.ResmonCfg
[2010/10/04 17:23:44 | 016,574,158 | ---- | M] () -- C:\Users\Scott\Documents\Designers Applying for Lue's Job.docx
[2010/10/04 17:00:45 | 000,034,907 | ---- | M] () -- C:\Users\Scott\Documents\WE 10-08-2010.docx
[2010/10/04 16:33:15 | 000,017,761 | ---- | M] () -- C:\Users\Scott\Documents\October 2010 Battleplan.docx
[2010/10/01 15:41:27 | 000,002,053 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\GoodSync.lnk
[2010/10/01 15:41:27 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\GoodSync.lnk
[2010/09/30 18:06:59 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2010/09/30 18:06:58 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2010/09/30 18:06:58 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2010/09/30 15:18:07 | 000,003,361 | ---- | M] () -- C:\Users\Scott\.recently-used.xbel
[2010/09/30 13:46:01 | 000,759,630 | R--- | M] () -- C:\Users\Scott\Documents\LL Maintenence 9-30-2010.pdf

========== Files Created - No Company Name ==========

[2010/10/30 02:18:57 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2010/10/30 02:08:36 | 000,000,993 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/30 00:32:01 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/30 00:32:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/30 00:32:01 | 000,084,992 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/30 00:32:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/30 00:32:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/29 23:36:18 | 001,030,268 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2010/10/29 16:35:27 | 000,011,522 | ---- | C] () -- C:\Users\Scott\Documents\Amortizing website costs.xlsx
[2010/10/28 12:55:44 | 000,016,881 | ---- | C] () -- C:\Users\Scott\Documents\Proposal Competitor Analysis.docx
[2010/10/27 10:33:49 | 000,034,839 | ---- | C] () -- C:\Users\Scott\Documents\FP Trials.xlsx
[2010/10/27 08:52:59 | 002,098,623 | R--- | C] () -- C:\Users\Scott\Documents\seo1-sample.pdf
[2010/10/25 17:05:37 | 000,014,087 | ---- | C] () -- C:\Users\Scott\Documents\Lending Luxury Estimates for Work.xlsx
[2010/10/25 10:44:23 | 000,000,097 | ---- | C] () -- C:\Users\Scott\Desktop\Mark Zuckerberg on What 'The Social Network' Got Right and Wrong (VIDEO) - The Moviefone Blog.URL
[2010/10/25 09:07:57 | 000,035,282 | ---- | C] () -- C:\Users\Scott\Documents\WE 10-29-2010.docx
[2010/10/21 14:30:15 | 000,066,724 | ---- | C] () -- C:\Users\Scott\Documents\Sales Greater than 15000.xlsx
[2010/10/19 11:59:45 | 000,229,001 | R--- | C] () -- C:\Users\Scott\Documents\Newsletter Pricing.pdf
[2010/10/18 09:25:57 | 000,034,580 | ---- | C] () -- C:\Users\Scott\Documents\WE 10-22-2010.docx
[2010/10/18 09:23:05 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\GoodSync - Z Drive.job
[2010/10/14 16:05:03 | 000,089,088 | ---- | C] () -- C:\Users\Scott\Documents\Modern AC Logos.pub
[2010/10/14 09:17:45 | 000,024,836 | ---- | C] () -- C:\Users\Scott\Documents\Solving Problems.docx
[2010/10/13 18:45:22 | 000,016,580 | ---- | C] () -- C:\Users\Scott\Documents\Goals.docx
[2010/10/12 16:08:36 | 000,119,259 | ---- | C] () -- C:\Users\Scott\Documents\Artistic Presentation.pdf
[2010/10/11 15:30:24 | 000,190,995 | ---- | C] () -- C:\Users\Scott\Documents\Glasses.docx
[2010/10/11 10:17:06 | 000,034,528 | ---- | C] () -- C:\Users\Scott\Documents\WE 10-15-2010.docx
[2010/10/11 10:17:00 | 000,034,894 | ---- | C] () -- C:\Users\Scott\Documents\WE 10-185-2010.docx
[2010/10/07 11:37:47 | 000,025,986 | ---- | C] () -- C:\Users\Scott\Documents\Modern AC Logo Redraw Invoice.pdf
[2010/10/06 10:41:32 | 000,072,533 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/10/04 17:27:18 | 019,416,033 | ---- | C] () -- C:\Users\Scott\Documents\Designer Applications.docx
[2010/10/04 16:16:14 | 000,017,761 | ---- | C] () -- C:\Users\Scott\Documents\October 2010 Battleplan.docx
[2010/10/04 09:11:51 | 000,034,907 | ---- | C] () -- C:\Users\Scott\Documents\WE 10-08-2010.docx
[2010/10/01 15:41:27 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\GoodSync.lnk
[2010/09/30 15:18:07 | 000,003,361 | ---- | C] () -- C:\Users\Scott\.recently-used.xbel
[2010/09/30 13:46:47 | 000,759,630 | R--- | C] () -- C:\Users\Scott\Documents\LL Maintenence 9-30-2010.pdf
[2010/08/10 11:29:16 | 000,004,096 | -H-- | C] () -- C:\Users\Scott\AppData\Local\keyfile3.drm
[2010/08/05 18:52:49 | 000,000,600 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\winscp.rnd
[2010/07/09 14:44:05 | 000,000,327 | ---- | C] () -- C:\Windows\pagebreeze.ini
[2010/07/09 14:44:05 | 000,000,044 | ---- | C] () -- C:\Windows\formbreeze.ini
[2010/03/15 10:31:54 | 000,009,178 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\NGEN_AppLog_Uninstall.txt
[2009/12/08 17:58:55 | 000,038,447 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/11/20 21:42:32 | 000,000,000 | ---- | C] () -- C:\Windows\bench32.INI
[2009/10/28 08:50:28 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/10/26 16:06:10 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/08 13:59:50 | 000,000,358 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/10/08 12:56:41 | 000,000,395 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/10/06 14:51:52 | 000,007,650 | ---- | C] () -- C:\Users\Scott\AppData\Local\Resmon.ResmonCfg
[2009/10/06 09:03:49 | 000,006,362 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/10/05 21:05:10 | 000,000,000 | ---- | C] () -- C:\Windows\PanaFLB881.ini
[2009/10/05 09:54:01 | 000,001,056 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/10/05 09:54:01 | 000,000,088 | RHS- | C] () -- C:\ProgramData\A63B66D7AF.sys
[2009/10/05 09:53:10 | 000,030,576 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\NGEN_AppLog_Install.txt
[2009/10/04 17:53:07 | 000,002,098 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/10/04 17:53:07 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\DAAF5A6378.sys
[2009/10/04 17:47:31 | 000,000,067 | -H-- | C] () -- C:\Users\Scott\AppData\Roaming\ActUpdate.log
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/09/09 16:26:32 | 000,000,008 | RHS- | C] () -- C:\Windows\neoqaz2.dll
[2003/09/17 13:00:56 | 000,266,327 | ---- | C] () -- C:\Windows\System32\ADErrorHandling.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 8 bytes -> C:\Windows:
@Alternate Data Stream - 168 bytes -> C:\Users\Scott\Documents\office space.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:0A8E2C33
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

OTL with Parameters
* Post was too long so had to attach

By the way, thanks so much in advance for your consideration and help!

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 30 October 2010 - 03:23 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Do not Attach logs unless I ask you to.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 thanks_in_advance

thanks_in_advance
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 30 October 2010 - 04:03 PM

Hi Gringo,

The RKUnhookerLE.exe file was immediately flagged by Threatfire. So I let it "clean" it and it forced me to reboot. Once rebooted, I could not run RKUnhookerLE.exe after double clicking it. So I attempted to delete it but it said it could not be deleted because I did not have sufficient permissions. So I re-downloaded in same location and when I go to run it says I don't have appropriate permissions.

Ugh.

So I download to new folder on desktop and run and it says, "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?" Fine, I ignore. Hit OK and it says, "Parasite Removed... continue loading". Click OK and it says, "Can't extract Driver". And that's it.

Could this be a corrupt version? How do I delete RKUnhooker from desktop? Is this a User Account Control issue? I did just raise my levels up.

Thanks!

*** UPDATE 10/30/2010 5:39 PM - noticed that when I restarted Chrome it now gave me an error that "nspr4.dll" was missing. Rebooting and it's not happened again. Just an update.

Edited by thanks_in_advance, 30 October 2010 - 04:47 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 30 October 2010 - 05:02 PM

Hello

The RKUnhookerLE.exe file was immediately flagged by Threatfire. So I let it "clean" it and it forced me to reboot
There may be times that any of the tools That I ask you to use may be flagged by an antivirus - IF THIS HAPPENS please allow the program to run

OK shut down the antivirus and try to remove the busted RKUnhooker and download a new one and rerun it for me,

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 thanks_in_advance

thanks_in_advance
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 30 October 2010 - 05:11 PM

I tried 2 more times to re-download but it will not work. Same errors as above. "Can't extract Driver".

:wacko:

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 30 October 2010 - 05:27 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 thanks_in_advance

thanks_in_advance
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 31 October 2010 - 09:59 AM

Hey Gringo, attached is ComboFix log. Things seem to be fine. I still can't delete Unhooker from my desktop though! Any ideas?

ComboFix Log
ComboFix 10-10-29.03 - Scott 10/31/2010 10:14:29.4.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3070.688 [GMT -4:00]
Running from: c:\users\Scott\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
.

2010-10-31 14:30 . 2010-10-31 14:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-10-31 14:30 . 2010-10-31 14:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-30 22:03 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-10-30 21:36 . 2010-10-30 21:36 -------- d-----w- c:\users\Scott\AppData\Local\Eraser 6
2010-10-30 21:19 . 2010-10-30 21:19 -------- d-----w- c:\program files\Eraser
2010-10-30 20:32 . 2010-10-30 20:32 -------- d-----w- c:\users\Scott\AppData\Roaming\HPAppData
2010-10-30 19:39 . 2010-01-14 20:08 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-10-30 19:39 . 2010-01-14 20:08 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-10-30 19:39 . 2010-01-14 20:08 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2010-10-30 15:19 . 2010-10-18 13:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13B62430-3720-43DC-9D58-1CF2FCC8BB92}\mpengine.dll
2010-10-30 15:17 . 2010-10-30 15:17 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes
2010-10-30 15:12 . 2010-10-30 15:12 -------- d-----w- c:\users\Scott\AppData\Roaming\SUPERAntiSpyware.com
2010-10-30 14:26 . 2010-10-30 14:26 -------- d-----w- c:\users\Scott\AppData\Local\ESET
2010-10-30 06:30 . 2010-10-30 06:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\SUPERAntiSpyware.com
2010-10-30 06:30 . 2010-10-30 06:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-10-30 06:28 . 2010-10-30 06:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-10-30 06:18 . 2010-10-30 06:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-30 06:08 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-30 06:08 . 2010-10-30 06:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2
2010-10-30 06:08 . 2010-10-30 06:08 -------- d-----w- c:\programdata\Malwarebytes
2010-10-30 06:08 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-30 05:39 . 2010-10-31 14:30 -------- d-----w- c:\users\Scott\AppData\Local\temp
2010-10-30 04:53 . 2010-10-30 05:39 -------- d-----w- C:\scanman
2010-10-30 04:25 . 2010-10-30 04:25 -------- d-----w- c:\windows\system32\%LocalAppData%
2010-10-30 01:36 . 2010-10-30 01:36 -------- d-----w- c:\windows\system32\wbem\Logs
2010-10-30 01:36 . 2010-10-30 01:36 -------- d-----w- c:\program files\Common Files\Java
2010-10-30 01:36 . 2010-09-15 08:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-30 01:36 . 2010-09-15 08:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-30 00:38 . 2010-10-30 01:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Notepad++
2010-10-30 00:01 . 2010-10-30 03:10 -------- d-----w- c:\program files\ESET
2010-10-29 23:52 . 2010-10-30 06:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-29 23:08 . 2010-10-29 23:08 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\IsolatedStorage
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\assembly
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\IsolatedStorage
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\TechSmith
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\ACT
2010-10-29 23:04 . 2010-10-29 23:04 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\LogMeIn
2010-10-29 23:02 . 2010-10-30 19:39 -------- d-----w- c:\program files\ThreatFire
2010-10-29 23:02 . 2010-10-30 04:26 -------- d-----w- c:\programdata\PC Tools
2010-10-26 18:39 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-26 18:39 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-26 18:39 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-26 18:39 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-26 18:39 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-25 14:59 . 2010-10-25 14:59 -------- d-----w- c:\program files\Adobe Media Player
2010-10-25 13:51 . 2010-10-25 13:51 -------- d-----w- c:\users\Scott\dwhelper
2010-10-19 16:31 . 2010-10-19 16:31 -------- d-----w- c:\users\Scott\AppData\Roaming\webex
2010-10-06 20:54 . 2010-10-06 20:54 -------- d-----w- c:\users\Scott\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-10-06 14:40 . 2010-05-09 09:15 279552 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-10-06 14:40 . 2010-05-09 09:15 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-10-06 14:40 . 2010-06-26 05:14 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2010-10-06 14:40 . 2010-10-06 14:40 -------- d-----w- c:\program files\Feedback Tool
2010-10-01 14:38 . 2010-10-30 18:33 -------- d-----w- C:\_gsdata_

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-31 06:06 . 2009-10-05 13:54 1056 --sha-w- c:\programdata\KGyGaAvL.sys
2010-10-30 15:11 . 2009-11-21 00:02 138208 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-10-19 15:41 . 2009-10-04 03:15 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-30 22:06 . 2009-10-16 20:48 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-09-30 22:06 . 2009-10-16 20:48 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-09-30 22:06 . 2009-10-16 20:48 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-09-30 22:06 . 2009-10-16 20:48 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-21 05:32 . 2010-09-14 21:17 316928 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-10-30_05.13.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-30 21:19 . 2010-10-30 21:19 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfcm90u.dll
+ 2010-10-30 21:19 . 2010-10-30 21:19 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfcm90.dll
+ 2009-07-14 04:55 . 2010-10-30 21:39 41682 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-30 13:54 . 2010-10-30 13:54 16384 c:\windows\System32\config\systemprofile\Desktop\%APPDATA%\Microsoft\Windows\PrivacIE\index.dat
+ 2010-10-30 14:20 . 2010-10-30 13:54 16384 c:\windows\System32\config\systemprofile\Desktop\%APPDATA%\Microsoft\Windows\IEDownloadHistory\index.dat
+ 2010-10-30 13:54 . 2010-10-30 13:54 16384 c:\windows\System32\config\systemprofile\Desktop\%APPDATA%\Microsoft\Windows\IECompatCache\index.dat
+ 2010-10-30 06:30 . 2010-10-30 06:30 63488 c:\windows\System32\config\systemprofile\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
+ 2010-10-30 06:30 . 2010-10-30 06:30 52224 c:\windows\System32\config\systemprofile\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
- 2010-10-29 23:08 . 2010-10-30 04:29 10981 c:\windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\i3wvrbmb.default\pluginreg.dat
+ 2010-10-29 23:08 . 2010-10-30 14:00 10981 c:\windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\i3wvrbmb.default\pluginreg.dat
+ 2009-10-04 05:35 . 2010-10-30 21:37 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-04 05:35 . 2010-10-30 04:57 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-30 05:47 . 2010-10-30 05:39 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010103020101031\index.dat
+ 2009-07-14 04:41 . 2010-10-30 21:37 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-10-30 04:57 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:34 . 2010-10-30 21:44 83416 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:34 . 2010-10-29 23:19 83416 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-10-30 21:19 . 2010-10-30 21:19 93345 c:\windows\Installer\{38BA2875-D7AD-4611-ABA3-C385051ADF42}\Eraser.exe
+ 2007-01-31 13:33 . 2007-01-31 13:33 5632 c:\windows\System32\drivers\avgarkt.sys
+ 2010-10-30 05:59 . 2010-10-30 06:12 8590 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\HTML Help\hh.dat
+ 2010-10-30 14:19 . 2010-10-30 14:19 3584 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{C65CE393-E430-11DF-9A22-001E58AB1F34}.dat
+ 2010-10-30 14:19 . 2010-10-30 14:19 4608 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{C65CE394-E430-11DF-9A22-001E58AB1F34}.dat
- 2010-10-30 04:14 . 2010-10-30 04:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-10-30 21:37 . 2010-10-30 21:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-10-30 04:14 . 2010-10-30 04:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-10-30 21:37 . 2010-10-30 21:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-10-30 21:19 . 2010-10-30 21:19 653120 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
+ 2010-10-30 21:19 . 2010-10-30 21:19 569664 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
+ 2010-10-30 21:19 . 2010-10-30 21:19 225280 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcm90.dll
+ 2010-10-27 07:00 . 2010-10-30 21:19 913999 c:\windows\winsxs\ManifestCache\b881082fc34f61ea_blobs.bin
+ 2009-10-04 04:47 . 2010-10-30 21:39 101064 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 02:05 . 2010-10-30 21:46 720260 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-10-19 16:00 720260 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-10-19 16:00 141964 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-10-30 21:46 141964 c:\windows\System32\perfc009.dat
+ 2010-10-30 06:14 . 2010-10-29 23:51 388608 c:\windows\System32\config\systemprofile\Desktop\HijackThis.exe
+ 2010-10-30 06:30 . 2010-10-30 06:30 117760 c:\windows\System32\config\systemprofile\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
+ 2010-10-30 13:54 . 2010-10-30 13:54 294820 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\C9320E64-EE0F-4422-B6DA-C0F3768C080E.dat
+ 2009-10-04 05:35 . 2010-10-30 21:37 147456 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:47 . 2010-10-30 21:36 493208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2010-10-30 04:13 493208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-01-27 08:15 . 2010-10-30 21:04 493976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1636264073-2185046941-3571425239-1000-8192.dat
+ 2010-10-30 21:19 . 2010-10-30 21:19 3780424 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90u.dll
+ 2010-10-30 21:19 . 2010-10-30 21:19 3765048 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90.dll
+ 2009-07-14 02:03 . 2010-10-31 12:03 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2010-10-30 02:29 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2010-10-30 06:07 . 2010-10-29 23:47 6153352 c:\windows\System32\config\systemprofile\Desktop\mbsetup.exe
- 2009-07-14 04:34 . 2010-10-29 23:06 3897560 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:34 . 2010-10-30 21:29 3897560 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-06-12 07:25 . 2010-10-30 20:46 9282475 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1636264073-2185046941-3571425239-1000-12288.dat
+ 2010-10-30 06:30 . 2010-10-30 06:30 15757394 c:\windows\System32\config\systemprofile\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.BIN
+ 2010-10-30 21:11 . 2010-10-30 21:11 32285184 c:\windows\Installer\dcc37.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ditto"="c:\program files\Ditto\Ditto.exe" [2009-08-16 716800]
"Google Update"="c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-05 133104]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2010-07-26 39816]
"X1FileMonitor.exe"="c:\program files\X1\X1FileMonitor.exe" [2009-04-01 370360]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-18 160328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2010-01-21 28672]
"Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2010-01-21 331776]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-22 4355464]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-23 960568]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-22 377248]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-29 2145000]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-04-10 979344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-18 160328]

c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ACT! by Sage.lnk - c:\program files\ACT\Act for Windows\ActSage.exe [2010-1-20 331776]
PureText.exe [2003-8-21 28672]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2010-8-23 2068832]
X1 System Tray.lnk - c:\program files\X1\X1Systray.exe [2009-4-1 353976]
X1.lnk - c:\program files\X1\X1.exe [2009-4-1 2533048]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoHotkey.lnk - c:\program files\AutoHotkey\AutoHotkey.exe [2009-9-25 245248]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-2-2 984352]
Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^Users^Scott^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Scott^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OUTLOOK.lnk]
path=c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OUTLOOK.lnk
backup=c:\windows\pss\OUTLOOK.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-02-22 22:18 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 08:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-08 21:31 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 20:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanSoft OmniPage 16-reminder]
2007-07-20 13:50 328992 ----a-w- c:\program files\ScanSoft\OmniPage16\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-10-25 18:46 2424560 ----a-w- c:\program files\SUPERAntiSpyware\HammerTime2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 18:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

R2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [2010-01-21 81920]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 25112]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-13 1343400]
R3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\DRIVERS\wip0204.sys [2008-12-31 23480]
S0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\DRIVERS\tdrpm228.sys [2009-11-21 902592]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59664]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-29 114984]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-29 134024]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-29 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-29 96896]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-09-23 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2009-03-29 34128]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 33552]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-10-28 c:\windows\Tasks\GoodSync - Z Drive.job
- c:\program files\Siber Systems\GoodSync\GoodSync.exe [2010-09-24 19:05]

2010-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 04:03]

2010-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 04:03]

2010-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1636264073-2185046941-3571425239-1000Core.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-05 14:48]

2010-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1636264073-2185046941-3571425239-1000UA.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-05 14:48]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\Evernote\Evernote3.5\enbar.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\
FF - prefs.js: browser.startup.homepage - Google.com
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - component: c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npDimdimControl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\users\Scott\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\Scott\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'winlogon.exe'(5948)
c:\program files\ThreatFire\TfWah.dll

- - - - - - - > 'lsass.exe'(920)
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'Explorer.exe'(7212)
c:\program files\ThreatFire\TfWah.dll
c:\program files\Ditto\focus.dll
.
Completion time: 2010-10-31 10:47:53
ComboFix-quarantined-files.txt 2010-10-31 14:47
ComboFix2.txt 2010-10-30 15:29
ComboFix3.txt 2010-10-30 05:39

Pre-Run: 16,468,955,136 bytes free
Post-Run: 16,488,984,576 bytes free

- - End Of File - - 351DCB2666F9118D851BD40367BCCAD1

Edited by thanks_in_advance, 31 October 2010 - 10:01 AM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 31 October 2010 - 11:33 AM

I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

File::
C:\Users\Scott\Desktop\RKUnhookerLE.EXE


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 thanks_in_advance

thanks_in_advance
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 31 October 2010 - 11:26 PM

I re-ran Combofix and it said a new version was available for download so I allowed it to auto-update.

After completing that, Combofix gives message:

!! ALERT !! It is NOT SAFE to continue!

The contents of the ComboFix package have been compromised.
Please download a fresh copy from bleeping computer.

Note: You may have been infected with a file patching virus (Virut)


I thought this was because either the new update OR because we were dragging CFScript.txt file onto it. So closed it down and dragged the file onto it again and it appears to be running.

Do I need to be concerned about this error message?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 01 November 2010 - 12:00 AM

no that happens alot when the antivirus gets in the way - if it is running let me have the report when complete


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 thanks_in_advance

thanks_in_advance
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 01 November 2010 - 07:26 AM

OK Phew. By the way, it was combofix that threw up that scary error. It wasn't my virus software.

So then the only thing I might have screwed up was that after I ran ComboFix, at some late point during the run (perhaps while it was creating the reports) I re-enabled my anti-virus software. There were no complaints but I was just very concerned about that error.

I also suspect something is wrong with "RKUnhookerLE.EXE" on my desktop since the icon is different than the original download and its undeleteable. So, I might just download everything fresh, re-run and re-post a second log. (below is the log from this run)

ComboFix Log
ComboFix 10-10-31.02 - Scott 11/01/2010 0:08.5.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3070.1301 [GMT -4:00]
Running from: c:\users\Scott\Desktop\ComboFix.exe
Command switches used :: c:\users\Scott\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
* Created a new restore point

FILE ::
"c:\users\Scott\Desktop\RKUnhookerLE.EXE"
.

((((((((((((((((((((((((( Files Created from 2010-10-01 to 2010-11-01 )))))))))))))))))))))))))))))))
.

2010-11-01 04:23 . 2010-11-01 04:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-11-01 04:23 . 2010-11-01 04:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-31 15:05 . 2010-07-07 11:55 545 ----a-w- c:\windows\UC.PIF
2010-10-31 15:05 . 2010-07-07 11:55 545 ----a-w- c:\windows\RAR.PIF
2010-10-31 15:05 . 2010-07-07 11:55 545 ----a-w- c:\windows\PKZIP.PIF
2010-10-31 15:05 . 2010-07-07 11:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-10-31 15:05 . 2010-07-07 11:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-10-31 15:05 . 2010-07-07 11:55 545 ----a-w- c:\windows\LHA.PIF
2010-10-31 15:05 . 2010-07-07 11:55 545 ----a-w- c:\windows\ARJ.PIF
2010-10-31 15:05 . 2010-10-31 15:06 -------- d-----w- C:\totalcmd
2010-10-31 15:05 . 2010-10-31 15:05 -------- d-----w- c:\users\Scott\AppData\Roaming\GHISLER
2010-10-31 15:03 . 2010-11-01 01:12 -------- d-----w- c:\users\Scott\AppData\Roaming\stickies
2010-10-31 15:03 . 2010-10-31 15:03 605 ----a-w- c:\windows\uninstallstickies.bat
2010-10-31 15:03 . 2010-10-31 15:03 -------- d-----w- c:\program files\stickies
2010-10-30 22:03 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-10-30 21:36 . 2010-10-30 21:36 -------- d-----w- c:\users\Scott\AppData\Local\Eraser 6
2010-10-30 21:19 . 2010-10-30 21:19 -------- d-----w- c:\program files\Eraser
2010-10-30 20:32 . 2010-10-30 20:32 -------- d-----w- c:\users\Scott\AppData\Roaming\HPAppData
2010-10-30 19:39 . 2010-01-14 20:08 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-10-30 19:39 . 2010-01-14 20:08 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-10-30 19:39 . 2010-01-14 20:08 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2010-10-30 15:19 . 2010-10-18 13:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13B62430-3720-43DC-9D58-1CF2FCC8BB92}\mpengine.dll
2010-10-30 15:17 . 2010-10-30 15:17 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes
2010-10-30 15:12 . 2010-10-30 15:12 -------- d-----w- c:\users\Scott\AppData\Roaming\SUPERAntiSpyware.com
2010-10-30 14:26 . 2010-10-30 14:26 -------- d-----w- c:\users\Scott\AppData\Local\ESET
2010-10-30 06:30 . 2010-10-30 06:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\SUPERAntiSpyware.com
2010-10-30 06:30 . 2010-10-30 06:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-10-30 06:28 . 2010-10-30 06:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-10-30 06:18 . 2010-10-30 06:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-30 06:08 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-30 06:08 . 2010-10-30 06:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2
2010-10-30 06:08 . 2010-10-30 06:08 -------- d-----w- c:\programdata\Malwarebytes
2010-10-30 06:08 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-30 05:39 . 2010-11-01 04:24 -------- d-----w- c:\users\Scott\AppData\Local\temp
2010-10-30 04:53 . 2010-10-30 05:39 -------- d-----w- C:\scanman
2010-10-30 04:25 . 2010-10-30 04:25 -------- d-----w- c:\windows\system32\%LocalAppData%
2010-10-30 01:36 . 2010-10-30 01:36 -------- d-----w- c:\windows\system32\wbem\Logs
2010-10-30 01:36 . 2010-10-30 01:36 -------- d-----w- c:\program files\Common Files\Java
2010-10-30 01:36 . 2010-09-15 08:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-30 01:36 . 2010-09-15 08:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-30 00:38 . 2010-10-30 01:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Notepad++
2010-10-30 00:01 . 2010-10-30 03:10 -------- d-----w- c:\program files\ESET
2010-10-29 23:52 . 2010-10-30 06:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-29 23:08 . 2010-10-29 23:08 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\IsolatedStorage
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\assembly
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\IsolatedStorage
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\TechSmith
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\ACT
2010-10-29 23:04 . 2010-10-29 23:04 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\LogMeIn
2010-10-29 23:02 . 2010-10-30 19:39 -------- d-----w- c:\program files\ThreatFire
2010-10-29 23:02 . 2010-10-30 04:26 -------- d-----w- c:\programdata\PC Tools
2010-10-26 18:39 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-26 18:39 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-26 18:39 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-26 18:39 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-26 18:39 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-25 14:59 . 2010-10-25 14:59 -------- d-----w- c:\program files\Adobe Media Player
2010-10-25 13:51 . 2010-10-25 13:51 -------- d-----w- c:\users\Scott\dwhelper
2010-10-19 16:31 . 2010-10-19 16:31 -------- d-----w- c:\users\Scott\AppData\Roaming\webex
2010-10-06 20:54 . 2010-10-06 20:54 -------- d-----w- c:\users\Scott\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-10-06 14:40 . 2010-05-09 09:15 279552 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-10-06 14:40 . 2010-05-09 09:15 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-10-06 14:40 . 2010-06-26 05:14 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2010-10-06 14:40 . 2010-10-06 14:40 -------- d-----w- c:\program files\Feedback Tool

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-01 04:12 . 2009-10-05 13:54 1056 --sha-w- c:\programdata\KGyGaAvL.sys
2010-10-30 15:11 . 2009-11-21 00:02 138208 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-10-19 15:41 . 2009-10-04 03:15 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-30 22:06 . 2009-10-16 20:48 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-09-30 22:06 . 2009-10-16 20:48 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-09-30 22:06 . 2009-10-16 20:48 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-09-30 22:06 . 2009-10-16 20:48 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-21 05:32 . 2010-09-14 21:17 316928 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((( SnapShot_2010-10-31_14.31.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 02:03 . 2010-10-31 22:26 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2010-10-31 12:03 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ditto"="c:\program files\Ditto\Ditto.exe" [2009-08-16 716800]
"Google Update"="c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-05 133104]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2010-07-26 39816]
"X1FileMonitor.exe"="c:\program files\X1\X1FileMonitor.exe" [2009-04-01 370360]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-18 160328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2010-01-21 28672]
"Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2010-01-21 331776]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-22 4355464]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-23 960568]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-22 377248]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-29 2145000]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-04-10 979344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-18 160328]

c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ACT! by Sage.lnk - c:\program files\ACT\Act for Windows\ActSage.exe [2010-1-20 331776]
PureText.exe [2003-8-21 28672]
Stickies.lnk - c:\program files\stickies\stickies.exe [2010-10-31 1101824]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2010-8-23 2068832]
X1 System Tray.lnk - c:\program files\X1\X1Systray.exe [2009-4-1 353976]
X1.lnk - c:\program files\X1\X1.exe [2009-4-1 2533048]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoHotkey.lnk - c:\program files\AutoHotkey\AutoHotkey.exe [2009-9-25 245248]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-2-2 984352]
Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^Users^Scott^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Scott^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OUTLOOK.lnk]
path=c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OUTLOOK.lnk
backup=c:\windows\pss\OUTLOOK.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-02-22 22:18 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 08:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-08 21:31 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 20:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanSoft OmniPage 16-reminder]
2007-07-20 13:50 328992 ----a-w- c:\program files\ScanSoft\OmniPage16\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-10-25 18:46 2424560 ----a-w- c:\program files\SUPERAntiSpyware\HammerTime2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 18:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

R2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [2010-01-21 81920]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 25112]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-13 1343400]
R3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\DRIVERS\wip0204.sys [2008-12-31 23480]
S0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\DRIVERS\tdrpm228.sys [2009-11-21 902592]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59664]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-29 114984]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-29 134024]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-29 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-29 96896]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-09-23 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2009-03-29 34128]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 33552]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-10-28 c:\windows\Tasks\GoodSync - Z Drive.job
- c:\program files\Siber Systems\GoodSync\GoodSync.exe [2010-09-24 19:05]

2010-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 04:03]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 04:03]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1636264073-2185046941-3571425239-1000Core.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-05 14:48]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1636264073-2185046941-3571425239-1000UA.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-05 14:48]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\Evernote\Evernote3.5\enbar.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\
FF - prefs.js: browser.startup.homepage - Google.com
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - component: c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npDimdimControl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\users\Scott\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\Scott\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'winlogon.exe'(5948)
c:\program files\ThreatFire\TfWah.dll

- - - - - - - > 'lsass.exe'(920)
c:\program files\ThreatFire\TFWAH.dll
.
Completion time: 2010-11-01 00:41:21
ComboFix-quarantined-files.txt 2010-11-01 04:41
ComboFix2.txt 2010-10-31 14:48
ComboFix3.txt 2010-10-30 15:29
ComboFix4.txt 2010-10-30 05:39

Pre-Run: 16,281,640,960 bytes free
Post-Run: 16,237,256,704 bytes free

- - End Of File - - 9CE7E7C0EB6EBD42DF678835A530CB85

Edited by thanks_in_advance, 01 November 2010 - 07:26 AM.


#12 thanks_in_advance

thanks_in_advance
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 01 November 2010 - 09:05 AM

2nd Run - (see previous run above too)
I re-downloaded ComboFix and RKUnhookerLE.exe and re-created the CFScript. When I tried to run them, nothing happened. I then had the idea to rename all of them since maybe something was preventing them from running. So:

  • I renamed "Combofix" to "ScottsFixer"
  • I renamed "RKUnhookerLE.exe" to "Afix.com.exe"
  • I ran the script "CFScript.txt"

Doing this allowed it to run. Wonder if this means, something is still on my computer?

ComboFix Run #2
ComboFix 10-10-31.04 - Scott 11/01/2010 9:18.6.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3070.1349 [GMT -4:00]
Running from: c:\users\Scott\Desktop\ScottsFixer.exe
Command switches used :: c:\users\Scott\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

FILE ::
"c:\users\Scott\Desktop\Afix.com.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Scott\Desktop\Afix.com.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-01 to 2010-11-01 )))))))))))))))))))))))))))))))
.

2010-11-01 13:33 . 2010-11-01 13:33 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-11-01 13:33 . 2010-11-01 13:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-31 15:05 . 2010-07-07 11:55 545 ----a-w- c:\windows\UC.PIF
2010-10-31 15:05 . 2010-07-07 11:55 545 ----a-w- c:\windows\RAR.PIF
2010-10-31 15:05 . 2010-07-07 11:55 545 ----a-w- c:\windows\PKZIP.PIF
2010-10-31 15:05 . 2010-07-07 11:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-10-31 15:05 . 2010-07-07 11:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-10-31 15:05 . 2010-07-07 11:55 545 ----a-w- c:\windows\LHA.PIF
2010-10-31 15:05 . 2010-07-07 11:55 545 ----a-w- c:\windows\ARJ.PIF
2010-10-31 15:05 . 2010-10-31 15:06 -------- d-----w- C:\totalcmd
2010-10-31 15:05 . 2010-10-31 15:05 -------- d-----w- c:\users\Scott\AppData\Roaming\GHISLER
2010-10-31 15:03 . 2010-11-01 01:12 -------- d-----w- c:\users\Scott\AppData\Roaming\stickies
2010-10-31 15:03 . 2010-10-31 15:03 605 ----a-w- c:\windows\uninstallstickies.bat
2010-10-31 15:03 . 2010-10-31 15:03 -------- d-----w- c:\program files\stickies
2010-10-30 22:03 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-10-30 21:36 . 2010-10-30 21:36 -------- d-----w- c:\users\Scott\AppData\Local\Eraser 6
2010-10-30 21:19 . 2010-10-30 21:19 -------- d-----w- c:\program files\Eraser
2010-10-30 19:39 . 2010-01-14 20:08 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-10-30 19:39 . 2010-01-14 20:08 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-10-30 19:39 . 2010-01-14 20:08 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2010-10-30 15:19 . 2010-10-18 13:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13B62430-3720-43DC-9D58-1CF2FCC8BB92}\mpengine.dll
2010-10-30 15:17 . 2010-10-30 15:17 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes
2010-10-30 15:12 . 2010-10-30 15:12 -------- d-----w- c:\users\Scott\AppData\Roaming\SUPERAntiSpyware.com
2010-10-30 14:26 . 2010-10-30 14:26 -------- d-----w- c:\users\Scott\AppData\Local\ESET
2010-10-30 06:30 . 2010-10-30 06:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\SUPERAntiSpyware.com
2010-10-30 06:30 . 2010-10-30 06:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-10-30 06:28 . 2010-10-30 06:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-10-30 06:18 . 2010-10-30 06:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-30 06:08 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-30 06:08 . 2010-10-30 06:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2
2010-10-30 06:08 . 2010-10-30 06:08 -------- d-----w- c:\programdata\Malwarebytes
2010-10-30 06:08 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-30 05:39 . 2010-11-01 13:34 -------- d-----w- c:\users\Scott\AppData\Local\temp
2010-10-30 04:53 . 2010-10-30 05:39 -------- d-----w- C:\scanman
2010-10-30 04:25 . 2010-10-30 04:25 -------- d-----w- c:\windows\system32\%LocalAppData%
2010-10-30 01:36 . 2010-10-30 01:36 -------- d-----w- c:\windows\system32\wbem\Logs
2010-10-30 01:36 . 2010-10-30 01:36 -------- d-----w- c:\program files\Common Files\Java
2010-10-30 01:36 . 2010-09-15 08:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-30 01:36 . 2010-09-15 08:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-30 00:38 . 2010-10-30 01:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Notepad++
2010-10-30 00:01 . 2010-10-30 03:10 -------- d-----w- c:\program files\ESET
2010-10-29 23:52 . 2010-10-30 06:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-29 23:08 . 2010-10-29 23:08 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\IsolatedStorage
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\assembly
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\IsolatedStorage
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\TechSmith
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-10-29 23:05 . 2010-10-29 23:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\ACT
2010-10-29 23:04 . 2010-10-29 23:04 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\LogMeIn
2010-10-29 23:02 . 2010-10-30 19:39 -------- d-----w- c:\program files\ThreatFire
2010-10-29 23:02 . 2010-10-30 04:26 -------- d-----w- c:\programdata\PC Tools
2010-10-26 18:39 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-26 18:39 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-26 18:39 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-26 18:39 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-26 18:39 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-25 14:59 . 2010-10-25 14:59 -------- d-----w- c:\program files\Adobe Media Player
2010-10-25 13:51 . 2010-10-25 13:51 -------- d-----w- c:\users\Scott\dwhelper
2010-10-19 16:31 . 2010-10-19 16:31 -------- d-----w- c:\users\Scott\AppData\Roaming\webex
2010-10-06 20:54 . 2010-10-06 20:54 -------- d-----w- c:\users\Scott\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-10-06 14:40 . 2010-05-09 09:15 279552 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-10-06 14:40 . 2010-05-09 09:15 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-10-06 14:40 . 2010-06-26 05:14 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2010-10-06 14:40 . 2010-10-06 14:40 -------- d-----w- c:\program files\Feedback Tool

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-01 12:13 . 2009-10-05 13:54 1056 --sha-w- c:\programdata\KGyGaAvL.sys
2010-10-30 15:11 . 2009-11-21 00:02 138208 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-10-19 15:41 . 2009-10-04 03:15 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-30 22:06 . 2009-10-16 20:48 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-09-30 22:06 . 2009-10-16 20:48 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-09-30 22:06 . 2009-10-16 20:48 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-09-30 22:06 . 2009-10-16 20:48 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-21 05:32 . 2010-09-14 21:17 316928 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((( SnapShot_2010-10-31_14.31.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-10-04 05:35 . 2010-10-30 21:37 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-04 05:35 . 2010-10-30 21:37 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:41 . 2010-10-30 21:37 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-10-30 21:37 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-04 05:35 . 2010-10-30 21:37 147456 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-04 05:35 . 2010-10-30 21:37 147456 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 02:03 . 2010-11-01 06:09 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2010-10-31 12:03 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ditto"="c:\program files\Ditto\Ditto.exe" [2009-08-16 716800]
"Google Update"="c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-05 133104]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2010-07-26 39816]
"X1FileMonitor.exe"="c:\program files\X1\X1FileMonitor.exe" [2009-04-01 370360]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-18 160328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2010-01-21 28672]
"Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2010-01-21 331776]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-22 4355464]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-23 960568]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-22 377248]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-29 2145000]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-04-10 979344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-18 160328]

c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ACT! by Sage.lnk - c:\program files\ACT\Act for Windows\ActSage.exe [2010-1-20 331776]
PureText.exe [2003-8-21 28672]
Stickies.lnk - c:\program files\stickies\stickies.exe [2010-10-31 1101824]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2010-8-23 2068832]
X1 System Tray.lnk - c:\program files\X1\X1Systray.exe [2009-4-1 353976]
X1.lnk - c:\program files\X1\X1.exe [2009-4-1 2533048]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoHotkey.lnk - c:\program files\AutoHotkey\AutoHotkey.exe [2009-9-25 245248]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-2-2 984352]
Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^Users^Scott^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Scott^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OUTLOOK.lnk]
path=c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OUTLOOK.lnk
backup=c:\windows\pss\OUTLOOK.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-02-22 22:18 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 08:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-08 21:31 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 20:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanSoft OmniPage 16-reminder]
2007-07-20 13:50 328992 ----a-w- c:\program files\ScanSoft\OmniPage16\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-10-25 18:46 2424560 ----a-w- c:\program files\SUPERAntiSpyware\HammerTime2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 18:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

R2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [2010-01-21 81920]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 25112]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-13 1343400]
R3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\DRIVERS\wip0204.sys [2008-12-31 23480]
S0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\DRIVERS\tdrpm228.sys [2009-11-21 902592]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59664]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-29 114984]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-29 134024]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-29 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-29 96896]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-09-23 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2009-03-29 34128]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 33552]


--- Other Services/Drivers In Memory ---

*Deregistered* - klmd25

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-10-28 c:\windows\Tasks\GoodSync - Z Drive.job
- c:\program files\Siber Systems\GoodSync\GoodSync.exe [2010-09-24 19:05]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 04:03]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 04:03]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1636264073-2185046941-3571425239-1000Core.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-05 14:48]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1636264073-2185046941-3571425239-1000UA.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-05 14:48]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\Evernote\Evernote3.5\enbar.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: {E1B26101-23FB-4855-9171-F79F29CC7728} -
FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\
FF - prefs.js: browser.startup.homepage - Google.com
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - component: c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\rknlhgbg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npDimdimControl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\users\Scott\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\Scott\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'winlogon.exe'(5948)
c:\program files\ThreatFire\TfWah.dll

- - - - - - - > 'lsass.exe'(920)
c:\program files\ThreatFire\TFWAH.dll
.
Completion time: 2010-11-01 09:50:31
ComboFix-quarantined-files.txt 2010-11-01 13:50
ComboFix2.txt 2010-11-01 04:41
ComboFix3.txt 2010-10-31 14:48
ComboFix4.txt 2010-10-30 15:29
ComboFix5.txt 2010-11-01 13:04

Pre-Run: 16,406,319,104 bytes free
Post-Run: 16,356,392,960 bytes free

- - End Of File - - 47AEB6E265723178C6DB532639F8668B

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 01 November 2010 - 03:02 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 thanks_in_advance

thanks_in_advance
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 01 November 2010 - 03:08 PM

32 Bit HP CIO Components Installer
7-Zip 4.65
7500_7600_7700_Help
Acrobat.com
Acronis Migrate Easy
Acronis True Image Home
ACT! by Sage 2010
Adobe AIR
Adobe Anchor Service CS4
Adobe Community Help
Adobe Contribute CS4
Adobe CSI CS4
Adobe ExtendScript Toolkit CS4
Adobe Fireworks CS5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Linguistics CS4
Adobe Media Player
Adobe Reader 9.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Update Manager CS4
AI RoboForm (All Users)
Any Video Converter 3.0.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Audible Download Manager
AutoHotkey 1.0.48.05
AVG Anti-Rootkit Free
AviSynth 2.5
Bing Maps 3D
BizAgi Process Modeler
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
Bucket Explorer
BufferChm
CamStudio
ClipboardPath
CloudBerry Explorer for Amazon S3 1.8
Connect
Dell Resource CD
Destinations
DeviceDiscovery
DHTML Editing Component
Ditto
DocProc
Eraser 6.0.7.1893
ESET NOD32 Antivirus
ESET Online Scanner v3
Evernote
Fax
Feedback Tool
FileZilla Client 3.3.4.1
Flash Slideshow Maker Pro 4.91
Foxit PDF Editor
Foxit PDF IFilter
Foxit Reader
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GIMP 2.6.8
GoodSync
Google AdWords Editor
Google Calendar Sync
Google Chrome
Google Earth Plug-in
Google Update Helper
GoToMeeting 4.5.0.457
GPBaseService2
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP OfficeJet L7300/L7500/7600/7700
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
IrfanView (remove only)
iTunes
Java Auto Updater
Java™ 6 Update 22
kuler
L7500
LinkedIn Outlook Toolbar
LogMeIn
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 7.0
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (ACT7)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MindTouch Desktop Connector
MobileMe Control Panel
Mozilla Firefox (3.6.12)
MPM
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Network
Notepad++
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OCR Software by I.R.I.S. 13.0
ODIR
OGA Notifier 2.0.0048.0
OptiTools
PageBreeze Free HTML Editor
PowerISO
PrismCubedx86
ProductContext
PVSonyDll
QB Network Diagnostic Tool
QuickBooks
QuickBooks Pro 2009
QuickTime
Radmin Viewer 3.4
Revo Uninstaller 1.83
Safari
Scan
ScanSoft OmniPage 16
ScanSoft PDF Create! 4
Screencaster Plug-in for FF
SeaTools for Windows
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB982127)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shop for HP Supplies
Skype™ 4.1
SmartWebPrinting
Snagit 10
Snagit 9.1.3
SolutionCenter
Status
Stickies 7.0b
Suite Shared Configuration CS4
SUPERAntiSpyware
SupportSoft Assisted Service
ThreatFire
Toolbox
Total Commander (Remove or Repair)
TrayApp
Trillian
TrueCrypt
Unlocker 1.8.8
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2410711)
Visual Studio 2005 Tools for Office Second Edition Runtime
WebEx
WebReg
WinDirStat 1.1.2
Windows Live ID Sign-in Assistant
Windows Media Player Firefox Plugin
X1
xplorer² professional 32 bit
Yahoo! BrowserPlus 2.7.1
Zune
Zune Language Pack (DE)
Zune Language Pack (ES)
Zune Language Pack (FR)
Zune Language Pack (IT)

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 01 November 2010 - 04:23 PM

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.2

and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users