Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rootkit, Malware,Trojans.Win32


  • Please log in to reply

#1
diamonddog

diamonddog

    New Member

  • Member
  • Pip
  • 5 posts
I keep getting Trojan Droppers,Agents,downloaders,hotbar and QOH,QOO Trojans along with Malware.trace,Hacktool.Keysteal,spyware.password, and win32/trojans followed by reinstall and long numbers and letters. I'm using MalewareBytes which removes what it finds, and Eset Smart Security 4 which removes what it finds, but a couple of days go by and a new Trojans/Maleware appears. It first started about 4 to 5 weeks ago. I usually scan about every couple of days now (very annoying) and find a new virus within that same week. Yesterday I received a BSOD with something about memory, harddrive, or something (don't remember exactly) followed by stop: oxoooooo8E (oxc0000005, 0x00000000)win32k.sys-address BF953492 Base At BF8000000, DateStamp 4a8564c7. My system seems to operate for the most part normally, but just a tad slower. Not sure if I have a possible rootkit, backdoor, or Spyware/Maleware/Trojan problem still hidden somewhere in my system. Any help would greatly be appreciate. Was thinking of trying Combofix, but only if advised. I'm not too computer savy, so I hope someone can guide me through a possible fix. I don't want to reformat and start all over if these problems can be solved here. Thanx in advance!
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,136 posts
  • MVP
Work through the guidelines: http://www.geekstogo...emoval-f37.html

Skip any which won't run.

Then post your logs (do not use the attachment option).

Ron
  • 0

#3
diamonddog

diamonddog

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Ok! I will go through as many as possible. Looks like a lot to go through. I will post findings later. Thanks for your help Ron!
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,136 posts
  • MVP
No hurry. I'm going off island tomorrow so won't be on until late tomorrow.

Ron
  • 0

#5
diamonddog

diamonddog

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Ron,

Here is the info that I performed.
Emptied all Temp files. Backed up Registry. MalewareBytes "0" detections. Eset Smart Security Suite 4 "0" detections. Here are the log file texts requested. Thanks again for your help.

Ken.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-13 13:32:22
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\KENHAN~1\LOCALS~1\Temp\kxldapod.sys


---- System - GMER 1.0.15 ----

SSDT 86F80FA8 ZwAllocateVirtualMemory
SSDT 8667FA70 ZwAssignProcessToJobObject
SSDT 86FE33F0 ZwCreateKey
SSDT 86FBE618 ZwCreateProcess
SSDT 86FE9E40 ZwCreateProcessEx
SSDT 86F81628 ZwCreateThread
SSDT 866805F0 ZwDebugActiveProcess
SSDT 86F96198 ZwDeleteKey
SSDT 86FE11A0 ZwDeleteValueKey
SSDT 86680020 ZwDuplicateObject
SSDT 8667F1B0 ZwOpenProcess
SSDT 8667F4B0 ZwOpenThread
SSDT 8667FEB0 ZwProtectVirtualMemory
SSDT 86F80020 ZwQueueApcThread
SSDT 86F80EB8 ZwReadVirtualMemory
SSDT 86FA9200 ZwRenameKey
SSDT 8667FD50 ZwSetContextThread
SSDT 86FCA380 ZwSetInformationKey
SSDT 86F81718 ZwSetInformationProcess
SSDT 8667FBD0 ZwSetInformationThread
SSDT 8667CA90 ZwSetSecurityObject
SSDT 86FCA6C8 ZwSetValueKey
SSDT 8667F910 ZwSuspendProcess
SSDT 8667F7B0 ZwSuspendThread
SSDT 8667F340 ZwTerminateProcess
SSDT 8667F640 ZwTerminateThread
SSDT 86680440 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\Tcpip \Device\Ip 86DE7E28
Device \Driver\Tcpip \Device\Ip 86B1F438
Device \Driver\Tcpip \Device\Ip 86E962F8
Device \Driver\Tcpip \Device\Ip 86C29540
Device \Driver\Tcpip \Device\Ip 86A750D0

AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\Tcpip \Device\Tcp 86DE7E28
Device \Driver\Tcpip \Device\Tcp 86B1F438
Device \Driver\Tcpip \Device\Tcp 86E962F8
Device \Driver\Tcpip \Device\Tcp 86C29540
Device \Driver\Tcpip \Device\Tcp 86A750D0

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\Tcpip \Device\Udp 86DE7E28
Device \Driver\Tcpip \Device\Udp 86B1F438
Device \Driver\Tcpip \Device\Udp 86E962F8
Device \Driver\Tcpip \Device\Udp 86C29540
Device \Driver\Tcpip \Device\Udp 86A750D0

AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\Tcpip \Device\RawIp 86DE7E28
Device \Driver\Tcpip \Device\RawIp 86B1F438
Device \Driver\Tcpip \Device\RawIp 86E962F8
Device \Driver\Tcpip \Device\RawIp 86C29540
Device \Driver\Tcpip \Device\RawIp 86A750D0

AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\Tcpip \Device\IPMULTICAST 86DE7E28
Device \Driver\Tcpip \Device\IPMULTICAST 86B1F438
Device \Driver\Tcpip \Device\IPMULTICAST 86E962F8
Device \Driver\Tcpip \Device\IPMULTICAST 86C29540
Device \Driver\Tcpip \Device\IPMULTICAST 86A750D0
Device \FileSystem\Fastfat \Fat ECBFCD20
Device \FileSystem\Fastfat \Fat ECC009F2

AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Direct Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Direct Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Direct Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Direct Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Direct Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Direct Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] 0x6B 0x65 0x49 0x6A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----

--------------------------------------------------------------------------------------------

OTL logfile created on: 2/13/2010 3:40:45 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Ken Hancey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 585.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 297.97 Gb Total Space | 213.23 Gb Free Space | 71.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELLBOY
Current User Name: Ken Hancey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/13 15:37:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken Hancey\Desktop\OTL.exe
PRC - [2010/01/05 09:48:16 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Ken Hancey\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/12/29 21:59:53 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/11/16 09:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/06/20 17:20:50 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/06/20 17:20:47 | 000,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
PRC - [2008/06/19 14:22:08 | 000,868,352 | ---- | M] () -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/02/16 18:49:50 | 000,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2006/11/03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/06/21 23:44:34 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\hkcmd.exe


========== Modules (SafeList) ==========

MOD - [2010/02/13 15:37:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken Hancey\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/01/05 09:48:16 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/12/29 21:59:53 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/11/16 09:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/06/20 17:20:47 | 000,137,200 | ---- | M] (Google) [Auto | Running] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/06/19 14:22:08 | 000,868,352 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)
SRV - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2007/02/16 18:49:50 | 000,411,168 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/01/15 17:14:38 | 000,774,144 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/01/15 16:01:56 | 000,266,240 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 E9 DE 79 98 A7 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.isp.netscape.com/"
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07076007
FF - prefs.js..keyword.URL: "http://www.bing.com/...?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/03/28 07:01:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/10 16:35:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/10 16:34:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.2.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2008/06/08 12:14:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.2.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/01/10 16:20:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/01/10 16:14:54 | 000,000,000 | ---D | M]

[2008/12/04 22:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\Mozilla\Extensions
[2010/02/11 22:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\Mozilla\Firefox\Profiles\xjq3n7fm.default\extensions
[2010/01/10 16:34:56 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Ken Hancey\Application Data\Mozilla\Firefox\Profiles\xjq3n7fm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2008/05/13 20:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\Mozilla\Firefox\Profiles\xjq3n7fm.default\extensions\[email protected]
[2009/09/01 21:03:15 | 000,002,163 | ---- | M] () -- C:\Documents and Settings\Ken Hancey\Application Data\Mozilla\Firefox\Profiles\xjq3n7fm.default\searchplugins\bing.xml
[2010/02/09 22:12:18 | 000,005,511 | ---- | M] () -- C:\Documents and Settings\Ken Hancey\Application Data\Mozilla\Firefox\Profiles\xjq3n7fm.default\searchplugins\foodtv.xml
[2008/06/22 20:57:49 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Ken Hancey\Application Data\Mozilla\Firefox\Profiles\xjq3n7fm.default\searchplugins\IMDB.xml
[2010/02/12 18:03:59 | 000,005,227 | ---- | M] () -- C:\Documents and Settings\Ken Hancey\Application Data\Mozilla\Firefox\Profiles\xjq3n7fm.default\searchplugins\linkedin.xml
[2010/02/12 18:04:00 | 000,005,242 | ---- | M] () -- C:\Documents and Settings\Ken Hancey\Application Data\Mozilla\Firefox\Profiles\xjq3n7fm.default\searchplugins\linkedinjobs.xml
[2008/06/22 20:57:49 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Ken Hancey\Application Data\Mozilla\Firefox\Profiles\xjq3n7fm.default\searchplugins\wikipedia.xml
[2010/02/09 22:12:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/16 17:53:01 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2006/02/20 23:18:55 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/12/28 18:07:43 | 000,002,236 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\askcom.xml

O1 HOSTS File: ([2010/01/10 04:00:39 | 000,000,033 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Artisan 810 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFRA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Ken Hancey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html ()
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 14 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} http://www.silvercrk...787_3442128.cab (Reg Error: Value error.)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} http://www.ipswitch....tp_le/setup.exe (InstallShield Setup Player 2K2)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} http://qmedia.xlonte...2ie06041001.cab (Reg Error: Value error.)
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} http://download.abac...abasetup144.cab (Reg Error: Value error.)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.ao.../ampx_en_dl.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\0020.DLL) - C:\WINDOWS\System32\0020.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2002/09/03 12:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (smrgdf C:\Program Files\iolo\System Mechanic 5\) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/03/14 04:52:44 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173366603513856)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/13 15:36:31 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ken Hancey\Desktop\OTL.exe
[2010/02/13 09:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Hancey\Desktop\gmer
[2010/02/12 18:51:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/12 18:39:34 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/12 18:15:45 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ken Hancey\Desktop\TFC.exe
[2010/02/06 22:42:17 | 000,474,892 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\ensppmon.dll
[2010/02/06 22:42:17 | 000,474,892 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enppmon.dll
[2010/02/06 22:42:17 | 000,457,611 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\ensppui.dll
[2010/02/06 22:42:17 | 000,457,611 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enppui.dll
[2010/02/06 22:42:17 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enspres.dll
[2010/02/06 22:42:17 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enpres.dll
[2010/02/06 22:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2010/02/06 22:36:17 | 000,342,016 | ---- | C] (Seiko Epson Corporation) -- C:\WINDOWS\System32\eswiaud.dll
[2010/02/06 22:36:17 | 000,128,392 | ---- | C] (Seiko Epson Corporation) -- C:\WINDOWS\System32\esdevapp.exe
[2010/02/06 22:36:17 | 000,015,872 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\escdev.dll
[2010/02/06 19:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2010/02/06 19:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Hancey\Application Data\Epson
[2010/02/06 19:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2010/02/06 19:23:48 | 000,093,696 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FLBFRA.DLL
[2010/02/06 19:23:48 | 000,079,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FD4BFRA.DLL
[2010/02/06 19:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/02/06 19:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2010/01/13 23:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\ESET
[2010/01/10 16:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/10 16:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/10 15:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2009/12/25 20:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2008/02/23 13:56:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/02/10 20:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2007/02/26 23:30:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Ken Hancey\Application Data\pcouffin.sys
[2004/09/15 22:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/03/14 04:54:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/03/14 04:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/02/13 15:37:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken Hancey\Desktop\OTL.exe
[2010/02/13 15:33:03 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/13 15:33:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2104602384-3097615495-1700844549-1006UA.job
[2010/02/13 15:31:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/13 15:31:23 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/02/13 15:29:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/13 15:29:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/02/13 15:29:54 | 1071,714,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/13 14:26:48 | 014,942,208 | ---- | M] () -- C:\Documents and Settings\Ken Hancey\ntuser.dat
[2010/02/13 14:26:48 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Ken Hancey\NTUSER.INI
[2010/02/13 14:26:41 | 017,710,642 | -H-- | M] () -- C:\Documents and Settings\Ken Hancey\Local Settings\Application Data\IconCache.db
[2010/02/13 14:20:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/12 23:33:02 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2104602384-3097615495-1700844549-1006Core.job
[2010/02/12 20:00:00 | 000,000,574 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Ken Hancey.job
[2010/02/12 18:39:40 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Ken Hancey\Desktop\NTREGOPT.lnk
[2010/02/12 18:39:40 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Ken Hancey\Desktop\ERUNT.lnk
[2010/02/12 18:21:07 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Ken Hancey\Desktop\gmer.zip
[2010/02/12 18:16:13 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken Hancey\Desktop\TFC.exe
[2010/02/11 18:33:40 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Ken Hancey\Desktop\Google Chrome.lnk
[2010/02/11 18:12:52 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/10 08:04:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/09 21:46:13 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/09 21:29:03 | 000,000,105 | ---- | M] () -- C:\Documents and Settings\Ken Hancey\default.pls
[2010/02/09 20:57:37 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/02/08 17:25:53 | 000,606,357 | ---- | M] () -- C:\Documents and Settings\Ken Hancey\Desktop\School.mp3
[2010/02/07 10:16:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\EEventManager.INI
[2010/02/06 22:41:31 | 000,000,559 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Print CD.lnk
[2010/02/06 22:36:18 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2010/02/06 19:28:14 | 000,000,060 | ---- | M] () -- C:\WINDOWS\EPART810.ini
[2010/01/30 16:01:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job

========== Files Created - No Company Name ==========

[2010/02/12 18:39:40 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Ken Hancey\Desktop\NTREGOPT.lnk
[2010/02/12 18:39:40 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Ken Hancey\Desktop\ERUNT.lnk
[2010/02/12 18:21:06 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Ken Hancey\Desktop\gmer.zip
[2010/02/09 20:57:37 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/02/09 20:57:37 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/02/08 17:25:53 | 000,606,357 | ---- | C] () -- C:\Documents and Settings\Ken Hancey\Desktop\School.mp3
[2010/02/07 10:16:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/02/06 22:41:31 | 000,000,559 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Print CD.lnk
[2010/02/06 22:36:18 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2010/02/06 19:19:45 | 000,000,060 | ---- | C] () -- C:\WINDOWS\EPART810.ini
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/05 17:42:02 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/02/14 20:47:10 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2008/01/03 21:13:56 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/11/25 19:59:44 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Ken Hancey\Application Data\inst.exe
[2007/11/16 22:28:07 | 000,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2007/04/24 20:48:30 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Ken Hancey\Application Data\WavCodec.wff
[2007/03/06 21:38:41 | 000,000,034 | ---- | C] () -- C:\WINDOWS\DVDFabPlatinum.INI
[2007/03/03 16:49:14 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/02/26 23:30:33 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Ken Hancey\Application Data\ezpinst.exe
[2007/02/26 23:30:33 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Ken Hancey\Application Data\pcouffin.cat
[2007/02/26 23:30:33 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Ken Hancey\Application Data\pcouffin.inf
[2007/02/14 23:09:23 | 000,000,334 | ---- | C] () -- C:\WINDOWS\MailGuard.INI
[2007/02/14 22:59:47 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\kWab.dll
[2007/01/11 20:32:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mavis Beacon Teaches Typing.INI
[2006/11/06 20:46:35 | 000,001,367 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/28 18:47:33 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Ken Hancey\Application Data\pcouffin.log
[2006/04/01 10:20:32 | 000,000,304 | ---- | C] () -- C:\WINDOWS\DVDFabGold.INI
[2006/02/04 21:33:31 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/02/04 21:33:31 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/11/30 00:17:49 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2005/07/22 20:17:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2005/03/21 22:19:59 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2005/03/21 20:00:34 | 000,000,063 | ---- | C] () -- C:\WINDOWS\PixieTool.INI
[2005/03/15 23:27:59 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2005/03/12 23:02:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2005/03/12 23:02:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2005/03/12 23:02:36 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2005/03/12 23:02:35 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2005/03/12 23:02:35 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2005/01/28 22:55:10 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/06/25 21:24:27 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/05/06 23:15:19 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Ken Hancey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/04/19 20:28:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2004/04/16 22:44:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/04/16 20:52:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/03/24 20:35:28 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Ken Hancey\Local Settings\Application Data\fusioncache.dat
[2004/03/24 20:21:53 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt
[2004/03/23 21:46:10 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2004/03/22 23:32:18 | 000,000,569 | ---- | C] () -- C:\WINDOWS\hwsolii.ini
[2004/03/22 23:23:35 | 000,004,731 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2004/03/21 13:51:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/03/20 23:39:44 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Ken Hancey\Application Data\PFP110JPR.{PB
[2004/03/20 23:39:44 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Ken Hancey\Application Data\PFP110JCM.{PB
[2004/03/20 21:46:55 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2004/03/20 19:52:05 | 000,008,452 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/03/18 08:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/03/14 05:46:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/14 05:32:43 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/03/14 05:24:57 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/03/14 05:09:02 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/14 04:55:30 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/03/12 00:03:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/07/31 20:42:37 | 000,000,896 | ---- | C] () -- C:\WINDOWS\System32\hpsj16.dll
[2002/05/24 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2000/12/22 06:51:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2000/09/18 16:12:40 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\CSSMS_IN.DLL
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/10 23:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1998/07/15 20:44:30 | 000,134,656 | ---- | C] () -- C:\WINDOWS\System32\itijpg2.dll
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2007/03/17 00:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
[2007/04/04 11:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/08/02 19:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2007/01/11 20:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2006/01/03 19:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/11/03 20:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2010/02/08 18:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/03/07 21:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008/11/18 21:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2005/09/12 07:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2007/03/03 16:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2005/09/12 07:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/02/11 18:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/10 08:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uniblue
[2004/03/14 05:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/05/22 20:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/01/16 18:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2010/01/12 19:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2005/03/16 18:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\Acronis
[2007/01/11 20:33:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\Broderbund
[2009/10/22 19:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\DVDFab
[2007/11/03 20:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\eBay
[2010/02/08 18:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\Epson
[2008/03/07 21:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\ESET
[2006/08/30 21:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\FileOpen
[2006/07/13 22:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\Image Zone Express
[2009/05/13 20:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\IObit
[2004/06/22 20:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\Kontiki
[2004/03/20 21:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\Leadertech
[2009/06/05 19:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\MoveFab
[2008/03/15 20:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\NCH Swift Sound
[2005/08/02 20:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\Netscape
[2008/01/03 20:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\NoteTab Light
[2008/01/03 21:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\Panasonic
[2007/03/03 16:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\SlySoft
[2009/12/30 09:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\SystemRequirementsLab
[2005/03/12 23:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\Tenebril
[2004/06/22 20:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\The Labyrinth Plus! Edition
[2004/06/22 20:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\Ulead Systems
[2008/02/10 08:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\Uniblue
[2010/01/26 18:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\Vso
[2006/04/29 21:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\VSO_HWE
[2007/09/04 17:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\WholeSecurity
[2009/09/08 17:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Hancey\Application Data\Windows Search
[2004/03/21 23:45:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2010/02/13 15:33:03 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/01/30 16:01:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
[2008/02/10 12:17:34 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpyEraser.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/09/16 19:43:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2004/09/15 22:00:00 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2009/04/01 17:22:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2004/09/15 22:00:00 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/04/01 17:22:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/09/16 19:43:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 12:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 02:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\Documents and Settings\Ken Hancey\My Documents\WinXP SP1\WinXPSP1\new\sp1.cab:atapi.sys
[2002/08/29 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 02:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\Transfered Files\~JTrg.000\Documents and Settings\Ken Hancey\My Documents\WinXP SP1\WinXPSP1\new\sp1.cab:atapi.sys
[2008/09/16 19:43:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2002/08/29 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2004/09/15 22:00:00 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2009/04/01 17:22:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2004/09/15 22:00:00 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/04/01 17:22:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/09/16 19:43:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 22:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2003/04/23 08:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 00:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2002/08/29 04:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2002/08/29 04:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2004/08/04 00:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2002/08/29 04:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/11/06 12:00:28 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\wrLZMA.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/09/03 12:22:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2002/09/03 12:22:52 | 000,626,688 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2002/09/03 12:22:52 | 000,397,312 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


--------------------------------------------------------------------------------------------

OTL Extras logfile created on: 2/13/2010 3:40:45 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Ken Hancey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 585.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 297.97 Gb Total Space | 213.23 Gb Free Space | 71.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELLBOY
Current User Name: Ken Hancey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager.exe -- (SEIKO EPSON CORPORATION)
"C:\Program Files\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe" = C:\Program Files\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe:*:Enabled:EpsonNet Setup -- (SEIKO EPSON CORPORATION)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{07295ABF-1245-415A-BE06-863271753443}" = ShowBiz
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{178BAABD-0C95-4EB6-9E12-29A039EA27F6}" = Qwest eChat Support Tools
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{2E8DC19D-E1E1-402D-A483-CFF559207B94}" = FileOpen Plug-in for Adobe Acrobat® and Adobe Reader®
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{36C65751-6AED-4F89-A57B-3BE1239F046C}" = CyberPower PowerPanel Personal Edition 1.2.2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BCC5640-5360-11D4-A44A-0000E86D2305}" = Ulead Drop Spot 1.0
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home
"{42C7A1F1-6986-41E6-B0C7-94657FE89301}" = Mavis Beacon Teaches Typing Deluxe 15
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A8D3524-79DB-11D5-99D1-00010256D40E}" = SD Viewer for DSC
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = MyDVD
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software
"{7784A172-61F1-445E-8368-601607E0DD22}" = MP3 Player Utilities 4.00
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8855FF30-19CE-4CB1-A654-87B38369CCE1}" = Sonic RecordNow DX
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3A31EEE-7C65-4EE6-BB0D-5549FD2D67B9}" = Ipswitch WS_FTP LE
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE09FBC2-74BF-42A5-8FFF-12E784BAA42C}" = ESET Smart Security
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6522325-92ED-4312-A45A-04E45896C130}" = WLTB Custom Buttons
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0F02CE0-491C-11D4-A44A-0000E86D2305}" = Ulead PhotoImpact 6
"{D167DA32-32AB-45FC-AEC1-7380BE2221A2}" = QuickConnect
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FC98FBE9-E931-494C-8717-497185371033}" = Nero 7 Ultra Edition
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Abacast Client" = Abacast Client
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Audit Support Center" = Audit Support Center 1.0
"Autorun Eater_is1" = Autorun Eater v2.4
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"Click'N Design 3D (V5)" = Click'N Design 3D (V5)
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DellSupport" = Dell Support 5.0.0 (766)
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"DVDFab Decrypter_is1" = DVDFab Decrypter 2.9.6.6
"DVDFab Platinum 4_is1" = DVDFab Platinum 4.1.2.0
"DVDFab Platinum_is1" = DVDFab Platinum 3.2.1.0
"EPSON Artisan 810 Series" = EPSON Artisan 810 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"exPressit S.E. 2.2" = exPressit S.E. 2.2
"Google Updater" = Google Updater
"Hardwood Solitaire II" = Hardwood Solitaire II
"Hardwood Solitaire III" = Hardwood Solitaire III
"HijackThis" = HijackThis 2.0.2
"Hollywood FX" = Pinnacle Hollywood FX
"Hollywood FX 5.5 Additional Effects" = Hollywood FX 5.5 Additional Effects
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"InterActual Player" = InterActual Player
"iolo technologies' System Mechanic 5" = iolo technologies' System Mechanic 5
"JLIP VideoCapture" = JLIP VideoCapture3.1
"JLIP VideoProducer2.0" = JLIP VideoProducer2.0
"LookInMyPC" = LookInMyPC
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Move Networks Player_is1" = Move Networks Player for Internet Explorer
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MRW!UninstallKey" = Ahead InCD EasyWrite Reader
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MVApplication1" = SureThing CD Labeler - Stomper Edition 32 bit
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NoteTab Light 5_is1" = NoteTab Light 5 (Remove only)
"PCFriendly" = PCFriendly
"QuickTime" = QuickTime
"QwestQuickCare_is1" = Qwest QuickCare 2.0
"RC40 Scale" = RC40 Scale
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"ShockwaveFlash" = Macromedia Flash Player 8
"SpeedFan" = SpeedFan (remove only)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 4 Free 4.92
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/28/2010 8:36:38 PM | Computer Name = DELLBOY | Source = Application Error | ID = 1000
Description = Faulting application pspa.exe, version 4.0.0.3, faulting module pspa.exe,
version 4.0.0.3, fault address 0x000b7210.

Error - 2/2/2010 9:13:04 PM | Computer Name = DELLBOY | Source = Application Error | ID = 1000
Description = Faulting application pspa.exe, version 4.0.0.3, faulting module pspa.exe,
version 4.0.0.3, fault address 0x000b7210.

Error - 2/9/2010 11:58:05 PM | Computer Name = DELLBOY | Source = Application Error | ID = 1000
Description = Faulting application pspa.exe, version 4.0.0.3, faulting module pspa.exe,
version 4.0.0.3, fault address 0x000b7210.

Error - 2/10/2010 12:04:14 AM | Computer Name = DELLBOY | Source = Application Error | ID = 1000
Description = Faulting application pspa.exe, version 4.0.0.3, faulting module pspa.exe,
version 4.0.0.3, fault address 0x000b7210.

Error - 2/10/2010 12:10:46 AM | Computer Name = DELLBOY | Source = Application Error | ID = 1000
Description = Faulting application pspa.exe, version 4.0.0.3, faulting module pspa.exe,
version 4.0.0.3, fault address 0x000b7210.

Error - 2/10/2010 12:11:08 AM | Computer Name = DELLBOY | Source = Application Error | ID = 1000
Description = Faulting application pspa.exe, version 4.0.0.3, faulting module pspa.exe,
version 4.0.0.3, fault address 0x000b7210.

Error - 2/10/2010 12:18:51 AM | Computer Name = DELLBOY | Source = Application Error | ID = 1000
Description = Faulting application pspa.exe, version 4.0.0.3, faulting module pspa.exe,
version 4.0.0.3, fault address 0x000b7210.

Error - 2/10/2010 12:23:15 AM | Computer Name = DELLBOY | Source = Application Error | ID = 1000
Description = Faulting application pspa.exe, version 4.0.0.3, faulting module pspa.exe,
version 4.0.0.3, fault address 0x000b7210.

Error - 2/10/2010 2:12:02 AM | Computer Name = DELLBOY | Source = Application Error | ID = 1000
Description = Faulting application pspa.exe, version 4.0.0.3, faulting module pspa.exe,
version 4.0.0.3, fault address 0x000b7210.

Error - 2/11/2010 9:13:02 PM | Computer Name = DELLBOY | Source = Application Error | ID = 1000
Description = Faulting application pspa.exe, version 4.0.0.3, faulting module pspa.exe,
version 4.0.0.3, fault address 0x000b7210.

[ System Events ]
Error - 2/13/2010 12:31:34 PM | Computer Name = DELLBOY | Source = Service Control Manager | ID = 7034
Description = The Webroot Client Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/13/2010 12:31:34 PM | Computer Name = DELLBOY | Source = Service Control Manager | ID = 7031
Description = The Google Updater Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 900000 milliseconds:
Restart the service.

Error - 2/13/2010 12:31:35 PM | Computer Name = DELLBOY | Source = Service Control Manager | ID = 7031
Description = The Windows Defender service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 15000 milliseconds:
Restart the service.

Error - 2/13/2010 12:31:35 PM | Computer Name = DELLBOY | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

Error - 2/13/2010 12:31:35 PM | Computer Name = DELLBOY | Source = Service Control Manager | ID = 7034
Description = The Window Washer Engine service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/13/2010 12:31:35 PM | Computer Name = DELLBOY | Source = Service Control Manager | ID = 7034
Description = The Webroot Spy Sweeper Engine service terminated unexpectedly. It
has done this 1 time(s).

Error - 2/13/2010 12:31:35 PM | Computer Name = DELLBOY | Source = Service Control Manager | ID = 7034
Description = The PowerPanel Personal Edition Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/13/2010 12:31:38 PM | Computer Name = DELLBOY | Source = DCOM | ID = 10010
Description = The server {B366DEBE-645B-43A5-B865-DDD82C345492} did not register
with DCOM within the required timeout.

Error - 2/13/2010 12:32:43 PM | Computer Name = DELLBOY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCLEPCI

Error - 2/13/2010 6:30:19 PM | Computer Name = DELLBOY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCLEPCI


< End of report >
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,136 posts
  • MVP
Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron
  • 0

#7
diamonddog

diamonddog

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Ron,

Here is the Combofix.text you requested. I hope I did it right. After the scan I noticed My Eset smart security 4 Firewall was still activaed. Opps! I hope this dodn't interfer with what had to be done. If so I can redo it if need be. I also noticed that when I go to open the Geeks to go link in your email to me that it will not automatically go to address bar and link up. It just is blank white. I had to cope and paste it there to open it up. I turned security back on in it, but still notta. Iwill wait to hear back from you. Thanks!

Ken.

----------------------------------------------------------------------------------------------


ComboFix 10-02-12.01 - Ken Hancey 02/14/2010 20:21:03.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.599 [GMT -7:00]
Running from: c:\documents and settings\Ken Hancey\Desktop\George.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ken Hancey\Application Data\inst.exe
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Downloaded Program Files\setup.dll
c:\windows\system32\kWab.dll
c:\windows\system32\SHELLLNK.TLB

.
((((((((((((((((((((((((( Files Created from 2010-01-15 to 2010-02-15 )))))))))))))))))))))))))))))))
.

2010-02-13 01:39 . 2010-02-13 01:39 -------- d-----w- c:\program files\ERUNT
2010-02-09 01:39 . 2007-12-17 10:00 143872 ----a-w- c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
2010-02-09 01:39 . 2007-01-11 10:02 113664 ----a-w- c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
2010-02-07 05:42 . 2010-02-07 05:42 -------- d-----w- c:\program files\EpsonNet
2010-02-07 05:42 . 2008-12-01 20:00 457611 ----a-w- c:\windows\system32\ensppui.dll
2010-02-07 05:42 . 2008-12-01 20:00 457611 ----a-w- c:\windows\system32\enppui.dll
2010-02-07 05:42 . 2008-12-01 19:58 474892 ----a-w- c:\windows\system32\ensppmon.dll
2010-02-07 05:42 . 2008-12-01 19:58 474892 ----a-w- c:\windows\system32\enppmon.dll
2010-02-07 05:42 . 2008-06-18 18:49 249344 ----a-w- c:\windows\system32\enspres.dll
2010-02-07 05:42 . 2008-06-18 18:49 249344 ----a-w- c:\windows\system32\enpres.dll
2010-02-07 05:36 . 2009-05-01 07:00 15872 ----a-w- c:\windows\system32\escdev.dll
2010-02-07 05:36 . 2009-05-01 07:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
2010-02-07 05:36 . 2008-11-17 07:00 342016 ----a-w- c:\windows\system32\eswiaud.dll
2010-02-07 02:28 . 2010-02-07 02:28 -------- d-----w- c:\program files\Common Files\EPSON
2010-02-07 02:27 . 2010-02-09 01:59 -------- d-----w- c:\documents and settings\Ken Hancey\Application Data\Epson
2010-02-07 02:24 . 2010-02-07 05:41 -------- d-----w- c:\program files\Epson Software
2010-02-07 02:23 . 2008-11-12 02:00 93696 ----a-w- c:\windows\system32\E_FLBFRA.DLL
2010-02-07 02:23 . 2008-11-12 02:00 79360 ----a-w- c:\windows\system32\E_FD4BFRA.DLL
2010-02-07 02:23 . 2010-02-09 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2010-02-07 02:22 . 2010-02-07 05:37 -------- d-----w- c:\program files\epson
2010-02-07 02:21 . 2008-04-13 19:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-02-07 02:21 . 2008-04-13 19:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2010-01-22 06:07 . 2010-01-22 06:07 -------- d-sh--w- c:\documents and settings\Ken Hancey\IECompatCache
2010-01-22 06:05 . 2010-01-22 06:05 -------- d-sh--w- c:\documents and settings\Ken Hancey\PrivacIE
2010-01-22 06:03 . 2010-01-22 06:03 -------- d-sh--w- c:\documents and settings\Ken Hancey\IETldCache
2010-01-22 06:03 . 2010-01-22 06:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-22 05:41 . 2009-12-21 19:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-22 05:41 . 2009-12-21 19:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-22 05:40 . 2010-01-22 05:40 -------- d-----w- c:\windows\ie8updates
2010-01-22 05:40 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-22 05:37 . 2010-01-22 05:38 -------- dc-h--w- c:\windows\ie8
2010-01-20 01:47 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 01:47 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 02:27 . 2009-11-25 19:20 -------- d-----w- c:\program files\CyberPower PowerPanel Personal Edition
2010-02-14 15:49 . 2008-06-21 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-07 05:42 . 2004-03-14 12:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-05 05:37 . 2010-01-05 17:00 -------- d-----w- c:\program files\SpeedFan
2010-01-27 01:15 . 2007-02-27 06:30 -------- d-----w- c:\documents and settings\Ken Hancey\Application Data\Vso
2010-01-22 05:21 . 2009-12-31 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-20 01:47 . 2009-06-07 20:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 01:28 . 2009-11-03 03:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 18:12 . 2009-10-03 14:03 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 06:42 . 2010-01-14 06:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\ESET
2010-01-13 04:42 . 2009-05-26 06:00 -------- d-----w- c:\program files\DVDFab 6
2010-01-13 02:08 . 2010-01-13 02:08 -------- d-----w- c:\program files\CCleaner
2010-01-13 02:00 . 2010-01-13 02:00 -------- dc----w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-12 07:25 . 2010-01-12 07:25 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-01-12 07:01 . 2010-01-12 07:00 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-01-12 01:53 . 2010-01-12 01:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-10 23:34 . 2010-01-10 22:55 -------- d-----w- c:\program files\Common Files\Webroot Shared
2010-01-10 23:29 . 2010-01-10 23:20 -------- d-----w- c:\program files\Microsoft Works
2010-01-10 23:17 . 2010-01-10 23:17 -------- d-----w- c:\program files\Microsoft.NET
2010-01-10 23:13 . 2004-04-10 00:23 -------- d-----w- c:\program files\Google
2010-01-10 22:57 . 2010-01-10 22:55 -------- d-----w- c:\documents and settings\Ken Hancey\Application Data\Webroot
2010-01-10 22:57 . 2010-01-10 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-01-10 22:55 . 2010-01-10 22:55 -------- d-----w- c:\documents and settings\LocalService\Application Data\Webroot
2010-01-10 22:08 . 2005-01-15 03:57 -------- d-----w- c:\program files\eBay
2010-01-10 21:27 . 2005-03-13 05:26 -------- d-----w- c:\program files\Webroot
2010-01-10 00:05 . 2004-03-14 12:46 102792 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-05 16:48 . 2010-01-05 16:48 12840432 ----a-w- c:\documents and settings\All Users\Application Data\Google Updater\cache\packdata_ci_earth_5.1.3533.1731_en_setup.exe
2009-12-31 16:50 . 2002-08-29 11:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 03:27 . 2009-12-31 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-12-30 17:00 . 2009-12-30 16:59 -------- d-----w- c:\program files\SystemRequirementsLab
2009-12-30 16:59 . 2009-12-30 16:59 247296 ----a-w- c:\documents and settings\Ken Hancey\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll
2009-12-30 16:59 . 2009-12-30 16:59 247296 ----a-w- c:\documents and settings\Ken Hancey\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll
2009-12-30 16:59 . 2009-12-30 16:59 247296 ----a-w- c:\documents and settings\Ken Hancey\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll
2009-12-30 16:59 . 2009-12-30 16:59 247296 ----a-w- c:\documents and settings\Ken Hancey\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll
2009-12-30 16:59 . 2009-12-30 16:59 -------- d-----w- c:\documents and settings\Ken Hancey\Application Data\SystemRequirementsLab
2009-12-30 05:28 . 2009-12-29 01:04 -------- d-----w- c:\program files\Ask.com
2009-12-30 04:59 . 2009-12-30 04:59 -------- d-----w- c:\program files\MSSOAP
2009-12-30 04:57 . 2009-12-29 00:37 164 ----a-w- c:\windows\install.dat
2009-12-21 19:14 . 2004-02-07 00:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2002-08-29 11:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2002-08-29 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 1980-01-01 06:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 1980-01-01 06:00 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2002-08-29 11:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-03-14 12:09 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2003-05-30 15:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2002-08-29 11:00 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2002-08-29 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2002-08-29 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2002-08-29 11:00 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2002-08-29 11:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-25 19:21 . 2009-11-25 19:21 13822 ----a-r- c:\documents and settings\Ken Hancey\Application Data\Microsoft\Installer\{36C65751-6AED-4F89-A57B-3BE1239F046C}\CP_Icon.exe
2009-11-21 15:51 . 2002-08-29 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-21 68856]
"Google Update"="c:\documents and settings\Ken Hancey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-05 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 5"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Album Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Album Fast Start.lnk
backup=c:\windows\pss\Album Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GhostSurf proxy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GhostSurf proxy.lnk
backup=c:\windows\pss\GhostSurf proxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=c:\windows\pss\Personal Coach.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ken Hancey^Start Menu^Programs^Startup^FileOpenAPI.exe.lnk]
path=c:\documents and settings\Ken Hancey\Start Menu\Programs\Startup\FileOpenAPI.exe.lnk
backup=c:\windows\pss\FileOpenAPI.exe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ken Hancey^Start Menu^Programs^Startup^Scheduler.lnk]
path=c:\documents and settings\Ken Hancey\Start Menu\Programs\Startup\Scheduler.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-02-17 01:49 149024 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-02-17 01:57 1945960 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-11-20 20:51 2335880 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autorun Eater]
2009-05-27 04:54 549400 ----a-w- c:\program files\Autorun Eater2.4\oldmcdonald.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-01-15 23:14 147456 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-02-07 08:03 114741 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-06-22 06:44 126976 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-06-22 06:48 155648 ----a-w- c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2007-08-31 19:01 1037736 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-12-03 13:40 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 18:00 200704 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 22:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-08-27 01:47 204800 ------w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD]
2002-12-18 02:28 397312 ----a-w- c:\program files\CyberLink\PowerDVD\PowerDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerPanel Personal Edition User Interaction]
2007-12-07 21:39 315392 ----a-w- c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QUICKCARE]
2007-05-10 00:15 198800 ----a-w- c:\program files\Qwest\QuickCare\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 22:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
2009-11-06 22:19 6515784 ----a-w- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
2003-02-13 07:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 07:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-06-21 00:20 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-03-28 13:55 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-02-17 01:45 1169776 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 22:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2004-08-14 11:42 36864 ------w- c:\program files\mobile PhoneTools\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
2007-11-26 21:47 1206600 ----a-w- c:\program files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\SYSTEM32\DRIVERS\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]
R1 ehdrv;ehdrv;c:\windows\SYSTEM32\DRIVERS\ehdrv.sys [11/16/2009 9:03 AM 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11/16/2009 9:04 AM 735960]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [12/29/2009 9:59 PM 1201640]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [12/31/2009 8:24 PM 598856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 9:48 AM 135664]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 esihdrv;esihdrv;\??\c:\docume~1\KENHAN~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\KENHAN~1\LOCALS~1\Temp\esihdrv.sys [?]
S3 scsiscan;SCSI Scanner Driver;c:\windows\SYSTEM32\DRIVERS\scsiscan.sys [3/21/2004 1:33 PM 11520]
.
Contents of the 'Scheduled Tasks' folder

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 16:48]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 16:48]

2010-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2104602384-3097615495-1700844549-1006Core.job
- c:\documents and settings\Ken Hancey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-15 16:48]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2104602384-3097615495-1700844549-1006UA.job
- c:\documents and settings\Ken Hancey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-15 16:48]

2004-03-22 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
.
------- Supplementary Scan -------
.
mSearch Bar =
uInternet Settings,ProxyOverride = <local>
uSearchAssistant =
uCustomizeSearch =
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
Trusted Zone: turbotax.com
DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} - hxxp://www.silvercrk.com/php/hwsolii_scecab_166.70.14.41.1251010811426081787_3442128.cab
DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} - hxxp://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab
FF - ProfilePath - c:\documents and settings\Ken Hancey\Application Data\Mozilla\Firefox\Profiles\xjq3n7fm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.isp.netscape.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\Ken Hancey\Application Data\Mozilla\Firefox\Profiles\xjq3n7fm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\Ken Hancey\Application Data\Mozilla\Firefox\Profiles\xjq3n7fm.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\Ken Hancey\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Ad-watch - c:\program files\Lavasoft\Ad-aware 6\Ad-watch.exe
MSConfigStartUp-AdaptecDirectCD - c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-AnyDVD - c:\program files\SlySoft\AnyDVD\AnyDVD.exe
MSConfigStartUp-DVD43 - c:\program files\dvd43\dvd43_tray.exe
MSConfigStartUp-eBayToolbar - c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe
MSConfigStartUp-freesurfer - c:\documents and settings\Ken Hancey\Desktop\Free Surfer\fs20.exe
MSConfigStartUp-MailGuard - c:\program files\ProSys.Com\MailGuard\MailGuard.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-PinnacleDriverCheck - c:\windows\system32\PSDrvCheck.exe
MSConfigStartUp-Pre-Empt Pro User Interface - c:\program files\Detto\Pre-Empt\qfui.exe
MSConfigStartUp-RCAutoLiveUpdate - c:\program files\Max Registry Cleaner\MaxLiveUpdateRC.exe
MSConfigStartUp-RCSystemTray - c:\program files\Max Registry Cleaner\MaxRCSystemTray.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-Spyware Doctor - c:\program files\Spyware Doctor\swdoctor.exe
MSConfigStartUp-SSC_UserPrompt - c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe
MSConfigStartUp-Uniblue SpyEraser - c:\program files\Uniblue\SpyEraser\SpyEraser.exe
MSConfigStartUp-URLLSTCK - c:\program files\Norton Internet Security\UrlLstCk.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 20:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1088)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-02-14 20:28:56
ComboFix-quarantined-files.txt 2010-02-15 03:28

Pre-Run: 228,746,579,968 bytes free
Post-Run: 228,703,793,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Professional" /Fastdetect

- - End Of File - - F98A9746A9BCD481F0D831E933260A20
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,136 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

DirLook::
C:\Program Files\Common

File::
c:\docume~1\KENHAN~1\LOCALS~1\Temp\esihdrv.sys

Driver::
esihdrv

Folder::

RootKit::
c:\docume~1\KENHAN~1\LOCALS~1\Temp\esihdrv.sys



******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Drag it over to george and let it start as before.

Post the new log.

We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f


I usually recommend a free BitDefender online scan as a final check to see if we missed anything. http://www.bitdefend...nline/free.html
It takes a while (hours) and you have to turn off your antivirus while you are running it but it is pretty thorough. It doesn't fix anything so if it finds something (that is not in SDFix, Qoobox, or your antivirus's subfolders) you should save the log and post it in a reply.
If windows blocks the active x then try putting Bitdefender in your trusted sites: In IE, Tool, Internet Options, Security, Trusted Sites, Sites. Then uncheck the HTTPS box and put in *.bitdefender.com then ADD. OK.


You do not have the latest Java (6.18). Get the latest at:

http://www.java.com/...nload/index.jsp


Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.


Ron
  • 0

#9
diamonddog

diamonddog

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Ron,

I hope I did this right. Here is the info you requested. Thanks again, Ken.


--------------------------------------------------------------------------------------------
ComboFix 10-02-12.01 - Ken Hancey 02/15/2010 18:52:52.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.566 [GMT -7:00]
Running from: c:\documents and settings\Ken Hancey\Desktop\George.exe
Command switches used :: c:\documents and settings\Ken Hancey\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FILE ::
"c:\docume~1\KENHAN~1\LOCALS~1\Temp\esihdrv.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ESIHDRV
-------\Service_esihdrv


((((((((((((((((((((((((( Files Created from 2010-01-16 to 2010-02-16 )))))))))))))))))))))))))))))))
.

2010-02-13 01:39 . 2010-02-13 01:39 -------- d-----w- c:\program files\ERUNT
2010-02-09 01:39 . 2007-12-17 10:00 143872 ----a-w- c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
2010-02-09 01:39 . 2007-01-11 10:02 113664 ----a-w- c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
2010-02-07 05:42 . 2010-02-07 05:42 -------- d-----w- c:\program files\EpsonNet
2010-02-07 05:42 . 2008-12-01 20:00 457611 ----a-w- c:\windows\system32\ensppui.dll
2010-02-07 05:42 . 2008-12-01 20:00 457611 ----a-w- c:\windows\system32\enppui.dll
2010-02-07 05:42 . 2008-12-01 19:58 474892 ----a-w- c:\windows\system32\ensppmon.dll
2010-02-07 05:42 . 2008-12-01 19:58 474892 ----a-w- c:\windows\system32\enppmon.dll
2010-02-07 05:42 . 2008-06-18 18:49 249344 ----a-w- c:\windows\system32\enspres.dll
2010-02-07 05:42 . 2008-06-18 18:49 249344 ----a-w- c:\windows\system32\enpres.dll
2010-02-07 05:36 . 2009-05-01 07:00 15872 ----a-w- c:\windows\system32\escdev.dll
2010-02-07 05:36 . 2009-05-01 07:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
2010-02-07 05:36 . 2008-11-17 07:00 342016 ----a-w- c:\windows\system32\eswiaud.dll
2010-02-07 02:28 . 2010-02-07 02:28 -------- d-----w- c:\program files\Common Files\EPSON
2010-02-07 02:27 . 2010-02-09 01:59 -------- d-----w- c:\documents and settings\Ken Hancey\Application Data\Epson
2010-02-07 02:24 . 2010-02-07 05:41 -------- d-----w- c:\program files\Epson Software
2010-02-07 02:23 . 2008-11-12 02:00 93696 ----a-w- c:\windows\system32\E_FLBFRA.DLL
2010-02-07 02:23 . 2008-11-12 02:00 79360 ----a-w- c:\windows\system32\E_FD4BFRA.DLL
2010-02-07 02:23 . 2010-02-09 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2010-02-07 02:22 . 2010-02-07 05:37 -------- d-----w- c:\program files\epson
2010-02-07 02:21 . 2008-04-13 19:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-02-07 02:21 . 2008-04-13 19:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2010-01-22 06:07 . 2010-01-22 06:07 -------- d-sh--w- c:\documents and settings\Ken Hancey\IECompatCache
2010-01-22 06:05 . 2010-01-22 06:05 -------- d-sh--w- c:\documents and settings\Ken Hancey\PrivacIE
2010-01-22 06:03 . 2010-01-22 06:03 -------- d-sh--w- c:\documents and settings\Ken Hancey\IETldCache
2010-01-22 06:03 . 2010-01-22 06:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-22 05:41 . 2009-12-21 19:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-22 05:41 . 2009-12-21 19:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-22 05:40 . 2010-01-22 05:40 -------- d-----w- c:\windows\ie8updates
2010-01-22 05:40 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-22 05:37 . 2010-01-22 05:38 -------- dc-h--w- c:\windows\ie8
2010-01-20 01:47 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 01:47 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-16 02:01 . 2009-11-25 19:20 -------- d-----w- c:\program files\CyberPower PowerPanel Personal Edition
2010-02-16 01:21 . 2008-06-21 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-07 05:42 . 2004-03-14 12:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-05 05:37 . 2010-01-05 17:00 -------- d-----w- c:\program files\SpeedFan
2010-01-27 01:15 . 2007-02-27 06:30 -------- d-----w- c:\documents and settings\Ken Hancey\Application Data\Vso
2010-01-22 05:21 . 2009-12-31 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-20 01:47 . 2009-06-07 20:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 01:28 . 2009-11-03 03:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 18:12 . 2009-10-03 14:03 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 06:42 . 2010-01-14 06:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\ESET
2010-01-13 04:42 . 2009-05-26 06:00 -------- d-----w- c:\program files\DVDFab 6
2010-01-13 02:08 . 2010-01-13 02:08 -------- d-----w- c:\program files\CCleaner
2010-01-13 02:00 . 2010-01-13 02:00 -------- dc----w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-12 07:25 . 2010-01-12 07:25 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-01-12 07:01 . 2010-01-12 07:00 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-01-12 01:53 . 2010-01-12 01:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-10 23:34 . 2010-01-10 22:55 -------- d-----w- c:\program files\Common Files\Webroot Shared
2010-01-10 23:29 . 2010-01-10 23:20 -------- d-----w- c:\program files\Microsoft Works
2010-01-10 23:17 . 2010-01-10 23:17 -------- d-----w- c:\program files\Microsoft.NET
2010-01-10 23:13 . 2004-04-10 00:23 -------- d-----w- c:\program files\Google
2010-01-10 22:57 . 2010-01-10 22:55 -------- d-----w- c:\documents and settings\Ken Hancey\Application Data\Webroot
2010-01-10 22:57 . 2010-01-10 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-01-10 22:55 . 2010-01-10 22:55 -------- d-----w- c:\documents and settings\LocalService\Application Data\Webroot
2010-01-10 22:08 . 2005-01-15 03:57 -------- d-----w- c:\program files\eBay
2010-01-10 21:27 . 2005-03-13 05:26 -------- d-----w- c:\program files\Webroot
2010-01-10 00:05 . 2004-03-14 12:46 102792 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-05 16:48 . 2010-01-05 16:48 12840432 ----a-w- c:\documents and settings\All Users\Application Data\Google Updater\cache\packdata_ci_earth_5.1.3533.1731_en_setup.exe
2009-12-31 16:50 . 2002-08-29 11:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 03:27 . 2009-12-31 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-12-30 17:00 . 2009-12-30 16:59 -------- d-----w- c:\program files\SystemRequirementsLab
2009-12-30 16:59 . 2009-12-30 16:59 247296 ----a-w- c:\documents and settings\Ken Hancey\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll
2009-12-30 16:59 . 2009-12-30 16:59 247296 ----a-w- c:\documents and settings\Ken Hancey\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll
2009-12-30 16:59 . 2009-12-30 16:59 247296 ----a-w- c:\documents and settings\Ken Hancey\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll
2009-12-30 16:59 . 2009-12-30 16:59 247296 ----a-w- c:\documents and settings\Ken Hancey\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll
2009-12-30 16:59 . 2009-12-30 16:59 -------- d-----w- c:\documents and settings\Ken Hancey\Application Data\SystemRequirementsLab
2009-12-30 05:28 . 2009-12-29 01:04 -------- d-----w- c:\program files\Ask.com
2009-12-30 04:59 . 2009-12-30 04:59 -------- d-----w- c:\program files\MSSOAP
2009-12-30 04:57 . 2009-12-29 00:37 164 ----a-w- c:\windows\install.dat
2009-12-21 19:14 . 2004-02-07 00:05 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2002-08-29 11:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2002-08-29 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 1980-01-01 06:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 1980-01-01 06:00 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2002-08-29 11:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-03-14 12:09 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2003-05-30 15:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2002-08-29 11:00 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2002-08-29 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2002-08-29 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2002-08-29 11:00 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2002-08-29 11:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-25 19:21 . 2009-11-25 19:21 13822 ----a-r- c:\documents and settings\Ken Hancey\Application Data\Microsoft\Installer\{36C65751-6AED-4F89-A57B-3BE1239F046C}\CP_Icon.exe
2009-11-21 15:51 . 2002-08-29 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Common ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-21 68856]
"Google Update"="c:\documents and settings\Ken Hancey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-05 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 5

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Album Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Album Fast Start.lnk
backup=c:\windows\pss\Album Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GhostSurf proxy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GhostSurf proxy.lnk
backup=c:\windows\pss\GhostSurf proxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=c:\windows\pss\Personal Coach.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ken Hancey^Start Menu^Programs^Startup^FileOpenAPI.exe.lnk]
path=c:\documents and settings\Ken Hancey\Start Menu\Programs\Startup\FileOpenAPI.exe.lnk
backup=c:\windows\pss\FileOpenAPI.exe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ken Hancey^Start Menu^Programs^Startup^Scheduler.lnk]
path=c:\documents and settings\Ken Hancey\Start Menu\Programs\Startup\Scheduler.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-02-17 01:49 149024 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-02-17 01:57 1945960 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-11-20 20:51 2335880 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autorun Eater]
2009-05-27 04:54 549400 ----a-w- c:\program files\Autorun Eater2.4\oldmcdonald.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-01-15 23:14 147456 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-02-07 08:03 114741 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-06-22 06:44 126976 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-06-22 06:48 155648 ----a-w- c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2007-08-31 19:01 1037736 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-12-03 13:40 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 18:00 200704 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 22:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-08-27 01:47 204800 ------w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD]
2002-12-18 02:28 397312 ----a-w- c:\program files\CyberLink\PowerDVD\PowerDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerPanel Personal Edition User Interaction]
2007-12-07 21:39 315392 ----a-w- c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QUICKCARE]
2007-05-10 00:15 198800 ----a-w- c:\program files\Qwest\QuickCare\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 22:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
2009-11-06 22:19 6515784 ----a-w- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
2003-02-13 07:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 07:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-06-21 00:20 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-03-28 13:55 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-02-17 01:45 1169776 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 22:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2004-08-14 11:42 36864 ------w- c:\program files\mobile PhoneTools\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
2007-11-26 21:47 1206600 ----a-w- c:\program files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\SYSTEM32\DRIVERS\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]
R1 ehdrv;ehdrv;c:\windows\SYSTEM32\DRIVERS\ehdrv.sys [11/16/2009 9:03 AM 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11/16/2009 9:04 AM 735960]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [12/29/2009 9:59 PM 1201640]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [12/31/2009 8:24 PM 598856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 9:48 AM 135664]
S3 scsiscan;SCSI Scanner Driver;c:\windows\SYSTEM32\DRIVERS\scsiscan.sys [3/21/2004 1:33 PM 11520]
.
Contents of the 'Scheduled Tasks' folder

2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 16:48]

2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 16:48]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2104602384-3097615495-1700844549-1006Core.job
- c:\documents and settings\Ken Hancey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-15 16:48]

2010-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2104602384-3097615495-1700844549-1006UA.job
- c:\documents and settings\Ken Hancey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-15 16:48]

2004-03-22 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]

2010-02-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
mSearch Bar =
uInternet Settings,ProxyOverride = <local>
uSearchAssistant =
uCustomizeSearch =
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
Trusted Zone: turbotax.com
DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} - hxxp://www.silvercrk.com/php/hwsolii_scecab_166.70.14.41.1251010811426081787_3442128.cab
DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} - hxxp://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab
FF - ProfilePath - c:\documents and settings\Ken Hancey\Application Data\Mozilla\Firefox\Profiles\xjq3n7fm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.isp.netscape.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\Ken Hancey\Application Data\Mozilla\Firefox\Profiles\xjq3n7fm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\Ken Hancey\Application Data\Mozilla\Firefox\Profiles\xjq3n7fm.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\Ken Hancey\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-15 19:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1092)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(2312)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\CyberPower PowerPanel Personal Edition\ppped.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\documents and settings\Ken Hancey\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-15 19:07:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-16 02:07
ComboFix2.txt 2010-02-15 03:28

Pre-Run: 228,597,272,576 bytes free
Post-Run: 228,459,253,760 bytes free

- - End Of File - - AA2AA83EBDFC5D6D48978C346242FC21
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,136 posts
  • MVP
Looking good. Finish the rest of the last post and you are done!

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP