Persistent Malware - afisicx.exe, mabidwe.exe, etc [Solved]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Persistent Malware - afisicx.exe, mabidwe.exe, etc [Solved] Removed malware using the removal guide, but they're back!

#1 Sublime07

Group: Member
Posts: 8
Joined: 21-March 09

Posted 22 March 2009 - 09:57 AM

I had malware on my laptop a week ago, and I noticed this because I kept getting an svchost error every time I started up, and then the sound wouldn't work. So I googled the error... which led me to this website... where I found that other people were having similar problems. I opened up my Task Manager and found a few processes listed that turned out to be malware (mabidwe.exe, afisicx.exe, etc.), and about 11 instances of svchost.exe.

So - I followed all the steps in your Malware Removal Guide, and everything seemed to be great for a couple days. Then I noticed that many of the malicious files were back in my task manager. So... ran the Malwarebytes' Anti-Malware program again... and it found a whole host of backdoor bots and trojans. Restarted my computer on the Malwarebytes' prompt, and since then, it's been shutting down on me at random times after a blue screen shows up with the following error code:

STOP: 0x0000008e (0xc0000005, 0x8052E529, 0xA7315A00, 0x0000000)

I also notice that afisicx.exe and mabidwe.exe are back on the processes list in Task Manager... again.

Here are my rooter and OTLI files:

ROOTER:
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:109293 Mo/Free:2068 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

22/03/2009|12:19

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\WLTRYSVC.EXE
---------- C:\WINDOWS\System32\bcmwltry.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\afisicx.exe
---------- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\mabidwe.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
---------- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
---------- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\WINDOWS\system32\mfevtps.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\tcpsvcs.exe
---------- C:\WINDOWS\system32\sopidkc.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\wscntfy.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\WINDOWS\system32\WLTRAY.exe
---------- C:\WINDOWS\stsystra.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
---------- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
---------- C:\Program Files\McAfee\Common Framework\udaterui.exe
---------- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
---------- C:\Program Files\McAfee\Common Framework\McTray.exe
---------- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!

HKLM\SYSTEM\ControlSet003\Services\seneka

1 - "C:\Rooter$\Rooter_1.txt" - 22/03/2009|12:25

----------------------\\ Scan completed at 12:25

OLTI:
OTListIt logfile created on: 22/03/2009 12:27:04 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.0 Folder = C:\Documents and Settings\Clawd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1014.37 Mb Total Physical Memory | 546.39 Mb Available Physical Memory | 53.86% Memory free
2.38 Gb Paging File | 2.11 Gb Available in Paging File | 88.34% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.73 Gb Total Space | 46.02 Gb Free Space | 43.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XXXXXXXX
Current User Name: Clawd
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\afisicx.exe ()
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\WINDOWS\system32\mabidwe.exe ()
PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\sopidkc.exe ()
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Documents and Settings\Clawd\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (afisicx [Auto | Running]) -- C:\WINDOWS\system32\afisicx.exe ()
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CVPND [Auto | Running]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-061008-081103 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (Ias [Auto | Running]) -- C:\WINDOWS\system32\Iasv32.dll ()
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (mabidwe [Auto | Running]) -- C:\WINDOWS\system32\mabidwe.exe ()
SRV - (McAfeeEngineService [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SRV - (McAfeeFramework [Unknown | Running]) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (mfevtp [Unknown | Running]) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PcCtlCom [Auto | Stopped]) -- File not found
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (SimpTcp [Auto | Running]) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (sopidkc [Auto | Running]) -- C:\WINDOWS\system32\sopidkc.exe ()
SRV - (Tmntsrv [Auto | Stopped]) -- File not found
SRV - (TmPfw [Auto | Stopped]) -- File not found
SRV - (tmproxy [Auto | Stopped]) -- File not found
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (ap1394 [On_Demand | Stopped]) -- C:\WINDOWS\system32\ap1394.sys ()
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (CVirtA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CVPNDRVA [Auto | Running]) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (dfmirage [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dfmirage.sys (DemoForge, LLC)
DRV - (DgiVecp [Auto | Stopped]) -- C:\WINDOWS\System32\Drivers\DgiVecp.sys (DeviceGuys, Inc.)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (dtscsi [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\dtscsi.sys ()
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hamachi [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mfeapfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [Boot | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdet [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik [System | Running]) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (rimmptsk [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (Tmfilter [Auto | Stopped]) -- C:\WINDOWS\TMFilter.log ()
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (VF0350Vfx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\V0350VFx.sys (EyePower Games Pte. Ltd.)
DRV - (VF0350Vid [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\V0350Vid.sys (Creative Technology Ltd.)
DRV - (vsdatant [On_Demand | Stopped]) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CC21C2AA-76D7-4545-A27A-01BF5F7EAC4B}:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/19 13:30:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/21 20:17:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/06 21:04:04 | 00,000,000 | ---D | M]

[2008/09/07 17:59:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Clawd\Application Data\mozilla\Extensions
[2008/09/07 17:59:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Clawd\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/04/20 23:42:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Clawd\Application Data\mozilla\Firefox\Profiles\mldm4ahj.default\extensions
[2009/03/21 11:49:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/06 21:04:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/09 00:26:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CC21C2AA-76D7-4545-A27A-01BF5F7EAC4B}
[2009/03/06 21:03:08 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/06 21:03:08 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/29 09:07:00 | 00,022,576 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2009/03/06 21:03:42 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/06 21:03:42 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/06 21:03:42 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/06 21:03:42 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/06 21:03:42 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/08 19:12:33 | 00,000,686 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.png
[2008/09/08 19:12:33 | 00,000,531 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.src
[2009/03/06 21:03:42 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/06 21:03:43 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (StagingUI Object)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} http://zone.msn.com/bingame/choc/default/C...eb.1.0.0.15.cab (CPlayFirstChocolatieControl Object)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} http://musicmix.mess.../Medialogic.CAB (CMediaMix Object)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab (ijjiPlugin2 Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1161174594421 (MUWebControl Class)
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} http://aolsvc.aol.com/onlinegames/free-tri...web.1.0.0.9.cab (CPlayFirstdreamControl Object)
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/...no.cab55579.cab (ZPA_DMNO Object)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/...O1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/...of.cab55579.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://www.arcadetown.com/dinerdashfloonth...tg.1.0.0.33.cab (CPlayFirstddfotgControl Object)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zon...ot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} http://zone.msn.com/...undLauncher.cab (AstoundLauncher Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/Facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/...inematycoon.cab (TikGames Online Control)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} https://secure.gopet.../dev/gopets.cab (GoPets Control)
O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} http://zone.msn.com/bingame/wedd/default/W...sh.1.0.0.50.cab (CPlayFirstWeddingDasControl Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15033/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab (Solitaire Showdown Class)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopet...v/GoPetsWeb.cab (GoPetsWeb Control)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - C:\autorun.inf () - [ NTFS ]
O32 - Autorun File - C:\autorun.PNF () - [ NTFS ]
O33 - MountPoints2\{71cbf9fc-d57d-11dc-8655-0015c56ad77e}\Shell - "" = AutoRun
O33 - MountPoints2\{71cbf9fc-d57d-11dc-8655-0015c56ad77e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{71cbf9fc-d57d-11dc-8655-0015c56ad77e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[9 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/03/22 11:57:34 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Clawd\Desktop\OTListIt2.exe
[2009/03/22 11:37:31 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/22 11:37:12 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Clawd\Desktop\Rooter.exe
[2009/03/22 11:10:47 | 10,637,14816 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/21 15:16:20 | 00,000,000 | ---D | C] -- C:\Program Files\The Learning Company
[2009/03/21 15:08:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Clawd\Application Data\The Learning Company
[2009/03/21 12:13:50 | 00,000,000 | ---D | C] -- C:\Program Files\Abe's Oddysee
[2009/03/20 16:13:05 | 00,012,624 | ---- | C] () -- C:\DOCUME~1\Clawd\Desktop\Clue.xlsx
[2009/03/20 14:51:34 | 00,033,792 | ---- | C] () -- C:\DOCUME~1\Clawd\Desktop\MencherScholarship.doc
[2009/03/20 12:59:39 | 00,039,424 | ---- | C] () -- C:\DOCUME~1\Clawd\Desktop\ASHA submission.doc
[2009/03/19 13:59:22 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/03/19 13:24:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/03/19 13:23:34 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/03/19 13:20:30 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/03/19 13:20:30 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/03/19 13:20:29 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/03/19 13:20:28 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/03/19 13:20:28 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/03/19 13:20:26 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/03/19 13:20:26 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/03/19 13:20:21 | 00,000,000 | ---D | C] -- C:\c438cf011a6a475f7e0fb64c58
[2009/03/19 13:17:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/03/19 11:50:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/19 11:49:30 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/14 01:44:34 | 00,000,000 | ---D | C] -- C:\Program Files\CLUE Classic
[2009/03/13 09:21:00 | 00,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
[2009/03/13 09:20:58 | 00,280,344 | ---- | C] (Zone Labs LLC) -- C:\WINDOWS\System32\vsdatant.sys
[2009/03/13 09:20:58 | 00,124,688 | ---- | C] (Zone Labs LLC) -- C:\WINDOWS\System32\vsinit.dll
[2009/03/13 09:20:58 | 00,075,536 | ---- | C] (Zone Labs LLC) -- C:\WINDOWS\System32\vsdata.dll
[2009/03/13 09:20:44 | 00,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009/03/13 09:20:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2009/03/12 19:18:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/03/12 18:52:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/03/12 18:52:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/03/12 18:52:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/03/12 18:52:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/03/12 18:38:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/03/12 18:20:05 | 00,004,168 | ---- | C] () -- C:\INFCACHE.1
[2009/03/12 18:20:04 | 00,002,152 | ---- | C] () -- C:\autorun.PNF
[2009/03/12 18:05:09 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/03/12 18:03:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2009/03/12 02:45:53 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2009/03/12 02:43:56 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2009/03/12 02:43:51 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/03/12 02:43:47 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2009/03/12 02:43:47 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2009/03/12 02:43:46 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys
[2009/03/12 02:43:45 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2009/03/12 02:43:43 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2009/03/12 02:42:41 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2009/03/12 02:42:08 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2009/03/12 02:42:00 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2009/03/12 02:42:00 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2009/03/12 02:41:41 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2009/03/12 02:41:41 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009/03/12 02:41:40 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2009/03/12 02:41:40 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2009/03/12 02:41:40 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009/03/12 02:41:39 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2009/03/12 02:41:38 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2009/03/12 02:41:08 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2009/03/12 02:41:08 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009/03/12 02:41:07 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009/03/12 02:41:07 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2009/03/12 02:41:06 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2009/03/12 02:41:06 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2009/03/12 02:41:06 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009/03/12 02:41:05 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2009/03/12 02:40:51 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2009/03/12 02:40:16 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2009/03/12 02:40:05 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2009/03/12 02:40:04 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2009/03/12 02:39:47 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2009/03/12 02:39:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2009/03/12 02:39:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2009/03/12 02:39:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2009/03/12 02:39:11 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2009/03/12 02:39:06 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2009/03/12 02:39:03 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2009/03/12 02:37:04 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009/03/12 02:37:03 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2009/03/12 02:37:03 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2009/03/12 02:37:01 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/03/12 02:35:27 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2009/03/12 02:35:26 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2009/03/12 02:35:09 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2009/03/12 02:35:09 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/03/12 02:35:09 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2009/03/12 02:35:09 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/03/12 02:35:07 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2009/03/12 02:35:07 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/03/12 02:35:07 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2009/03/12 02:35:07 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2009/03/12 02:34:33 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009/03/12 02:34:27 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2009/03/12 02:34:22 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2009/03/12 02:34:22 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2009/03/12 02:34:22 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2009/03/12 02:34:18 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009/03/12 02:34:17 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009/03/12 02:34:13 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2009/03/12 02:34:13 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2009/03/12 02:34:13 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2009/03/12 02:33:57 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/03/12 02:33:55 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2009/03/12 02:33:51 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2009/03/12 02:33:47 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2009/03/12 02:33:44 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2009/03/12 02:33:29 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2009/03/12 02:33:29 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2009/03/12 02:33:25 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2009/03/12 02:33:23 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2009/03/12 02:33:22 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2009/03/12 02:33:16 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2009/03/12 02:33:05 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2009/03/12 02:33:04 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2009/03/12 02:33:02 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2009/03/12 02:32:56 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2009/03/12 02:15:40 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/03/12 02:15:34 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/03/12 02:15:21 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/03/11 23:55:08 | 00,000,047 | ---- | C] () -- C:\xcclstecj.bat
[2009/03/11 23:22:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Clawd\Application Data\Malwarebytes
[2009/03/11 23:22:08 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/11 23:22:03 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/11 23:21:59 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\Malwarebytes
[2009/03/11 23:21:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/11 19:09:57 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\uniq.tll
[2009/03/11 19:09:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009/03/11 02:57:40 | 00,000,565 | ---- | C] () -- C:\WINDOWS\xccwinsys.ini
[2009/03/10 15:06:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\A7091E1D36A447F1A739173CC341414F.TMP
[2009/03/09 11:59:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\$ntunistalls
[2009/03/09 11:59:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3361
[2009/03/09 11:57:36 | 00,000,198 | ---- | C] () -- C:\WINDOWS\System32\xcchit32.ini
[2009/03/09 11:51:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inf
[2009/03/09 01:33:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\Nancy Drew Dossier Lights Camera Curses
[2009/03/09 00:26:58 | 00,000,347 | RHS- | C] () -- C:\autorun.inf
[2009/03/08 15:57:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Clawd\Application Data\GamesCafe
[2009/03/08 15:57:29 | 00,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/03/08 15:56:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\CLUE Classic
[2009/03/07 20:35:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/03/07 13:17:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\game.INI
[2009/03/06 04:02:16 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Documents\microsoft
[2009/03/04 20:29:46 | 00,298,496 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2009/02/26 17:45:45 | 00,000,000 | ---D | C] -- C:\Program Files\DirectVobSub
[2009/02/26 17:45:27 | 00,403,335 | ---- | C] () -- C:\Program Files\vsfilter.2.39_nt.exe
[2009/02/23 15:43:15 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\HP Product Assistant
[2009/02/21 12:54:11 | 00,000,000 | ---D | C] -- C:\spoolerlogs

========== Files - Modified Within 30 Days ==========

[9 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/03/22 12:14:42 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/22 12:01:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/22 12:01:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/22 12:01:52 | 10,637,14816 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/22 11:57:44 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Clawd\Desktop\OTListIt2.exe
[2009/03/22 11:37:17 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Clawd\Desktop\Rooter.exe
[2009/03/21 21:16:30 | 00,152,576 | ---- | M] () -- C:\DOCUME~1\Clawd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/21 18:32:42 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/21 18:01:58 | 00,000,568 | ---- | M] () -- C:\DOCUME~1\Clawd\My Documents\My Sharing Folders.lnk
[2009/03/21 17:36:26 | 06,291,456 | -H-- | M] () -- C:\DOCUME~1\Clawd\Local Settings\Application Data\IconCache.db
[2009/03/20 16:37:18 | 00,012,624 | ---- | M] () -- C:\DOCUME~1\Clawd\Desktop\Clue.xlsx
[2009/03/20 15:50:33 | 00,033,792 | ---- | M] () -- C:\DOCUME~1\Clawd\Desktop\MencherScholarship.doc
[2009/03/20 13:03:13 | 00,039,424 | ---- | M] () -- C:\DOCUME~1\Clawd\Desktop\ASHA submission.doc
[2009/03/19 14:43:15 | 00,293,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/19 14:27:23 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/19 14:13:11 | 00,534,456 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/19 14:13:11 | 00,463,768 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/19 14:13:11 | 00,080,730 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/19 13:47:50 | 00,077,872 | ---- | M] () -- C:\DOCUME~1\Clawd\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/17 01:10:44 | 00,437,760 | -HS- | M] () -- C:\DOCUME~1\Clawd\Desktop\Thumbs.db
[2009/03/15 12:37:18 | 00,000,745 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/15 12:37:18 | 00,000,309 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/15 12:37:18 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/03/13 18:40:41 | 00,000,780 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2009/03/13 09:22:52 | 00,000,008 | ---- | M] () -- C:\WINDOWS\System32\success
[2009/03/13 09:21:00 | 00,001,762 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
[2009/03/12 19:14:55 | 00,096,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd7533.sys
[2009/03/12 18:23:10 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/03/12 18:20:05 | 00,004,168 | ---- | M] () -- C:\INFCACHE.1
[2009/03/12 18:20:04 | 00,002,152 | ---- | M] () -- C:\autorun.PNF
[2009/03/11 23:55:08 | 00,000,047 | ---- | M] () -- C:\xcclstecj.bat
[2009/03/11 23:50:33 | 00,000,565 | ---- | M] () -- C:\WINDOWS\xccwinsys.ini
[2009/03/11 19:09:57 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\uniq.tll
[2009/03/11 02:58:56 | 00,000,198 | ---- | M] () -- C:\WINDOWS\System32\xcchit32.ini
[2009/03/09 01:33:11 | 00,000,347 | RHS- | M] () -- C:\autorun.inf
[2009/03/08 15:57:29 | 00,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2009/03/07 13:17:46 | 00,000,000 | ---- | M] () -- C:\WINDOWS\game.INI
[2009/03/06 16:07:59 | 00,003,974 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/03/06 16:07:53 | 00,000,088 | RHS- | M] () -- C:\WINDOWS\System32\2458F6D389.sys
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/21 10:56:00 | 00,131,045 | ---- | M] () -- C:\WINDOWS\hpoins12.dat
< End of report >

OTLI Exras:
OTListIt Extras logfile created on: 22/03/2009 12:27:04 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.0 Folder = C:\Documents and Settings\Clawd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1014.37 Mb Total Physical Memory | 546.39 Mb Available Physical Memory | 53.86% Memory free
2.38 Gb Paging File | 2.11 Gb Available in Paging File | 88.34% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.73 Gb Total Space | 46.02 Gb Free Space | 43.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XXXXXXXX
Current User Name: Clawd
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing (Microsoft Corporation)
C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® (Microsoft Corporation)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service (McAfee, Inc.)
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client (Veoh Networks)
C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed (SightSpeed Inc.)
C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 (Firaxis Games)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20CCA435-1465-4567-885C-4A0AFCD0EB05}" = F2100_Help
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{36FE3EDA-0C18-48DE-934B-D9862F82A7A8}" = McAfee Agent
"{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41C18715-AFF0-49E9-B940-287A50532D33}" = Cisco Clean Access Agent
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5E863175-E85D-44A6-8968-82507D34AE7F}" = QuickTime
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{97A96172-A963-4A37-9FFB-DA6805BB915A}" = VeohTV BETA
"{97E58EDD-3484-4E7B-946B-08A8D41D3D39}" = SALT Demo V9
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AB90749C-7422-4580-8A7A-66CC5E9E5F98}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F6F90406-4726-4559-B6F7-3A96529CDD45}" = F2100
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"7-Zip" = 7-Zip 4.62
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CLUE Classic1.0" = CLUE Classic
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Live! Cam Doodling" = Creative Live! Cam Doodling
"Creative Live! Cam FX Creator" = Creative Live! Cam FX Creator
"Creative Live! Cam Manager" = Creative Live! Cam Manager
"Creative Live! Cam User's Guide" = Creative Live! Cam User's Guide
"Creative Photo Calendar" = Creative Photo Calendar
"Creative Photo Manager" = Creative Photo Manager
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0350" = Creative Live! Cam Video Chat or Video IM Driver (1.03.01.00)
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DirectVobSub" = DirectVobSub (remove only)
"DivX Content Uploader" = DivX Content Uploader
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Google Desktop" = Google Desktop
"Hamachi" = Hamachi 1.0.2.5
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{97A96172-A963-4A37-9FFB-DA6805BB915A}" = VeohTV BETA
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mirage Driver_is1" = Mirage Driver 1.1
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MsgPlus! Plugin" = Messenger Plus! 3
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PowerISO" = PowerISO
"PrimoPDF4.0.2.5" = PrimoPDF
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"SightSpeed" = SightSpeed (remove only)
"Skype_is1" = Skype 3.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"ToolBand.SkypeIEToolbarToolbar" = Skype add-on for IE
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool 1v7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Puzzle Demo (JSP version)" = Puzzle Demo (JSP version)
"Quiz Demo (JSP version)" = Quiz Demo (JSP version)
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/03/2009 8:44:36 PM | Computer Name = XXXXXXXX| Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 21/03/2009 8:44:40 PM | Computer Name = XXXXXXXX| Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 21/03/2009 8:44:42 PM | Computer Name = XXXXXXXX | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 21/03/2009 9:25:59 PM | Computer Name = XXXXXXXX | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 21/03/2009 9:26:08 PM | Computer Name = XXXXXXXX | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 21/03/2009 9:26:09 PM | Computer Name = XXXXXXXX | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 22/03/2009 9:40:10 AM | Computer Name = XXXXXXXX | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 22/03/2009 9:40:15 AM | Computer Name = XXXXXXXX | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 22/03/2009 9:40:16 AM | Computer Name = XXXXXXXX | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 22/03/2009 9:59:43 AM | Computer Name = XXXXXXXX | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\1147b7b1.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

[ OSession Events ]
Error - 22/01/2009 10:15:23 PM | Computer Name = XXXXXXXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 429 seconds with 60 seconds of active time. This session ended with a crash.

Error - 06/02/2009 11:45:09 PM | Computer Name = XXXXXXXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 31197 seconds with 480 seconds of active time. This session ended with a
crash.

Error - 15/03/2009 5:05:33 PM | Computer Name = XXXXXXXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 157 seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 22/03/2009 11:03:15 AM | Computer Name = XXXXXXXX | Source = Service Control Manager | ID = 7000
Description = The Tmpreflt service failed to start due to the following error: %%2

Error - 22/03/2009 11:03:15 AM | Computer Name = XXXXXXXX | Source = Service Control Manager | ID = 7000
Description = The Vsapint service failed to start due to the following error: %%2

Error - 22/03/2009 11:03:15 AM | Computer Name = XXXXXXXX | Source = Service Control Manager | ID = 7001
Description = The Tmfilter service depends on the Tmpreflt service which failed
to start because of the following error: %%2

Error - 22/03/2009 11:03:15 AM | Computer Name = XXXXXXXX | Source = Service Control Manager | ID = 7000
Description = The Trend Micro Central Control Component service failed to start
due to the following error: %%2

Error - 22/03/2009 11:03:15 AM | Computer Name = XXXXXXXX | Source = Service Control Manager | ID = 7023
Description = The .Freame Micer service terminated with the following error: %%126

Error - 22/03/2009 11:03:15 AM | Computer Name = XXXXXXXX | Source = Service Control Manager | ID = 7000
Description = The Trend Micro Real-time Service service failed to start due to the
following error: %%2

Error - 22/03/2009 11:03:15 AM | Computer Name = XXXXXXXX | Source = Service Control Manager | ID = 7001
Description = The Trend Micro Proxy Service service depends on the Trend Micro TDI
Driver service which failed to start because of the following error: %%31

Error - 22/03/2009 11:03:15 AM | Computer Name = XXXXXXXX | Source = Service Control Manager | ID = 7000
Description = The Common Firewall Driver service failed to start due to the following
error: %%2

Error - 22/03/2009 11:03:15 AM | Computer Name = XXXXXXXX | Source = Service Control Manager | ID = 7001
Description = The Trend Micro Personal Firewall service depends on the Common Firewall
Driver service which failed to start because of the following error: %%2

Error - 22/03/2009 11:04:38 AM | Computer Name = XXXXXXXX | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
tmtdi

< End of report >

#2 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 22 March 2009 - 10:10 AM

hello

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

#3 Sublime07

Group: Member
Posts: 8
Joined: 21-March 09

Posted 22 March 2009 - 12:28 PM

Had the hardest time disabling McAfee.

Thought I had it disabled, then received a pop-up from ComboFix, saying it was still running. Couldn't uninstall it because it was still running, and there's no "Exit" or "Disable" option on it in the system tray.

Here's the ComboFix log anyway:

ComboFix 09-03-19.02 - Clawd 2009-03-22 14:37:53.1 - NTFSx86
Running from: c:\documents and settings\Clawd\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated)
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\Clawd\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\windows\IE4 Error Log.txt
c:\windows\Install.txt
c:\windows\system32\afisicx.exe
c:\windows\system32\comsa32.sys
c:\windows\system32\Install.txt
c:\windows\system32\mabidwe.exe
c:\windows\system32\sopidkc.exe
c:\windows\system32\tpszxyd.sys
c:\windows\system32\uniq.tll
c:\windows\system32\xcchit32.ini
c:\windows\xccwinsys.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFISICX
-------\Legacy_DEFAULTLIB
-------\Legacy_IAS
-------\Legacy_MABIDWE
-------\Legacy_SOFTYINFORWOW1
-------\Legacy_SOPIDKC
-------\Service_afisicx
-------\Service_Ias
-------\Service_mabidwe
-------\Service_softyinforwow1
-------\Service_sopidkc

((((((((((((((((((((((((( Files Created from 2009-02-22 to 2009-03-22 )))))))))))))))))))))))))))))))
.

2009-03-22 11:37 . 2009-03-22 12:25 <DIR> d-------- C:\Rooter$
2009-03-21 20:19 . 2009-03-21 20:19 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-03-21 15:16 . 2009-03-21 15:16 <DIR> d-------- c:\program files\The Learning Company
2009-03-21 15:08 . 2009-03-21 15:08 <DIR> d-------- c:\documents and settings\Clawd\Application Data\The Learning Company
2009-03-21 12:13 . 2009-03-21 20:48 <DIR> d-------- c:\program files\Abe's Oddysee
2009-03-19 13:59 . 2009-01-09 16:19 1,089,593 --------- c:\windows\system32\dllcache\ntprint.cat
2009-03-19 13:24 . 2009-03-19 13:24 <DIR> d-------- c:\windows\system32\XPSViewer
2009-03-19 13:23 . 2009-03-19 13:23 <DIR> d-------- c:\program files\Reference Assemblies
2009-03-19 13:20 . 2009-03-19 13:22 <DIR> d-------- C:\c438cf011a6a475f7e0fb64c58
2009-03-19 13:20 . 2008-07-06 09:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-03-19 13:20 . 2008-07-06 09:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-19 13:20 . 2008-07-06 07:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-19 13:20 . 2008-07-06 09:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-03-19 13:20 . 2008-07-06 09:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-19 13:20 . 2008-07-06 09:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-03-19 13:20 . 2008-07-06 09:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-19 13:17 . 2009-03-19 13:36 <DIR> d-------- c:\windows\SxsCaPendDel
2009-03-19 11:49 . 2009-03-19 11:49 <DIR> d-------- c:\program files\ERUNT
2009-03-15 12:29 . 2006-10-03 01:58 <DIR> d--h----- c:\documents and settings\Administrator\Application Data\Gtek
2009-03-15 12:28 . 2009-03-21 20:50 <DIR> d-------- c:\documents and settings\Administrator
2009-03-14 01:44 . 2009-03-14 01:44 <DIR> d-------- c:\program files\CLUE Classic
2009-03-13 09:20 . 2009-03-13 09:20 <DIR> d-------- c:\program files\Common Files\Deterministic Networks
2009-03-13 09:20 . 2006-04-20 08:33 303,740 --a------ c:\windows\system32\drivers\CVPNDRVA.sys
2009-03-13 09:20 . 2006-04-20 08:34 197,680 --a------ c:\windows\system32\vpnapi.dll
2009-03-13 09:20 . 2005-05-17 04:51 5,315 --a------ c:\windows\system32\drivers\CVirtA.sys
2009-03-12 18:52 . 2009-03-12 18:52 <DIR> d-------- c:\windows\system32\scripting
2009-03-12 18:52 . 2009-03-12 18:52 <DIR> d-------- c:\windows\system32\en
2009-03-12 18:52 . 2009-03-12 18:52 <DIR> d-------- c:\windows\system32\bits
2009-03-12 18:52 . 2009-03-12 18:52 <DIR> d-------- c:\windows\l2schemas
2009-03-12 18:38 . 2009-03-12 18:54 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-12 18:20 . 2009-03-12 18:20 4,168 --a------ C:\INFCACHE.1
2009-03-12 18:20 . 2009-03-12 18:20 2,152 --a------ C:\autorun.PNF
2009-03-12 18:03 . 2009-03-12 18:03 <DIR> d-------- c:\windows\EHome
2009-03-12 02:45 . 2008-04-13 21:11 136,192 --------- c:\windows\system32\aaclient.dll
2009-03-12 02:45 . 2008-04-13 21:11 4,255 --------- c:\windows\system32\drivers\adv01nt5.dll
2009-03-12 02:45 . 2008-04-13 21:11 3,967 --------- c:\windows\system32\drivers\adv02nt5.dll
2009-03-12 02:45 . 2008-04-13 21:11 3,775 --------- c:\windows\system32\drivers\adv11nt5.dll
2009-03-12 02:45 . 2008-04-13 21:11 3,711 --------- c:\windows\system32\drivers\adv09nt5.dll
2009-03-12 02:45 . 2008-04-13 21:11 3,647 --------- c:\windows\system32\drivers\adv07nt5.dll
2009-03-12 02:45 . 2008-04-13 21:11 3,615 --------- c:\windows\system32\drivers\adv05nt5.dll
2009-03-12 02:45 . 2008-04-13 21:11 3,135 --------- c:\windows\system32\drivers\adv08nt5.dll
2009-03-12 02:43 . 2008-04-13 21:11 233,472 --------- c:\windows\system32\azroles.dll
2009-03-12 02:43 . 2008-04-13 15:51 101,120 --------- c:\windows\system32\drivers\bthpan.sys
2009-03-12 02:43 . 2008-04-13 15:46 37,888 --------- c:\windows\system32\drivers\bthmodem.sys
2009-03-12 02:43 . 2008-04-13 15:46 36,480 --------- c:\windows\system32\drivers\bthprint.sys
2009-03-12 02:43 . 2008-04-13 15:46 18,944 --------- c:\windows\system32\drivers\bthusb.sys
2009-03-12 02:43 . 2008-04-13 15:46 17,024 --------- c:\windows\system32\drivers\bthenum.sys
2009-03-12 02:43 . 2008-04-13 21:11 15,423 --------- c:\windows\system32\drivers\ch7xxnt5.dll
2009-03-12 02:43 . 2008-04-13 21:11 7,168 --------- c:\windows\system32\bitsprx4.dll
2009-03-12 02:42 . 2008-04-13 21:11 48,640 --------- c:\windows\system32\dhcpqec.dll
2009-03-12 02:42 . 2008-04-13 21:11 39,936 --------- c:\windows\system32\dimsroam.dll
2009-03-12 02:42 . 2008-04-13 21:11 19,456 --------- c:\windows\system32\dimsntfy.dll
2009-03-12 02:42 . 2008-04-13 21:11 12,800 --------- c:\windows\system32\credssp.dll
2009-03-12 02:40 . 2008-04-13 15:36 46,464 --------- c:\windows\system32\drivers\gagp30kx.sys
2009-03-12 02:40 . 2008-04-13 21:11 32,285 --------- c:\windows\system32\hsfcisp2.dll
2009-03-12 02:40 . 2008-04-13 15:46 25,600 --------- c:\windows\system32\drivers\hidbth.sys
2009-03-12 02:40 . 2008-04-13 21:12 20,992 --------- c:\windows\system32\faxpatch.exe
2009-03-12 02:40 . 2006-12-28 16:01 19,569 --a------ c:\windows\002769_.tmp
2009-03-12 02:40 . 2008-04-13 15:45 19,200 --------- c:\windows\system32\drivers\hidir.sys
2009-03-12 02:39 . 2008-04-13 21:11 61,440 --------- c:\windows\system32\kmsvc.dll
2009-03-12 02:39 . 2008-04-13 21:11 37,376 --------- c:\windows\system32\l2gpstore.dll
2009-03-12 02:39 . 2008-04-13 21:09 6,144 --------- c:\windows\system32\kbdpash.dll
2009-03-12 02:39 . 2008-04-13 21:09 6,144 --------- c:\windows\system32\kbdnepr.dll
2009-03-12 02:39 . 2008-04-13 21:09 6,144 --------- c:\windows\system32\kbdiultn.dll
2009-03-12 02:39 . 2008-04-13 21:09 6,144 --------- c:\windows\system32\kbdbhc.dll
2009-03-12 02:39 . 2007-09-17 05:48 1,261 --------- c:\windows\system32\pid.inf
2009-03-12 02:37 . 2008-04-13 21:11 397,312 --------- c:\windows\system32\mmcex.dll
2009-03-12 02:37 . 2008-04-13 21:11 184,320 --------- c:\windows\system32\microsoft.managementconsole.dll
2009-03-12 02:37 . 2008-04-13 21:11 106,496 --------- c:\windows\system32\mmcfxcommon.dll
2009-03-12 02:37 . 2008-04-13 21:12 33,792 --------- c:\windows\system32\mmcperf.exe
2009-03-12 02:35 . 2008-04-13 21:12 1,737,856 --------- c:\windows\system32\mtxparhd.dll
2009-03-12 02:35 . 2008-09-09 22:14 1,307,648 --a------ c:\windows\system32\msxml6.dll
2009-03-12 02:35 . 2008-09-09 22:14 1,307,648 --------- c:\windows\system32\dllcache\msxml6.dll
2009-03-12 02:35 . 2008-04-13 21:12 193,024 --------- c:\windows\system32\napmontr.dll
2009-03-12 02:35 . 2008-04-13 21:12 176,640 --------- c:\windows\system32\napstat.exe
2009-03-12 02:35 . 2008-04-13 21:12 155,136 --------- c:\windows\system32\mssha.dll
2009-03-12 02:35 . 2008-04-13 14:27 79,872 --------- c:\windows\system32\msxml6r.dll
2009-03-12 02:35 . 2008-04-13 14:27 79,872 --------- c:\windows\system32\dllcache\msxml6r.dll
2009-03-12 02:35 . 2008-04-13 15:14 76,800 --------- c:\windows\system32\msshavmsg.dll
2009-03-12 02:35 . 2008-04-13 21:12 30,208 --------- c:\windows\system32\napipsec.dll
2009-03-12 02:35 . 2008-04-13 15:43 12,672 --------- c:\windows\system32\drivers\mutohpen.sys
2009-03-12 02:34 . 2008-04-13 21:12 412,160 --------- c:\windows\system32\photometadatahandler.dll
2009-03-12 02:34 . 2008-04-13 21:12 397,056 --------- c:\windows\system32\s3gnb.dll
2009-03-12 02:34 . 2008-04-13 21:12 291,328 --------- c:\windows\system32\qagentrt.dll
2009-03-12 02:34 . 2008-04-13 21:12 290,304 --------- c:\windows\system32\rhttpaa.dll
2009-03-12 02:34 . 2008-04-13 21:12 150,528 --------- c:\windows\system32\qagent.dll
2009-03-12 02:34 . 2008-04-13 21:12 144,384 --------- c:\windows\system32\onex.dll
2009-03-12 02:34 . 2008-04-13 21:12 76,800 --------- c:\windows\system32\qutil.dll
2009-03-12 02:34 . 2008-04-13 21:12 62,464 --------- c:\windows\system32\qcliprov.dll
2009-03-12 02:34 . 2008-04-13 21:12 61,952 --------- c:\windows\system32\rasqec.dll
2009-03-12 02:34 . 2008-04-13 15:46 59,136 --------- c:\windows\system32\drivers\rfcomm.sys
2009-03-12 02:34 . 2008-04-13 15:56 30,592 --------- c:\windows\system32\drivers\rndismpx.sys
2009-03-12 02:32 . 2008-04-13 21:12 276,992 --------- c:\windows\system32\wmphoto.dll
2009-03-12 02:14 . 2004-08-03 22:41 129,535 --------- c:\windows\system32\drivers\slnt7554.sys
2009-03-12 02:14 . 2004-08-03 22:29 29,455 --------- c:\windows\system32\drivers\ati1xbxx.sys
2009-03-12 02:14 . 2004-08-03 22:29 26,367 --------- c:\windows\system32\drivers\ati1snxx.sys
2009-03-12 02:14 . 2004-08-03 22:29 14,336 --------- c:\windows\system32\drivers\atinpdxx.sys
2009-03-12 02:14 . 2004-08-03 22:29 13,824 --------- c:\windows\system32\drivers\atinttxx.sys
2009-03-12 02:14 . 2004-08-03 22:29 13,824 --------- c:\windows\system32\drivers\atinmdxx.sys
2009-03-12 02:14 . 2004-08-03 22:29 11,871 --------- c:\windows\system32\drivers\wadv09nt.sys
2009-03-11 23:55 . 2009-03-11 23:55 47 --a------ C:\xcclstecj.bat
2009-03-11 23:22 . 2009-03-11 23:22 <DIR> d-------- c:\documents and settings\Clawd\Application Data\Malwarebytes
2009-03-11 23:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-11 23:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-11 23:21 . 2009-03-19 11:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-11 23:21 . 2009-03-11 23:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-10 15:06 . 2009-03-10 15:06 <DIR> d-------- c:\windows\A7091E1D36A447F1A739173CC341414F.TMP
2009-03-09 11:59 . 2009-03-18 20:24 <DIR> d-------- c:\windows\system32\3361
2009-03-09 11:59 . 2009-03-09 11:59 <DIR> d-------- c:\windows\$ntunistalls
2009-03-09 11:51 . 2009-03-19 12:19 <DIR> d-------- c:\windows\system32\inf
2009-03-09 01:33 . 2009-03-09 01:33 <DIR> d-------- c:\windows\Nancy Drew Dossier Lights Camera Curses
2009-03-08 15:57 . 2009-03-08 15:57 <DIR> d-------- c:\documents and settings\Clawd\Application Data\GamesCafe
2009-03-08 15:57 . 2009-03-08 15:57 4,096 --a------ c:\windows\d3dx.dat
2009-03-08 15:56 . 2009-03-08 15:56 <DIR> d-------- c:\windows\CLUE Classic
2009-03-07 20:35 . 2009-03-07 20:35 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-07 13:17 . 2009-03-07 13:17 0 --a------ c:\windows\game.INI
2009-03-04 20:29 . 1996-10-15 19:01 298,496 --a------ c:\windows\uninst.exe
2009-02-26 17:45 . 2009-02-26 17:45 <DIR> d-------- c:\program files\DirectVobSub
2009-02-26 17:45 . 2009-02-26 17:45 403,335 --a------ c:\program files\vsfilter.2.39_nt.exe
2009-02-23 15:43 . 2009-02-23 15:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 18:11 --------- d-----w c:\program files\McAfee
2009-03-22 18:11 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-22 17:10 --------- d-----w c:\documents and settings\Clawd\Application Data\uTorrent
2009-03-19 16:24 --------- d-----w c:\program files\MSBuild
2009-03-16 01:29 --------- d-----w c:\documents and settings\Clawd\Application Data\Printer Info Cache
2009-03-16 01:29 --------- d-----w c:\documents and settings\Clawd\Application Data\Image Zone Express
2009-03-13 19:02 --------- d-----w c:\documents and settings\Clawd\Application Data\Skype
2009-03-13 12:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-12 22:14 96,384 ----a-w c:\windows\system32\drivers\sptd7533.sys
2009-03-11 09:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 04:08 --------- d-----w c:\program files\MessengerPlus! 3
2009-03-11 00:34 --------- d-----w c:\program files\iWin
2009-03-09 14:53 --------- d-----w c:\program files\Google
2009-03-05 23:17 --------- d-----w c:\documents and settings\Clawd\Application Data\U3
2009-03-04 10:33 --------- d-----w c:\program files\DivX
2009-02-19 02:56 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-15 02:59 270,128 ----a-w c:\program files\utorrent.exe
2008-09-22 13:33 134 ----a-w c:\documents and settings\Clawd\Application Data\wklnhst.dat
2008-03-06 03:49 32 ----a-r c:\documents and settings\All Users\hash.dat
2007-03-27 02:06 1 ----a-w c:\documents and settings\Clawd\scrcfg.dat
2008-09-08 22:12 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-08 29744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-10 136512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2009-03-13 1528880]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-03-21 65588]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashDisp.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashserv.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashSimpl.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avesvc.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdmcon.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdnagent.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdswitch.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DefWatch.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=c:\windows\pss\Clean Access Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
--------- 2006-11-17 06:42 53341 c:\program files\Creative\Shared Files\CTSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 11:57 133016 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-10-05 05:12 94208 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-09-08 19:12 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 21:52 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-12-13 04:41 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-12-13 04:45 118784 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-12-13 04:44 98304 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-03-14 20:05 257088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2006-09-18 14:46 8192 c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 22:15 290816 c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-03-17 23:24 184320 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 11:54 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2007-03-23 14:52 25268776 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-25 16:22 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 17:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0350Mon.exe]
--a------ 2007-08-23 02:03 28672 c:\windows\V0350Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tdctxte"=2 (0x2)
"sopidkc"=2 (0x2)
"mabidwe"=2 (0x2)
"afisicx"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe --> c:\windows\system32\mfevtps.exe [?]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896]
S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys --> c:\windows\system32\drivers\TmXPFlt.sys [?]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe --> c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [?]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe --> c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [?]
S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys --> c:\windows\system32\drivers\Tmpreflt.sys [?]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe --> c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [?]
S3 ap1394;ap1394;c:\windows\system32\ap1394.sys [2004-08-10 2304]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2006-11-16 29744]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-03-11 38496]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys --> c:\windows\system32\drivers\mferkdet.sys [?]
S3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [2008-01-19 7424]
S3 VF0350Vid;Live! Cam Video Chat (VF0350);c:\windows\system32\drivers\V0350Vid.sys [2008-01-19 170368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71cbf9fc-d57d-11dc-8655-0015c56ad77e}]
\Shell\AutoRun\command - H:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 19:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Connection Wizard,ShellNext = hxxp://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dream-chronicles/dreamweb.1.0.0.9.cab
DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} - hxxps://secure.gopetslive.com/dev/gopets.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Clawd\Application Data\Mozilla\Firefox\Profiles\mldm4ahj.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 15:14:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1970852384-3149772284-989407719-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\mfevtps.exe.266e.deletemeGEMENT.DLL
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Java\jre1.5.0_10\bin\jucheck.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-03-22 15:21:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-22 18:20:39

Pre-Run: 49,232,199,680 bytes free
Post-Run: 49,610,256,384 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=3 LastKnownGood=1 Sets=1,2,3,4
392
----

Thanks!

#4 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 22 March 2009 - 12:49 PM

hello

Please download OTMoveIt3 by OldTimer

Save it to your desktop.
Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Processes
explorer.exe

:Services
ap1394
:Reg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tdctxte"=-
"sopidkc"=-
"mabidwe"=-
"afisicx"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71cbf9fc-d57d-11dc-8655-0015c56ad77e}]

:Files
c:\windows\system32\ap1394.sys
C:\xcclstecj.bat
c:\windows\system32\3361
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

#5 Sublime07

Group: Member
Posts: 8
Joined: 21-March 09

Posted 22 March 2009 - 01:19 PM

Here we go:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver ap1394 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\tdctxte deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\sopidkc deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\mabidwe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\afisicx deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71cbf9fc-d57d-11dc-8655-0015c56ad77e}\\ deleted successfully.
========== FILES ==========
c:\windows\system32\ap1394.sys moved successfully.
C:\xcclstecj.bat moved successfully.
c:\windows\system32\3361 moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Clawd\LOCALS~1\Temp\McAfeeLogs\UpdaterUI_XXXXXXXX.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Clawd\LOCALS~1\Temp\McAfeeLogs\UpdaterUI_XXXXXXXX_error.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Clawd\LOCALS~1\Temp\etilqs_sJ6G8i3un3qYrPeZmWdI scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\WFVB3.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Clawd\Local Settings\Application Data\Mozilla\Firefox\Profiles\mldm4ahj.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Clawd\Local Settings\Application Data\Mozilla\Firefox\Profiles\mldm4ahj.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Clawd\Local Settings\Application Data\Mozilla\Firefox\Profiles\mldm4ahj.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Clawd\Local Settings\Application Data\Mozilla\Firefox\Profiles\mldm4ahj.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Clawd\Local Settings\Application Data\Mozilla\Firefox\Profiles\mldm4ahj.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Clawd\Local Settings\Application Data\Mozilla\Firefox\Profiles\mldm4ahj.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03222009_155929

Files moved on Reboot...
C:\DOCUME~1\Clawd\LOCALS~1\Temp\McAfeeLogs\UpdaterUI_XXXXXXXX.log moved successfully.
C:\DOCUME~1\Clawd\LOCALS~1\Temp\McAfeeLogs\UpdaterUI_XXXXXXXX_error.log moved successfully.
File C:\DOCUME~1\Clawd\LOCALS~1\Temp\etilqs_sJ6G8i3un3qYrPeZmWdI not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\WFVB3.tmp not found!
C:\Documents and Settings\Clawd\Local Settings\Application Data\Mozilla\Firefox\Profiles\mldm4ahj.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Clawd\Local Settings\Application Data\Mozilla\Firefox\Profiles\mldm4ahj.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Clawd\Local Settings\Application Data\Mozilla\Firefox\Profiles\mldm4ahj.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Clawd\Local Settings\Application Data\Mozilla\Firefox\Profiles\mldm4ahj.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Clawd\Local Settings\Application Data\Mozilla\Firefox\Profiles\mldm4ahj.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Clawd\Local Settings\Application Data\Mozilla\Firefox\Profiles\mldm4ahj.default\XUL.mfl moved successfully.

#6 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 23 March 2009 - 06:22 AM

hello

Please download ATF Cleaner by Atribune.

ATF-Cleaner.exe

Main

Select All

Empty Selected

If you use Firefox browser

Firefox

Select All

Empty Selected

NOTE:

If you use Opera browser

Opera

Select All

Empty Selected

NOTE:

Click Exit on the Main menu to close the program.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

#7 Sublime07

Group: Member
Posts: 8
Joined: 21-March 09

Posted 23 March 2009 - 08:25 PM

MBAM log:

Malwarebytes' Anti-Malware 1.34
Database version: 1888
Windows 5.1.2600 Service Pack 3

23/03/2009 12:08:56 PM
mbam-log-2009-03-23 (12-08-56).txt

Scan type: Quick Scan
Objects scanned: 76087
Time elapsed: 20 minute(s), 19 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
C:\WINDOWS\system32\afisicx.exe (Backdoor.Bot) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\txtfile\shell\open\command\ (Hijack.Notepad) -> Bad: ("C:\WINDOWS\system32\nctedit.exe" "%1") Good: (notepad.exe %1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mabidwe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpszxyd.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

Kaspersky scan report:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, March 23, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, March 23, 2009 14:12:14
Records in database: 1955255
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 117223
Threat name: 4
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 06:58:46

File name / Threat name / Threats count
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\tpszxyd.sys.vir Infected: Trojan.Win32.Agent2.ggf 1
C:\WINDOWS\system32\6to4v32.dll Infected: Trojan.Win32.Obfuscated.acrg 1
C:\WINDOWS\system32\mtrstart.exe Infected: Trojan.Win32.Agent2.fde 1
C:\WINDOWS\system32\nctedit.exe Infected: Trojan.Win32.Agent2.fde 1

The selected area was scanned.

#8 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 24 March 2009 - 06:22 AM

hello

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote

File::
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz
C:\WINDOWS\system32\6to4v32.dll
C:\WINDOWS\system32\mtrstart.exe
C:\WINDOWS\system32\nctedit.exe

Folder::

Registry::

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

#9 Sublime07

Group: Member
Posts: 8
Joined: 21-March 09

Posted 24 March 2009 - 10:17 AM

ComboFix 09-03-23.01 - Clawd 2009-03-24 12:37:18.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.626 [GMT -3:00]
Running from: c:\documents and settings\Clawd\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Clawd\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)

FILE ::
c:\program files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz
c:\program files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz
c:\windows\system32\6to4v32.dll
c:\windows\system32\mtrstart.exe
c:\windows\system32\nctedit.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz
c:\program files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz
c:\windows\Install.txt
c:\windows\system32\6to4v32.dll
c:\windows\system32\Install.txt
c:\windows\system32\mtrstart.exe
c:\windows\system32\nctedit.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFISICX
-------\Legacy_DEFAULTLIB
-------\Legacy_IAS
-------\Legacy_MABIDWE
-------\Legacy_SOFTYINFORWOW1
-------\Legacy_SOPIDKC

((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))
.

2009-03-22 15:59 . 2009-03-22 15:59 <DIR> d-------- C:\_OTMoveIt
2009-03-22 15:39 . 2008-09-29 08:07 340,592 --a------ c:\windows\system32\drivers\mfehidk.sys
2009-03-22 15:39 . 2008-09-29 08:07 90,360 --a------ c:\windows\system32\drivers\mfeavfk.sys
2009-03-22 15:39 . 2008-09-29 08:07 74,648 --a------ c:\windows\system32\drivers\mfeapfk.sys
2009-03-22 15:39 . 2008-09-29 08:07 67,904 --a------ c:\windows\system32\mfevtps.exe
2009-03-22 15:39 . 2008-09-29 08:07 64,432 --a------ c:\windows\system32\drivers\mferkdet.sys
2009-03-22 15:39 . 2008-09-29 08:07 62,704 --a------ c:\windows\system32\drivers\mfetdik.sys
2009-03-22 15:39 . 2008-09-29 08:07 42,424 --a------ c:\windows\system32\drivers\mfebopk.sys
2009-03-22 15:38 . 2009-03-22 15:38 <DIR> d-------- c:\program files\Common Files\McAfee
2009-03-22 11:37 . 2009-03-22 12:25 <DIR> d-------- C:\Rooter$
2009-03-21 20:19 . 2009-03-21 20:19 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-03-21 15:16 . 2009-03-21 15:16 <DIR> d-------- c:\program files\The Learning Company
2009-03-21 15:08 . 2009-03-21 15:08 <DIR> d-------- c:\documents and settings\Clawd\Application Data\The Learning Company
2009-03-21 12:13 . 2009-03-21 20:48 <DIR> d-------- c:\program files\Abe's Oddysee
2009-03-19 13:59 . 2009-01-09 16:19 1,089,593 --------- c:\windows\system32\dllcache\ntprint.cat
2009-03-19 13:24 . 2009-03-19 13:24 <DIR> d-------- c:\windows\system32\XPSViewer
2009-03-19 13:23 . 2009-03-19 13:23 <DIR> d-------- c:\program files\Reference Assemblies
2009-03-19 13:20 . 2009-03-19 13:22 <DIR> d-------- C:\c438cf011a6a475f7e0fb64c58
2009-03-19 13:20 . 2008-07-06 09:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-03-19 13:20 . 2008-07-06 09:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-19 13:20 . 2008-07-06 07:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-19 13:20 . 2008-07-06 09:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-03-19 13:20 . 2008-07-06 09:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-19 13:20 . 2008-07-06 09:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-03-19 13:20 . 2008-07-06 09:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-19 13:17 . 2009-03-19 13:36 <DIR> d-------- c:\windows\SxsCaPendDel
2009-03-19 11:49 . 2009-03-19 11:49 <DIR> d-------- c:\program files\ERUNT
2009-03-15 12:29 . 2006-10-03 01:58 <DIR> d--h----- c:\documents and settings\Administrator\Application Data\Gtek
2009-03-15 12:28 . 2009-03-21 20:50 <DIR> d-------- c:\documents and settings\Administrator
2009-03-14 01:44 . 2009-03-14 01:44 <DIR> d-------- c:\program files\CLUE Classic
2009-03-13 09:20 . 2009-03-13 09:20 <DIR> d-------- c:\program files\Common Files\Deterministic Networks
2009-03-13 09:20 . 2006-04-20 08:33 303,740 --a------ c:\windows\system32\drivers\CVPNDRVA.sys
2009-03-13 09:20 . 2006-04-20 08:34 197,680 --a------ c:\windows\system32\vpnapi.dll
2009-03-13 09:20 . 2005-05-17 04:51 5,315 --a------ c:\windows\system32\drivers\CVirtA.sys
2009-03-12 18:52 . 2009-03-12 18:52 <DIR> d-------- c:\windows\system32\scripting
2009-03-12 18:52 . 2009-03-12 18:52 <DIR> d-------- c:\windows\system32\en
2009-03-12 18:52 . 2009-03-12 18:52 <DIR> d-------- c:\windows\system32\bits
2009-03-12 18:52 . 2009-03-12 18:52 <DIR> d-------- c:\windows\l2schemas
2009-03-12 18:38 . 2009-03-12 18:54 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-12 18:20 . 2009-03-12 18:20 4,168 --a------ C:\INFCACHE.1
2009-03-12 18:20 . 2009-03-12 18:20 2,152 --a------ C:\autorun.PNF
2009-03-12 18:03 . 2009-03-12 18:03 <DIR> d-------- c:\windows\EHome
2009-03-12 02:45 . 2008-04-13 21:11 136,192 --------- c:\windows\system32\aaclient.dll
2009-03-12 02:45 . 2008-04-13 21:11 4,255 --------- c:\windows\system32\drivers\adv01nt5.dll
2009-03-12 02:45 . 2008-04-13 21:11 3,967 --------- c:\windows\system32\drivers\adv02nt5.dll
2009-03-12 02:45 . 2008-04-13 21:11 3,775 --------- c:\windows\system32\drivers\adv11nt5.dll
2009-03-12 02:45 . 2008-04-13 21:11 3,711 --------- c:\windows\system32\drivers\adv09nt5.dll
2009-03-12 02:45 . 2008-04-13 21:11 3,647 --------- c:\windows\system32\drivers\adv07nt5.dll
2009-03-12 02:45 . 2008-04-13 21:11 3,615 --------- c:\windows\system32\drivers\adv05nt5.dll
2009-03-12 02:45 . 2008-04-13 21:11 3,135 --------- c:\windows\system32\drivers\adv08nt5.dll
2009-03-12 02:43 . 2008-04-13 21:11 233,472 --------- c:\windows\system32\azroles.dll
2009-03-12 02:43 . 2008-04-13 15:51 101,120 --------- c:\windows\system32\drivers\bthpan.sys
2009-03-12 02:43 . 2008-04-13 15:46 37,888 --------- c:\windows\system32\drivers\bthmodem.sys
2009-03-12 02:43 . 2008-04-13 15:46 36,480 --------- c:\windows\system32\drivers\bthprint.sys
2009-03-12 02:43 . 2008-04-13 15:46 18,944 --------- c:\windows\system32\drivers\bthusb.sys
2009-03-12 02:43 . 2008-04-13 15:46 17,024 --------- c:\windows\system32\drivers\bthenum.sys
2009-03-12 02:43 . 2008-04-13 21:11 15,423 --------- c:\windows\system32\drivers\ch7xxnt5.dll
2009-03-12 02:43 . 2008-04-13 21:11 7,168 --------- c:\windows\system32\bitsprx4.dll
2009-03-12 02:42 . 2008-04-13 21:11 48,640 --------- c:\windows\system32\dhcpqec.dll
2009-03-12 02:42 . 2008-04-13 21:11 39,936 --------- c:\windows\system32\dimsroam.dll
2009-03-12 02:42 . 2008-04-13 21:11 19,456 --------- c:\windows\system32\dimsntfy.dll
2009-03-12 02:42 . 2008-04-13 21:11 12,800 --------- c:\windows\system32\credssp.dll
2009-03-12 02:40 . 2008-04-13 15:36 46,464 --------- c:\windows\system32\drivers\gagp30kx.sys
2009-03-12 02:40 . 2008-04-13 21:11 32,285 --------- c:\windows\system32\hsfcisp2.dll
2009-03-12 02:40 . 2008-04-13 15:46 25,600 --------- c:\windows\system32\drivers\hidbth.sys
2009-03-12 02:40 . 2008-04-13 21:12 20,992 --------- c:\windows\system32\faxpatch.exe
2009-03-12 02:40 . 2006-12-28 16:01 19,569 --a------ c:\windows\002769_.tmp
2009-03-12 02:40 . 2008-04-13 15:45 19,200 --------- c:\windows\system32\drivers\hidir.sys
2009-03-12 02:39 . 2008-04-13 21:11 61,440 --------- c:\windows\system32\kmsvc.dll
2009-03-12 02:39 . 2008-04-13 21:11 37,376 --------- c:\windows\system32\l2gpstore.dll
2009-03-12 02:39 . 2008-04-13 21:09 6,144 --------- c:\windows\system32\kbdpash.dll
2009-03-12 02:39 . 2008-04-13 21:09 6,144 --------- c:\windows\system32\kbdnepr.dll
2009-03-12 02:39 . 2008-04-13 21:09 6,144 --------- c:\windows\system32\kbdiultn.dll
2009-03-12 02:39 . 2008-04-13 21:09 6,144 --------- c:\windows\system32\kbdbhc.dll
2009-03-12 02:39 . 2007-09-17 05:48 1,261 --------- c:\windows\system32\pid.inf
2009-03-12 02:37 . 2008-04-13 21:11 397,312 --------- c:\windows\system32\mmcex.dll
2009-03-12 02:37 . 2008-04-13 21:11 184,320 --------- c:\windows\system32\microsoft.managementconsole.dll
2009-03-12 02:37 . 2008-04-13 21:11 106,496 --------- c:\windows\system32\mmcfxcommon.dll
2009-03-12 02:37 . 2008-04-13 21:12 33,792 --------- c:\windows\system32\mmcperf.exe
2009-03-12 02:35 . 2008-04-13 21:12 1,737,856 --------- c:\windows\system32\mtxparhd.dll
2009-03-12 02:35 . 2008-09-09 22:14 1,307,648 --a------ c:\windows\system32\msxml6.dll
2009-03-12 02:35 . 2008-09-09 22:14 1,307,648 --------- c:\windows\system32\dllcache\msxml6.dll
2009-03-12 02:35 . 2008-04-13 21:12 193,024 --------- c:\windows\system32\napmontr.dll
2009-03-12 02:35 . 2008-04-13 21:12 176,640 --------- c:\windows\system32\napstat.exe
2009-03-12 02:35 . 2008-04-13 21:12 155,136 --------- c:\windows\system32\mssha.dll
2009-03-12 02:35 . 2008-04-13 14:27 79,872 --------- c:\windows\system32\msxml6r.dll
2009-03-12 02:35 . 2008-04-13 14:27 79,872 --------- c:\windows\system32\dllcache\msxml6r.dll
2009-03-12 02:35 . 2008-04-13 15:14 76,800 --------- c:\windows\system32\msshavmsg.dll
2009-03-12 02:35 . 2008-04-13 21:12 30,208 --------- c:\windows\system32\napipsec.dll
2009-03-12 02:35 . 2008-04-13 15:43 12,672 --------- c:\windows\system32\drivers\mutohpen.sys
2009-03-12 02:34 . 2008-04-13 21:12 412,160 --------- c:\windows\system32\photometadatahandler.dll
2009-03-12 02:34 . 2008-04-13 21:12 397,056 --------- c:\windows\system32\s3gnb.dll
2009-03-12 02:34 . 2008-04-13 21:12 291,328 --------- c:\windows\system32\qagentrt.dll
2009-03-12 02:34 . 2008-04-13 21:12 290,304 --------- c:\windows\system32\rhttpaa.dll
2009-03-12 02:34 . 2008-04-13 21:12 150,528 --------- c:\windows\system32\qagent.dll
2009-03-12 02:34 . 2008-04-13 21:12 144,384 --------- c:\windows\system32\onex.dll
2009-03-12 02:34 . 2008-04-13 21:12 76,800 --------- c:\windows\system32\qutil.dll
2009-03-12 02:34 . 2008-04-13 21:12 62,464 --------- c:\windows\system32\qcliprov.dll
2009-03-12 02:34 . 2008-04-13 21:12 61,952 --------- c:\windows\system32\rasqec.dll
2009-03-12 02:34 . 2008-04-13 15:46 59,136 --------- c:\windows\system32\drivers\rfcomm.sys
2009-03-12 02:34 . 2008-04-13 15:56 30,592 --------- c:\windows\system32\drivers\rndismpx.sys
2009-03-12 02:32 . 2008-04-13 21:12 276,992 --------- c:\windows\system32\wmphoto.dll
2009-03-12 02:14 . 2004-08-03 22:41 129,535 --------- c:\windows\system32\drivers\slnt7554.sys
2009-03-12 02:14 . 2004-08-03 22:29 29,455 --------- c:\windows\system32\drivers\ati1xbxx.sys
2009-03-12 02:14 . 2004-08-03 22:29 26,367 --------- c:\windows\system32\drivers\ati1snxx.sys
2009-03-12 02:14 . 2004-08-03 22:29 14,336 --------- c:\windows\system32\drivers\atinpdxx.sys
2009-03-12 02:14 . 2004-08-03 22:29 13,824 --------- c:\windows\system32\drivers\atinttxx.sys
2009-03-12 02:14 . 2004-08-03 22:29 13,824 --------- c:\windows\system32\drivers\atinmdxx.sys
2009-03-12 02:14 . 2004-08-03 22:29 11,871 --------- c:\windows\system32\drivers\wadv09nt.sys
2009-03-11 23:22 . 2009-03-11 23:22 <DIR> d-------- c:\documents and settings\Clawd\Application Data\Malwarebytes
2009-03-11 23:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-11 23:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-11 23:21 . 2009-03-19 11:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-11 23:21 . 2009-03-11 23:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-10 15:06 . 2009-03-10 15:06 <DIR> d-------- c:\windows\A7091E1D36A447F1A739173CC341414F.TMP
2009-03-09 11:59 . 2009-03-09 11:59 <DIR> d-------- c:\windows\$ntunistalls
2009-03-09 11:51 . 2009-03-19 12:19 <DIR> d-------- c:\windows\system32\inf
2009-03-09 01:33 . 2009-03-09 01:33 <DIR> d-------- c:\windows\Nancy Drew Dossier Lights Camera Curses
2009-03-08 15:57 . 2009-03-08 15:57 <DIR> d-------- c:\documents and settings\Clawd\Application Data\GamesCafe
2009-03-08 15:57 . 2009-03-08 15:57 4,096 --a------ c:\windows\d3dx.dat
2009-03-08 15:56 . 2009-03-08 15:56 <DIR> d-------- c:\windows\CLUE Classic
2009-03-07 20:35 . 2009-03-07 20:35 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-07 13:17 . 2009-03-07 13:17 0 --a------ c:\windows\game.INI
2009-03-04 20:29 . 1996-10-15 19:01 298,496 --a------ c:\windows\uninst.exe
2009-02-26 17:45 . 2009-02-26 17:45 <DIR> d-------- c:\program files\DirectVobSub

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 23:27 --------- d-----w c:\documents and settings\Clawd\Application Data\uTorrent
2009-03-22 18:38 --------- d-----w c:\program files\McAfee
2009-03-22 18:38 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-19 16:24 --------- d-----w c:\program files\MSBuild
2009-03-16 01:29 --------- d-----w c:\documents and settings\Clawd\Application Data\Printer Info Cache
2009-03-16 01:29 --------- d-----w c:\documents and settings\Clawd\Application Data\Image Zone Express
2009-03-13 19:02 --------- d-----w c:\documents and settings\Clawd\Application Data\Skype
2009-03-13 12:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-12 22:14 96,384 ----a-w c:\windows\system32\drivers\sptd7533.sys
2009-03-11 09:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 04:08 --------- d-----w c:\program files\MessengerPlus! 3
2009-03-11 00:34 --------- d-----w c:\program files\iWin
2009-03-09 14:53 --------- d-----w c:\program files\Google
2009-03-05 23:17 --------- d-----w c:\documents and settings\Clawd\Application Data\U3
2009-03-04 10:33 --------- d-----w c:\program files\DivX
2009-02-23 18:43 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-02-19 02:56 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-15 02:59 270,128 ----a-w c:\program files\utorrent.exe
2008-09-22 13:33 134 ----a-w c:\documents and settings\Clawd\Application Data\wklnhst.dat
2008-03-06 03:49 32 ----a-r c:\documents and settings\All Users\hash.dat
2007-03-27 02:06 1 ----a-w c:\documents and settings\Clawd\scrcfg.dat
2008-09-08 22:12 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-09-29 11:07 22,576 ----a-w c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-03-22_15.18.14.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-19 17:43:15 293,272 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-23 12:53:17 293,272 ----a-w c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-08 29744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-10 136512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2009-03-13 1528880]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-03-21 65588]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashDisp.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashserv.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashSimpl.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avesvc.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdmcon.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdnagent.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdswitch.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DefWatch.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=c:\windows\pss\Clean Access Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
--------- 2006-11-17 06:42 53341 c:\program files\Creative\Shared Files\CTSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 11:57 133016 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-10-05 05:12 94208 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-09-08 19:12 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 21:52 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-12-13 04:41 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-12-13 04:45 118784 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-12-13 04:44 98304 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-03-14 20:05 257088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2006-09-18 14:46 8192 c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 22:15 290816 c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-03-17 23:24 184320 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 11:54 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2007-03-23 14:52 25268776 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-25 16:22 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 17:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0350Mon.exe]
--a------ 2007-08-23 02:03 28672 c:\windows\V0350Mon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-03-22 67904]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896]
S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys --> c:\windows\system32\drivers\TmXPFlt.sys [?]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe --> c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [?]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe --> c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [?]
S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys --> c:\windows\system32\drivers\Tmpreflt.sys [?]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe --> c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2006-11-16 29744]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-03-22 64432]
S3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [2008-01-19 7424]
S3 VF0350Vid;Live! Cam Video Chat (VF0350);c:\windows\system32\drivers\V0350Vid.sys [2008-01-19 170368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 19:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Connection Wizard,ShellNext = hxxp://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dream-chronicles/dreamweb.1.0.0.9.cab
DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} - hxxps://secure.gopetslive.com/dev/gopets.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Clawd\Application Data\Mozilla\Firefox\Profiles\mldm4ahj.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 13:03:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1970852384-3149772284-989407719-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\wscntfy.exe
c:\program files\Java\jre1.5.0_10\bin\jucheck.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
.
**************************************************************************
.
Completion time: 2009-03-24 13:13:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-24 16:12:16
ComboFix2.txt 2009-03-22 18:21:59

Pre-Run: 49,805,447,168 bytes free
Post-Run: 49,788,489,728 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=1 Sets=1,2,3,4
392
-------

Side note: McAfee seems impossible to shut down entirely. Anti-Virus Enterprise is also in the habit of re-enabling itself.

#10 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 24 March 2009 - 10:20 AM

hello

Make sure to use Internet Explorer for this
Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
- C:\WINDOWS\System32\svchost.exe
Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

Repeat it for these files

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\csrss.exe

#11 Sublime07

Group: Member
Posts: 8
Joined: 21-March 09

Posted 24 March 2009 - 11:18 AM

VirSCAN.org Scanned Report :
Scanned time : 2009/03/24 13:35:43 (ADT)
Scanner results: All Scanners reported not find malware!
File Name : svchost.exe
File Size : 14336 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 27c6d03bcdb8cfeb96b716f3d8be3e18
SHA1 : 49083ae3725a0488e0a8fbbe1335c745f70c4667
Online report : http://virscan.org/report/414f0937af722b5d...0267c88c60.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090324160349 2009-03-24 40.13 -
AhnLab V3 2009.03.24.02 2009.03.24 2009-03-24 40.13 -
AntiVir 7.9.0.120 7.1.2.209 2009-03-24 1.93 -
Antiy 2.0.18 20090324.2226308 2009-03-24 0.12 -
Authentium 5.1.1 200903232136 2009-03-23 1.11 -
AVAST! 3.0.1 090323-0 2009-03-23 0.00 -
AVG 7.5.52.442 270.11.25/2019 2009-03-23 2.02 -
BitDefender 7.81008.2815394 7.24390 2009-03-24 2.61 -
CA (VET) 9.0.0.143 31.6.6414 2009-03-24 40.13 -
ClamAV 0.94.2 9158 2009-03-24 0.01 -
Comodo 3.8 1082 2009-03-23 40.13 -
CP Secure 1.1.0.715 2009.03.24 2009-03-24 7.62 -
Dr.Web 4.44.0.9170 2009.03.24 2009-03-24 4.29 -
F-Prot 4.4.4.56 20090323 2009-03-23 1.10 -
F-Secure 5.51.6100 2009.03.24.05 2009-03-24 0.05 -
Fortinet 2.81-3.117 10.197 2009-03-24 43.13 -
GData 19.4194/19.273 20090324 2009-03-24 43.13 -
ViRobot 20090324 2009.03.24 2009-03-24 40.13 -
Ikarus T3.1.01.48 2009.03.24.72470 2009-03-24 2.88 -
JiangMin 11.0.706 2009.03.24 2009-03-24 40.13 -
Kaspersky 5.5.10 2009.03.24 2009-03-24 0.04 -
KingSoft 2009.2.5.15 2009.3.24.18 2009-03-24 40.13 -
McAfee 5.3.00 5562 2009-03-23 2.69 -
Microsoft 1.4502 2009.03.24 2009-03-24 40.13 -
mks_vir 2.01 2009.03.23 2009-03-23 2.76 -
Norman 6.00.06 6.00.00 2009-03-24 8.01 -
Panda 9.05.01 2009.03.23 2009-03-23 40.13 -
Trend Micro 8.700-1004 5.916.01 2009-03-24 0.03 -
Quick Heal 10.00 2009.03.24 2009-03-24 40.13 -
Rising 20.0 21.22.12.00 2009-03-24 40.13 -
Sophos 2.84.1 4.39 2009-03-24 2.18 -
Sunbelt 5055 5055 2009-03-23 43.13 -
Symantec 1.3.0.24 20090323.003 2009-03-23 7.41 -
nProtect 20090324.01 3378534 2009-03-24 40.13 -
The Hacker 6.3.3.4 v00288 2009-03-24 40.13 -
VBA32 3.12.10.1 20090323.1519 2009-03-23 1.76 -
VirusBuster 4.5.11.10 10.102.19/989383 2009-03-23 1.22 -

-----------------------------------------------------------------------------------

VirSCAN.org Scanned Report :
Scanned time : 2009/03/24 13:50:53 (ADT)
Scanner results: All Scanners reported not find malware!
File Name : lsass.exe
File Size : 13312 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : bf2466b3e18e970d8a976fb95fc1ca85
SHA1 : de5a73cbb5f51f64c53fb4277ef2c23e70db123f
Online report : http://virscan.org/report/c517512546297bbc...e0dff031ee.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090324160349 2009-03-24 40.13 -
AhnLab V3 2009.03.24.02 2009.03.24 2009-03-24 40.13 -
AntiVir 7.9.0.120 7.1.2.209 2009-03-24 1.98 -
Antiy 2.0.18 20090324.2226308 2009-03-24 0.12 -
Authentium 5.1.1 200903232136 2009-03-23 1.10 -
AVAST! 3.0.1 090323-0 2009-03-23 0.00 -
AVG 7.5.52.442 270.11.25/2019 2009-03-23 1.98 -
BitDefender 7.81008.2815394 7.24390 2009-03-24 2.62 -
CA (VET) 9.0.0.143 31.6.6414 2009-03-24 40.13 -
ClamAV 0.94.2 9158 2009-03-24 0.01 -
Comodo 3.8 1082 2009-03-23 40.13 -
CP Secure 1.1.0.715 2009.03.24 2009-03-24 7.68 -
Dr.Web 4.44.0.9170 2009.03.24 2009-03-24 4.27 -
F-Prot 4.4.4.56 20090323 2009-03-23 1.14 -
F-Secure 5.51.6100 2009.03.24.05 2009-03-24 0.06 -
Fortinet 2.81-3.117 10.197 2009-03-24 40.13 -
GData 19.4194/19.273 20090324 2009-03-24 40.13 -
ViRobot 20090324 2009.03.24 2009-03-24 40.13 -
Ikarus T3.1.01.48 2009.03.24.72470 2009-03-24 2.88 -
JiangMin 11.0.706 2009.03.24 2009-03-24 40.13 -
Kaspersky 5.5.10 2009.03.24 2009-03-24 0.05 -
KingSoft 2009.2.5.15 2009.3.24.18 2009-03-24 40.12 -
McAfee 5.3.00 5562 2009-03-23 2.71 -
Microsoft 1.4502 2009.03.24 2009-03-24 40.13 -
mks_vir 2.01 2009.03.23 2009-03-23 2.69 -
Norman 6.00.06 6.00.00 2009-03-24 8.01 -
Panda 9.05.01 2009.03.23 2009-03-23 40.13 -
Trend Micro 8.700-1004 5.916.01 2009-03-24 0.03 -
Quick Heal 10.00 2009.03.24 2009-03-24 40.13 -
Rising 20.0 21.22.12.00 2009-03-24 40.13 -
Sophos 2.84.1 4.39 2009-03-24 2.15 -
Sunbelt 5055 5055 2009-03-23 40.13 -
Symantec 1.3.0.24 20090323.003 2009-03-23 0.16 -
nProtect 20090324.01 3378534 2009-03-24 40.13 -
The Hacker 6.3.3.4 v00288 2009-03-24 43.12 -
VBA32 3.12.10.1 20090323.1519 2009-03-23 1.75 -
VirusBuster 4.5.11.10 10.102.19/989383 2009-03-23 1.22 -

--------------------------------------------------------------------------------------

VirSCAN.org Scanned Report :
Scanned time : 2009/03/24 14:04:38 (ADT)
Scanner results: All Scanners reported not find malware!
File Name : csrss.exe
File Size : 6144 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : 44f275c64738ea2056e3d9580c23b60f
SHA1 : 9b81fe32842db93292a59a87e73ca113701f7e3b
Online report : http://virscan.org/report/3e2e7c1e49e3f309...c32412fac6.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090324160349 2009-03-24 40.13 -
AhnLab V3 2009.03.24.02 2009.03.24 2009-03-24 40.13 -
AntiVir 7.9.0.120 7.1.2.209 2009-03-24 1.96 -
Antiy 2.0.18 20090324.2226308 2009-03-24 0.12 -
Authentium 5.1.1 200903232136 2009-03-23 1.09 -
AVAST! 3.0.1 090323-0 2009-03-23 0.00 -
AVG 7.5.52.442 270.11.25/2019 2009-03-23 1.96 -
BitDefender 7.81008.2815394 7.24390 2009-03-24 2.61 -
CA (VET) 9.0.0.143 31.6.6414 2009-03-24 40.13 -
ClamAV 0.94.2 9158 2009-03-24 0.01 -
Comodo 3.8 1082 2009-03-23 40.13 -
CP Secure 1.1.0.715 2009.03.24 2009-03-24 7.64 -
Dr.Web 4.44.0.9170 2009.03.24 2009-03-24 4.26 -
F-Prot 4.4.4.56 20090323 2009-03-23 1.09 -
F-Secure 5.51.6100 2009.03.24.05 2009-03-24 4.96 -
Fortinet 2.81-3.117 10.197 2009-03-24 40.13 -
GData 19.4194/19.273 20090324 2009-03-24 40.13 -
ViRobot 20090324 2009.03.24 2009-03-24 40.13 -
Ikarus T3.1.01.48 2009.03.24.72470 2009-03-24 2.85 -
JiangMin 11.0.706 2009.03.24 2009-03-24 40.13 -
Kaspersky 5.5.10 2009.03.24 2009-03-24 0.04 -
KingSoft 2009.2.5.15 2009.3.24.20 2009-03-24 40.13 -
McAfee 5.3.00 5562 2009-03-23 2.69 -
Microsoft 1.4502 2009.03.24 2009-03-24 43.13 -
mks_vir 2.01 2009.03.23 2009-03-23 2.81 -
Norman 6.00.06 6.00.00 2009-03-24 8.01 -
Panda 9.05.01 2009.03.23 2009-03-23 40.13 -
Trend Micro 8.700-1004 5.916.02 2009-03-24 0.02 -
Quick Heal 10.00 2009.03.24 2009-03-24 40.13 -
Rising 20.0 21.22.12.00 2009-03-24 40.13 -
Sophos 2.84.1 4.39 2009-03-24 2.19 -
Sunbelt 5055 5055 2009-03-23 40.13 -
Symantec 1.3.0.24 20090323.003 2009-03-23 0.08 -
nProtect 20090324.01 3378534 2009-03-24 40.13 -
The Hacker 6.3.3.4 v00288 2009-03-24 40.13 -
VBA32 3.12.10.1 20090323.1519 2009-03-23 1.77 -
VirusBuster 4.5.11.10 10.102.19/989383 2009-03-23 1.23 -

#12 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 24 March 2009 - 03:31 PM

post a new HJT Log

#13 Sublime07

Group: Member
Posts: 8
Joined: 21-March 09

Posted 24 March 2009 - 04:30 PM

OTListIt logfile created on: 24/03/2009 6:49:13 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.7.0 Folder = C:\Documents and Settings\Clawd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1014.37 Mb Total Physical Memory | 198.09 Mb Available Physical Memory | 19.53% Memory free
2.38 Gb Paging File | 1.81 Gb Available in Paging File | 76.14% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.73 Gb Total Space | 46.29 Gb Free Space | 43.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XXXXXXXX
Current User Name: Clawd
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Clawd\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CVPND [Auto | Running]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-061008-081103 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (McAfeeEngineService [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SRV - (McAfeeFramework [Unknown | Running]) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (mfevtp [Unknown | Running]) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PcCtlCom [Auto | Stopped]) -- File not found
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (SimpTcp [Auto | Running]) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (Tmntsrv [Auto | Stopped]) -- File not found
SRV - (TmPfw [Auto | Stopped]) -- File not found
SRV - (tmproxy [Auto | Stopped]) -- File not found
SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (CVirtA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CVPNDRVA [Auto | Running]) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (dfmirage [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dfmirage.sys (DemoForge, LLC)
DRV - (DgiVecp [Auto | Stopped]) -- C:\WINDOWS\System32\Drivers\DgiVecp.sys (DeviceGuys, Inc.)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (dtscsi [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\dtscsi.sys ()
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hamachi [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mfeapfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [Boot | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdet [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik [System | Running]) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (rimmptsk [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (Tmfilter [Auto | Stopped]) -- C:\WINDOWS\TMFilter.log ()
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (VF0350Vfx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\V0350VFx.sys (EyePower Games Pte. Ltd.)
DRV - (VF0350Vid [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\V0350Vid.sys (Creative Technology Ltd.)
DRV - (vsdatant [On_Demand | Stopped]) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CC21C2AA-76D7-4545-A27A-01BF5F7EAC4B}:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/19 13:30:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/22 15:39:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/06 21:04:04 | 00,000,000 | ---D | M]

[2008/09/07 17:59:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Clawd\Application Data\mozilla\Extensions
[2008/09/07 17:59:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Clawd\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/04/20 23:42:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Clawd\Application Data\mozilla\Firefox\Profiles\mldm4ahj.default\extensions
[2009/03/23 13:01:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/06 21:04:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/09 00:26:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CC21C2AA-76D7-4545-A27A-01BF5F7EAC4B}
[2009/03/06 21:03:08 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/06 21:03:08 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/29 08:07:00 | 00,022,576 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2009/03/06 21:03:42 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/06 21:03:42 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/06 21:03:42 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/06 21:03:42 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/06 21:03:42 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/08 19:12:33 | 00,000,686 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.png
[2008/09/08 19:12:33 | 00,000,531 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.src
[2009/03/06 21:03:42 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/06 21:03:43 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (StagingUI Object)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} http://zone.msn.com/bingame/choc/default/C...eb.1.0.0.15.cab (CPlayFirstChocolatieControl Object)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} http://musicmix.mess.../Medialogic.CAB (CMediaMix Object)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab (ijjiPlugin2 Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1161174594421 (MUWebControl Class)
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} http://aolsvc.aol.com/onlinegames/free-tri...web.1.0.0.9.cab (CPlayFirstdreamControl Object)
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/...no.cab55579.cab (ZPA_DMNO Object)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/...O1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/...of.cab55579.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://www.arcadetown.com/dinerdashfloonth...tg.1.0.0.33.cab (CPlayFirstddfotgControl Object)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zon...ot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} http://zone.msn.com/...undLauncher.cab (AstoundLauncher Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/Facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/...inematycoon.cab (TikGames Online Control)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} https://secure.gopet.../dev/gopets.cab (GoPets Control)
O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} http://zone.msn.com/bingame/wedd/default/W...sh.1.0.0.50.cab (CPlayFirstWeddingDasControl Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15033/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab (Solitaire Showdown Class)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopet...v/GoPetsWeb.cab (GoPetsWeb Control)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - C:\autorun.PNF () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[9 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/03/22 15:59:29 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/03/22 15:56:54 | 00,389,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Clawd\Desktop\OTMoveIt3.exe
[2009/03/22 15:39:37 | 00,340,592 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2009/03/22 15:39:37 | 00,090,360 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/03/22 15:39:37 | 00,074,648 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2009/03/22 15:39:37 | 00,067,904 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2009/03/22 15:39:37 | 00,064,432 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2009/03/22 15:39:37 | 00,062,704 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys
[2009/03/22 15:39:37 | 00,042,424 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/03/22 15:38:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/03/22 15:22:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/03/22 14:32:35 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/03/22 14:32:30 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/03/22 14:32:10 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/03/22 14:26:30 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/03/22 14:26:30 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/03/22 14:26:30 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/03/22 14:26:29 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/03/22 14:26:29 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/03/22 14:26:29 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/03/22 14:26:29 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/03/22 14:26:29 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/03/22 14:26:29 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/03/22 14:26:13 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/22 14:08:28 | 02,934,667 | R--- | C] () -- C:\Documents and Settings\Clawd\Desktop\ComboFix.exe
[2009/03/22 11:57:34 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Clawd\Desktop\OTListIt2.exe
[2009/03/22 11:37:31 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/22 11:37:12 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Clawd\Desktop\Rooter.exe
[2009/03/22 11:10:47 | 10,637,14816 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/21 15:16:20 | 00,000,000 | ---D | C] -- C:\Program Files\The Learning Company
[2009/03/21 15:08:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Clawd\Application Data\The Learning Company
[2009/03/21 12:13:50 | 00,000,000 | ---D | C] -- C:\Program Files\Abe's Oddysee
[2009/03/20 16:13:05 | 00,012,624 | ---- | C] () -- C:\Documents and Settings\Clawd\Desktop\Clue.xlsx
[2009/03/20 14:51:34 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\Clawd\Desktop\MencherScholarship.doc
[2009/03/20 12:59:39 | 00,039,424 | ---- | C] () -- C:\Documents and Settings\Clawd\Desktop\ASHA submission.doc
[2009/03/19 13:59:22 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/03/19 13:24:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/03/19 13:23:34 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/03/19 13:20:30 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/03/19 13:20:30 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/03/19 13:20:29 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/03/19 13:20:28 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/03/19 13:20:28 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/03/19 13:20:26 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/03/19 13:20:26 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/03/19 13:20:21 | 00,000,000 | ---D | C] -- C:\c438cf011a6a475f7e0fb64c58
[2009/03/19 13:17:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/03/19 11:50:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/19 11:49:30 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/14 01:44:34 | 00,000,000 | ---D | C] -- C:\Program Files\CLUE Classic
[2009/03/13 09:21:00 | 00,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
[2009/03/13 09:20:58 | 00,280,344 | ---- | C] (Zone Labs LLC) -- C:\WINDOWS\System32\vsdatant.sys
[2009/03/13 09:20:58 | 00,124,688 | ---- | C] (Zone Labs LLC) -- C:\WINDOWS\System32\vsinit.dll
[2009/03/13 09:20:58 | 00,075,536 | ---- | C] (Zone Labs LLC) -- C:\WINDOWS\System32\vsdata.dll
[2009/03/13 09:20:44 | 00,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009/03/13 09:20:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2009/03/12 19:18:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/03/12 18:52:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/03/12 18:52:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/03/12 18:52:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/03/12 18:52:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/03/12 18:38:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/03/12 18:20:05 | 00,004,168 | ---- | C] () -- C:\INFCACHE.1
[2009/03/12 18:20:04 | 00,002,152 | ---- | C] () -- C:\autorun.PNF
[2009/03/12 18:05:09 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/03/12 18:03:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2009/03/12 02:45:53 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2009/03/12 02:43:56 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2009/03/12 02:43:51 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/03/12 02:43:47 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2009/03/12 02:43:47 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2009/03/12 02:43:46 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys
[2009/03/12 02:43:45 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2009/03/12 02:43:43 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2009/03/12 02:42:41 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2009/03/12 02:42:08 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2009/03/12 02:42:00 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2009/03/12 02:42:00 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2009/03/12 02:41:41 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2009/03/12 02:41:41 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009/03/12 02:41:40 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2009/03/12 02:41:40 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2009/03/12 02:41:40 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009/03/12 02:41:39 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2009/03/12 02:41:38 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2009/03/12 02:41:08 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2009/03/12 02:41:08 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009/03/12 02:41:07 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009/03/12 02:41:07 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2009/03/12 02:41:06 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2009/03/12 02:41:06 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2009/03/12 02:41:06 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009/03/12 02:41:05 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2009/03/12 02:40:51 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2009/03/12 02:40:16 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2009/03/12 02:40:05 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2009/03/12 02:40:04 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2009/03/12 02:39:47 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2009/03/12 02:39:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2009/03/12 02:39:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2009/03/12 02:39:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2009/03/12 02:39:11 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2009/03/12 02:39:06 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2009/03/12 02:39:03 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2009/03/12 02:37:04 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009/03/12 02:37:03 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2009/03/12 02:37:03 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2009/03/12 02:37:01 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/03/12 02:35:27 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2009/03/12 02:35:26 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2009/03/12 02:35:09 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2009/03/12 02:35:09 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/03/12 02:35:09 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2009/03/12 02:35:09 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/03/12 02:35:07 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2009/03/12 02:35:07 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/03/12 02:35:07 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2009/03/12 02:35:07 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2009/03/12 02:34:33 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009/03/12 02:34:27 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2009/03/12 02:34:22 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2009/03/12 02:34:22 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2009/03/12 02:34:22 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2009/03/12 02:34:18 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009/03/12 02:34:17 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009/03/12 02:34:13 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2009/03/12 02:34:13 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2009/03/12 02:34:13 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2009/03/12 02:33:57 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/03/12 02:33:55 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2009/03/12 02:33:51 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2009/03/12 02:33:47 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2009/03/12 02:33:44 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2009/03/12 02:33:29 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2009/03/12 02:33:29 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2009/03/12 02:33:25 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2009/03/12 02:33:23 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2009/03/12 02:33:22 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2009/03/12 02:33:16 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2009/03/12 02:33:05 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2009/03/12 02:33:04 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2009/03/12 02:33:02 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2009/03/12 02:32:56 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2009/03/12 02:15:40 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/03/12 02:15:34 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/03/12 02:15:21 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/03/11 23:22:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Clawd\Application Data\Malwarebytes
[2009/03/11 23:22:08 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/11 23:22:03 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/11 23:21:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/11 23:21:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/11 19:09:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009/03/10 15:06:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\A7091E1D36A447F1A739173CC341414F.TMP
[2009/03/09 11:59:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\$ntunistalls
[2009/03/09 11:51:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inf
[2009/03/09 01:33:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\Nancy Drew Dossier Lights Camera Curses
[2009/03/08 15:57:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Clawd\Application Data\GamesCafe
[2009/03/08 15:57:29 | 00,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/03/08 15:56:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\CLUE Classic
[2009/03/07 20:35:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/03/07 13:17:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\game.INI
[2009/03/06 04:02:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/03/04 20:29:46 | 00,298,496 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2009/02/26 17:45:45 | 00,000,000 | ---D | C] -- C:\Program Files\DirectVobSub
[2009/02/26 17:45:27 | 00,403,335 | ---- | C] () -- C:\Program Files\vsfilter.2.39_nt.exe
[2009/02/23 15:43:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant

========== Files - Modified Within 30 Days ==========

[9 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/03/24 17:33:04 | 00,000,568 | ---- | M] () -- C:\Documents and Settings\Clawd\My Documents\My Sharing Folders.lnk
[2009/03/24 13:04:02 | 00,000,309 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/24 12:59:13 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/24 12:58:57 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/24 12:55:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/24 12:54:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/24 12:54:53 | 10,637,14816 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/24 12:33:19 | 02,934,667 | R--- | M] () -- C:\Documents and Settings\Clawd\Desktop\ComboFix.exe
[2009/03/23 09:53:17 | 00,293,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/22 16:12:08 | 00,077,872 | ---- | M] () -- C:\Documents and Settings\Clawd\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/22 15:56:55 | 00,389,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Clawd\Desktop\OTMoveIt3.exe
[2009/03/22 14:32:35 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/03/22 11:57:44 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Clawd\Desktop\OTListIt2.exe
[2009/03/22 11:37:17 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Clawd\Desktop\Rooter.exe
[2009/03/21 21:16:30 | 00,152,576 | ---- | M] () -- C:\Documents and Settings\Clawd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/21 18:32:42 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/21 17:36:26 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Clawd\Local Settings\Application Data\IconCache.db
[2009/03/20 16:37:18 | 00,012,624 | ---- | M] () -- C:\Documents and Settings\Clawd\Desktop\Clue.xlsx
[2009/03/20 15:50:33 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Clawd\Desktop\MencherScholarship.doc
[2009/03/20 13:03:13 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Clawd\Desktop\ASHA submission.doc
[2009/03/19 14:27:23 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/19 14:13:11 | 00,534,456 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/19 14:13:11 | 00,463,768 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/19 14:13:11 | 00,080,730 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/17 01:10:44 | 00,437,760 | -HS- | M] () -- C:\Documents and Settings\Clawd\Desktop\Thumbs.db
[2009/03/15 12:37:18 | 00,000,745 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/15 12:37:18 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/03/13 18:40:41 | 00,000,780 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2009/03/13 09:22:52 | 00,000,008 | ---- | M] () -- C:\WINDOWS\System32\success
[2009/03/13 09:21:00 | 00,001,762 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
[2009/03/12 19:14:55 | 00,096,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd7533.sys
[2009/03/12 18:23:10 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/03/12 18:20:05 | 00,004,168 | ---- | M] () -- C:\INFCACHE.1
[2009/03/12 18:20:04 | 00,002,152 | ---- | M] () -- C:\autorun.PNF
[2009/03/08 15:57:29 | 00,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2009/03/07 13:17:46 | 00,000,000 | ---- | M] () -- C:\WINDOWS\game.INI
[2009/03/06 16:07:59 | 00,003,974 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/03/06 16:07:53 | 00,000,088 | RHS- | M] () -- C:\WINDOWS\System32\2458F6D389.sys
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >

#14 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 25 March 2009 - 07:07 AM

Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Download ToolsCleaner2 to your desktop and run it ( by de A.Rothstein & Dj Quiou )

Click the Pt. Restauration button and press OK to the prompts.
Click the Corbeille button and press OK to the prompt.
Click the Fichiers temp button and press OK to the prompt.
Click the Recherche button and let it run ( it may look like it freezes but let it continue )
Once it is done click the Suppression button and let it remove anything it finds.
Close the program

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Below I have included a number of recommendations for how to protect your computer against malware infections.

Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
- NoScript - for blocking ads and other potential website attacks
- McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

#15 Sublime07

Group: Member
Posts: 8
Joined: 21-March 09

Posted 25 March 2009 - 05:53 PM

Hi,

I followed the rest of your instructions, and I've been testing things out. Everything seems great!

Thanks very much for all your help, for your detailed instructions, and for your prompt replies!

Back to Virus, Spyware, Malware Removal

Share this topic:

2 Pages
1
2
→

Please log in to reply

Persistent Malware - afisicx.exe, mabidwe.exe, etc [Solved] - Geeks to Go Forums