[RPaul]

Hi, thank you for this forum. I appreciate that there are people out there such as yourselves to help someone like me. I began having problems with a Google Adwords Redirect virus. To tell you what I've done...just about everything.

-I bought and ran PC Tools Antivirus
-Ran Spybot, Spyware Destroyer, MBAM, AVG
-AVG couldn't update with SP2 or SP3, so I tried both, they wouldn't install
-Backed up my computer to a restore point from a week earlier, hoping to get behind the problem. It didn't remove it but it did allow me to update to SP3.
-Ran Wise Registry Cleaner
-Updated Roxio
-Updated Adobe Reader
-Updated Java
-Removed AVG
-Tried to run ESET but it hung up and gave me problems. I had to do a restore point to before I installed it in order to get rid of it.
-Downloaded Gooredfix.exe but have not run it yet...should I?
-Found your site, ran TFC
-Ran ERUNT
-Ran Panda ActiveScan. It found some stuff but I don't want to pay for it, to use their removal tool. I doubt it will work.
-Ran SuperAntispyware
-Ran Sophos. It found stuff but the remove button stayed gray when it was done, it didn't allow me to remove.
-Ran MBAM again
-Ran GMER - saved.
-Ran OTL


NOTE: I am having problems providing the ark.txt file as it is too large to attach and keeps crashing Firefox when I paste it in. I tried attaching as a .rar but it was rejected. I split it into 2 pieces and attached the 1st, but can't the 2nd "Upload failed. The file was larger than the available space". Not sure what to do?


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3983

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

4/12/2010 8:17:03 PM
mbam-log-2010-04-12 (20-17-03).txt

Scan type: Quick scan
Objects scanned: 127870
Time elapsed: 15 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

========================================

OTL Extras logfile created on: 4/13/2010 10:36:47 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Rebekah\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 303.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 6.41 Gb Free Space | 17.19% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 277.69 Gb Free Space | 93.16% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TAZ
Current User Name: Rebekah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"7521:TCP" = 7521:TCP:*:Enabled:Services
"7522:TCP" = 7522:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3992:TCP" = 3992:TCP:*:Enabled:Services
"6484:TCP" = 6484:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"7521:TCP" = 7521:TCP:*:Enabled:Services
"7522:TCP" = 7522:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3992:TCP" = 3992:TCP:*:Enabled:Services
"6484:TCP" = 6484:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Conference\Conference.dll" = C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference by KIOSK Team -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{09C37001-A57E-4CDB-85A4-7895F3B85DD4}" = Palo Alto Software's Application Manager 8.1
"{0AEA9ECE-2AD0-4DF0-932E-F0AC6B771749}" = SnagIt 8
"{11DE2361-9F73-47B3-B638-2F267927E307}" = Ipswitch WS_FTP Home 2006
"{14A8AB04-F5F4-44A4-BBEE-500AD5036272}_is1" = Fortop Album Creator 1.3
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205F8D68-A379-4AB6-9919-FA3D6B3EBD55}" = Business Plan Pro 2005
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2b02f822-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Pro Edition 2004
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{32486EED-2D1C-42B2-9E3A-D1AF6E5BD069}" = Album Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CCCE0DF-B7C4-4E95-BF44-04C8E2AECFDA}_is1" = VideoVista Home 2.2.2
"{43FC6F81-97E8-45D1-89F3-5E87FE066AE5}" = Mindjet MindManager Pro 6
"{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}" = Easy CD & DVD Creator 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7F29BE4F-1651-4CFE-AF63-68825B90EE3B}" = BlackBerry Desktop Software 4.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87ECFEA1-7882-4FC7-A2E2-2AC0CC262EBC}" = Sothink SWF Decompiler
"{8A2DA523-38FD-49DA-88E9-6BCDD7CCE9CF}" = MySQL Administrator 1.1
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8CFC7570-DD90-486E-A239-E31D455BDE93}" = Microsoft LifeCam
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F3AA869-0769-4336-A1C1-3832D764EE29}" = ScanSoft OmniPage Pro 14.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A11AAE78-FAB7-4850-9668-A692F074F474}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8700 smartphone
"{A14F7508-B784-40B8-B11A-E0E2EEB7229F}" = Adobe Premiere Pro 1.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Pro
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C5938553-F757-463F-BA21-740C9CBB0D39}" = Mipsis Product Catalog
"{C8F4800F-52F4-4115-BE64-FF1C23604E86}_is1" = Sothink Glanda
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{E59901B7-02F4-48A4-91E4-85E5EE11446C}" = allCLEAR 6.10
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC8EA208-7B65-4EFF-B074-EFED72A3E8AE}" = iTunes
"{FCE50DB8-C610-4C42-BE5C-193F46C6F812}" = Windows Live Messenger
"{FFA2B2B6-3BDE-4728-B404-A16E0F853F6A}" = Microsoft Office Live Meeting 2005
"3D Photo Album Screensaver" = 3D Photo Album Screensaver
"ActiveScan 2.0" = Panda ActiveScan 2.0
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe Type Manager 4.1" = Adobe Type Manager 4.1
"AI RoboForm" = AI RoboForm (All Users)
"Audacity_is1" = Audacity 1.2.6
"BitLord" = BitLord 1.1
"BlackBerry_{7F29BE4F-1651-4CFE-AF63-68825B90EE3B}" = BlackBerry Desktop Software 4.1
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Bubbles" = Bubbles
"CANONBJ_Deinstall_CNMCP1N.DLL" = Canon BJC-6000 (BJRSTR)
"CCleaner" = CCleaner
"CodeThatMenu STANDARD_is1" = CodeThatMenu STANDARD v. 2.3.1
"CoffeeCup Free FTP 4.2" = CoffeeCup Free FTP
"Crimson Editor" = Crimson Editor (remove only)
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"Flash Optimizer Lite_is1" = Flash Optimizer Lite
"Flash Slideshow Maker Pro" = Flash Slideshow Maker Pro 4.56
"Flash4D v5 - Pro Edition - Flash Intro Builder Trial" = Flash4D v5 - Pro Edition - Flash Intro Builder Trial
"Good Sync_is1" = Good Sync version 4.6.1
"Google Desktop" = Google Desktop
"InterActual Player" = InterActual Player
"Invoice Store 4.0" = Invoice Store 4.0
"JAlbum_1" = JAlbum 7.4
"JDSecure" = JD Secure 3.1
"LinkedIn Internet Explorer Toolbar" = LinkedIn Internet Explorer Toolbar
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Magic ISO Maker v5.0 (build 0166)" = Magic ISO Maker v5.0 (build 0166)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapSource" = MapSource
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSN Music Assistant" = MSN Music Assistant
"My Pictures 3D_is1" = My Pictures 3D 1.1
"My Pictures Editor_is1" = My Pictures 3D Album 0.95
"PDF-XChange 3_is1" = PDF-XChange 3.0
"PhotoMeister2_is1" = PhotoMeister 2
"QuarkXPress" = QuarkXPress 4.0
"Registry Booster_is1" = Uniblue Registry Booster
"Revo Uninstaller" = Revo Uninstaller 1.85
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.3.1
"Spyware Doctor" = Spyware Doctor 7.0
"SUPER ©" = SUPER © Version 2007.bld.23 (July 4, 2007)
"SWFText" = SWFText
"TalkShoe Live! 2.0" = TalkShoe Live! 2.0
"VN_VUIns_Rhine_D-Link" = D-Link PCI Fast Ethernet Adapter
"WesabeUploader" = Wesabe Uploader 1.1.0
"Wildform Wild FX Pro 3.003" = Wildform Wild FX Pro 3.003
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 4.84
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.21
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ACT!" = ACT!
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198
"SmartDraw 2007" = SmartDraw 2007
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/10/2010 2:43:23 AM | Computer Name = TAZ | Source = Perflib | ID = 2002
Description = The open procedure for service "WmiApRpl" in DLL "C:\WINDOWS\System32\wbem\wmiaprpl.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 4/10/2010 11:30:01 PM | Computer Name = TAZ | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 4/11/2010 10:14:03 PM | Computer Name = TAZ | Source = ESENT | ID = 490
Description = svchost (1192) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 4/11/2010 10:14:03 PM | Computer Name = TAZ | Source = ESENT | ID = 470
Description = Catalog Database (1192) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
is partially attached. Attachment stage: 3. Error: -1032.

Error - 4/11/2010 11:02:13 PM | Computer Name = TAZ | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 4/12/2010 10:07:40 AM | Computer Name = TAZ | Source = MsiInstaller | ID = 11500
Description = Product: ESET Smart Security -- Error 1500. Another installation is
in progress. You must complete that installation before continuing this one.

Error - 4/12/2010 10:19:25 PM | Computer Name = TAZ | Source = MsiInstaller | ID = 11406
Description = Product: ESET Smart Security -- Error 1406. Could not write value
Name to key \Software\ESET\ESET Security\CurrentVersion\Scheduler\1. System error
. Verify that you have sufficient access to that key, or contact your support
personnel.

Error - 4/12/2010 10:19:28 PM | Computer Name = TAZ | Source = MsiInstaller | ID = 11406
Description = Product: ESET Smart Security -- Error 1406. Could not write value
ModuleID to key \Software\ESET\ESET Security\CurrentVersion\Scheduler\1. System
error . Verify that you have sufficient access to that key, or contact your support
personnel.

Error - 4/12/2010 10:19:30 PM | Computer Name = TAZ | Source = MsiInstaller | ID = 11406
Description = Product: ESET Smart Security -- Error 1406. Could not write value
ActionCode to key \Software\ESET\ESET Security\CurrentVersion\Scheduler\1. System
error . Verify that you have sufficient access to that key, or contact your support
personnel.

Error - 4/12/2010 10:19:31 PM | Computer Name = TAZ | Source = MsiInstaller | ID = 11406
Description = Product: ESET Smart Security -- Error 1406. Could not write value
ActionCode to key \Software\ESET\ESET Security\CurrentVersion\Scheduler\1. System
error . Verify that you have sufficient access to that key, or contact your support
personnel.

[ System Events ]
Error - 4/11/2010 6:26:54 PM | Computer Name = TAZ | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%1053

Error - 4/12/2010 9:52:32 PM | Computer Name = TAZ | Source = DCOM | ID = 10010
Description = The server {03E0E6C2-363B-11D3-B536-00902771A435} did not register
with DCOM within the required timeout.

Error - 4/12/2010 10:46:36 PM | Computer Name = TAZ | Source = Service Control Manager | ID = 7034
Description = The Lexar JD31 service terminated unexpectedly. It has done this
1 time(s).

Error - 4/12/2010 10:46:36 PM | Computer Name = TAZ | Source = Service Control Manager | ID = 7034
Description = The MSCamSvc service terminated unexpectedly. It has done this 1
time(s).

Error - 4/12/2010 10:46:36 PM | Computer Name = TAZ | Source = Service Control Manager | ID = 7034
Description = The Automatic LiveUpdate Scheduler service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/12/2010 10:46:36 PM | Computer Name = TAZ | Source = Service Control Manager | ID = 7034
Description = The Browser Defender Update Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/12/2010 10:46:36 PM | Computer Name = TAZ | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/12/2010 10:46:36 PM | Computer Name = TAZ | Source = Service Control Manager | ID = 7034
Description = The MSSQL$MSDE service terminated unexpectedly. It has done this
1 time(s).

Error - 4/12/2010 10:46:38 PM | Computer Name = TAZ | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 4/12/2010 10:46:46 PM | Computer Name = TAZ | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.


< End of report >

[Advertisements]

can you host the gmer log at a site like mediafire.com and post the link here for me

[Rorschach112]

can you host the gmer log at a site like mediafire.com and post the link here for me

[RPaul]

Good idea. I'll upload it to my server when I get home and provide the link. You may want to increase file size for uploads in the future? Thank you for your help!

[Rorschach112]

cheers

[RPaul]

Hi, thanks again. The file is here: http://www.marketingroiordie.com/scan/

[Rorschach112]

can you post the otl main.txt

[RPaul]

Oh right - here it is :-)

OTL logfile created on: 4/13/2010 10:36:47 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Rebekah\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 303.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 6.41 Gb Free Space | 17.19% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 277.69 Gb Free Space | 93.16% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TAZ
Current User Name: Rebekah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/13 22:35:11 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rebekah\My Documents\Downloads\OTL.exe
PRC - [2010/04/11 13:38:55 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/04/01 10:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/11/21 18:03:15 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/11/15 14:23:26 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/02/24 18:00:26 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/21 09:43:03 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/05/13 19:16:35 | 000,071,168 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe
PRC - [2006/10/13 18:04:06 | 000,707,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2006/10/13 18:01:06 | 000,207,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2006/03/14 08:01:00 | 005,517,312 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
PRC - [2006/03/14 08:01:00 | 000,026,112 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\TscHelp.exe
PRC - [2006/02/23 12:41:02 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005/09/13 02:02:42 | 000,028,672 | R--- | M] (Mindjet) -- C:\Program Files\Mindjet\MindManager 6\MmReminderService.exe
PRC - [2004/09/05 17:20:18 | 000,380,928 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
PRC - [2004/08/09 07:03:38 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/06/29 11:45:16 | 000,102,400 | ---- | M] (Palo Alto Software) -- C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
PRC - [2003/11/12 03:41:48 | 000,114,688 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe
PRC - [2003/11/12 03:40:36 | 000,139,363 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe
PRC - [2003/11/12 03:39:30 | 000,057,344 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPagePro14.0\opware14.exe
PRC - [2003/06/25 01:18:46 | 000,868,352 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
PRC - [2003/06/23 22:12:50 | 000,118,784 | ---- | M] (Roxio, Inc.) -- C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
PRC - [2003/06/23 22:12:48 | 000,319,488 | ---- | M] (Roxio, Inc.) -- C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
PRC - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MSDE\Binn\sqlservr.exe


========== Modules (SafeList) ==========

MOD - [2010/04/13 22:35:11 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rebekah\My Documents\Downloads\OTL.exe
MOD - [2003/11/12 03:35:36 | 000,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPagePro14.0\ophook14.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/21 18:03:15 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2007/05/13 19:16:35 | 000,071,168 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrJD31s.exe -- (LxrJD31s)
SRV - [2006/10/13 18:01:06 | 000,207,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/02/23 12:41:02 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$MSDE\Binn\sqlservr.exe -- (MSSQL$MSDE)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MSDE\Binn\sqlagent.EXE -- (SQLAgent$MSDE)
SRV - [2000/05/24 15:20:36 | 000,015,360 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\ATMsrvc.exe -- (ATMsrvc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com"
FF - prefs.js..extensions.enabledItems: {ec9CEB59-8266-438b-91D9-82F56D595E15}:1.0
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/04/11 13:39:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/11 20:08:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/11 20:31:22 | 000,000,000 | ---D | M]

[2009/08/09 17:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\Mozilla\Extensions
[2010/04/12 19:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\ylgz891a.default\extensions
[2009/12/06 19:47:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\ylgz891a.default\extensions\{ec9CEB59-8266-438b-91D9-82F56D595E15}
[2010/04/13 19:19:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/07 17:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2007/07/09 22:31:48 | 000,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll

O1 HOSTS File: ([2010/04/08 09:45:40 | 000,250,683 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8739 more lines...
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEToolbarBHO Class) - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - C:\Program Files\LinkedIn\IE Toolbar\3.0.4.1100\LinkedInIEToolbar.dll (LinkedIn)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {76a89d48-e230-4363-a66c-64e799583ac6} - No CLSID value found.
O2 - BHO: (no name) - {A984B32E-D1F2-4FE8-AFA0-F8DC81979D79} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (LinkedIn Toolbar) - {BB670D0B-5C46-40C7-B38B-40DD26987723} - C:\Program Files\LinkedIn\IE Toolbar\3.0.4.1100\LinkedInIEToolbar.dll (LinkedIn)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (LinkedIn Toolbar) - {BB670D0B-5C46-40C7-B38B-40DD26987723} - C:\Program Files\LinkedIn\IE Toolbar\3.0.4.1100\LinkedInIEToolbar.dll (LinkedIn)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Bubbles] C:\Program Files\Bubbles\Bubbles.exe ()
O4 - HKLM..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [OpScheduler] C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Opware14] C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RoxioAudioCentral] C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe (Roxio, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxioEngineUtility] C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WorkFlowTray] C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe (ScanSoft, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Lala Music Mover] C:\Program Files\Lala.com\Lala Music Mover\LalaMover.exe File not found
O4 - HKCU..\Run: [pdfSaver3] C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 8.0.lnk = C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe (Palo Alto Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
O4 - Startup: C:\Documents and Settings\Rebekah\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Linked&In Search - C:\Program Files\LinkedIn\IE Toolbar\3.0.4.1100\LinkedinIEToolbar.dll (LinkedIn)
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - Reg Error: Key error. File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Bubble This URL - {A3A0268C-3146-431d-84EE-2789B750ABD2} - C:\Program Files\Bubbles\BubblesHBO.dll (3D3R)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: profx.us ([www] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1202007825012 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1208235924345 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 64.81.45.2 216.231.41.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ljJASmlL: DllName - ljJASmlL.dll - File not found
O20 - Winlogon\Notify\urqPfFut: DllName - urqPfFut.dll - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (C:\WINDOWS\System32\fccdayvs) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/01 21:45:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/04/13 21:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/04/13 19:08:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/13 19:08:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rebekah\Application Data\SUPERAntiSpyware.com
[2010/04/13 19:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/13 19:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rebekah\Desktop\Scan Results
[2010/04/12 23:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/04/12 20:49:32 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/04/12 20:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/04/12 19:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/12 19:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010/04/12 19:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ipswitch
[2010/04/12 19:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\Wesabe Uploader
[2010/04/12 19:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rebekah\Application Data\Wesabe Uploader
[2010/04/12 19:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/04/12 02:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/12 02:22:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/12 02:22:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/12 02:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/11 20:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/11 20:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/11 16:54:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/11 16:54:33 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/11 12:31:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/04/11 12:30:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/11 12:04:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rebekah\My Documents\Roxio
[2010/04/11 03:16:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2010/04/11 03:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/04/11 03:02:02 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/04/10 20:36:52 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/10 20:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/04/10 19:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/04/10 19:12:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/10 19:05:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/04/10 19:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/10 19:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2010/04/10 19:05:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/04/10 19:05:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2010/04/10 19:05:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/04/10 19:03:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/04/10 19:01:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/04/10 18:55:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/04/10 18:55:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/04/10 18:01:50 | 000,059,664 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2010/04/10 18:01:50 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2010/04/10 18:01:50 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2010/04/10 18:01:25 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/04/10 18:01:24 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/04/10 18:01:24 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/04/10 17:51:59 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/04/10 17:51:57 | 000,217,032 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/04/10 17:51:57 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/04/10 17:51:50 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/04/10 17:51:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rebekah\Application Data\PC Tools
[2010/04/10 16:44:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rebekah\Recent
[2010/04/10 14:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rebekah\Application Data\Malwarebytes
[2010/04/10 14:07:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/10 14:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/10 12:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/04/09 23:26:09 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/04/09 22:25:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/09 21:37:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft(2)
[2010/04/08 11:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/08 11:56:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/04/08 09:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/04/08 09:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/04/08 09:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/04/05 19:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/05 19:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/31 18:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rebekah\Application Data\FileZilla
[2010/03/31 18:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2009/12/06 16:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2006/11/03 01:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Kinko's
[2006/06/06 21:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec

========== Files - Modified Within 14 Days ==========

[2010/04/13 22:21:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/13 21:23:06 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/04/13 21:19:35 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/04/13 21:19:21 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/13 21:19:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/13 21:19:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/13 21:18:27 | 009,543,680 | ---- | M] () -- C:\Documents and Settings\Rebekah\ntuser.dat
[2010/04/13 21:18:16 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Rebekah\ntuser.ini
[2010/04/13 20:36:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/13 19:08:28 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/12 23:42:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/12 20:22:56 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Rebekah\Desktop\Revo Uninstaller.lnk
[2010/04/12 19:59:04 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Rebekah\Desktop\NTREGOPT.lnk
[2010/04/12 19:59:04 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Rebekah\Desktop\ERUNT.lnk
[2010/04/11 20:08:59 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/11 16:54:40 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/11 16:11:22 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\Rebekah\Desktop\HiJackThis.lnk
[2010/04/11 11:59:12 | 000,761,856 | ---- | M] (Gracenote) -- C:\WINDOWS\System32\CDDBUIRoxio.dll
[2010/04/11 11:59:12 | 000,589,824 | ---- | M] (Gracenote (formerly CDDB, Inc.)) -- C:\WINDOWS\System32\CDDBControlRoxio.dll
[2010/04/11 11:59:07 | 000,066,992 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2010/04/11 11:59:06 | 000,061,440 | ---- | M] (Roxio) -- C:\WINDOWS\System32\cdrtc.dll
[2010/04/11 11:59:06 | 000,045,056 | ---- | M] (Roxio) -- C:\WINDOWS\System32\cdral.dll
[2010/04/11 11:59:06 | 000,024,698 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2010/04/11 03:40:10 | 000,495,270 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/11 03:40:10 | 000,418,914 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/11 03:40:10 | 000,068,364 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/11 03:35:23 | 000,083,432 | ---- | M] () -- C:\Documents and Settings\Rebekah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/11 03:35:01 | 000,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/11 03:18:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/11 03:08:20 | 000,000,865 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/10 20:36:52 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/10 19:34:08 | 000,001,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Clear with 1 click.lnk
[2010/04/10 19:34:08 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2010/04/10 19:14:11 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/10 19:13:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/10 19:07:03 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/04/10 19:00:45 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/10 19:00:45 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/04/10 18:42:29 | 000,153,600 | ---- | M] () -- C:\Documents and Settings\Rebekah\Application Data\SharedSettings.ccs
[2010/04/10 17:51:54 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/04/09 18:14:23 | 000,002,578 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/08 09:45:40 | 000,250,683 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/08 09:44:07 | 000,016,384 | -H-- | M] () -- C:\SZKGFS.dat

========== Files Created - No Company Name ==========

[2010/04/13 19:08:28 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/12 20:22:56 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Rebekah\Desktop\Revo Uninstaller.lnk
[2010/04/12 19:59:04 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Rebekah\Desktop\NTREGOPT.lnk
[2010/04/12 19:59:04 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Rebekah\Desktop\ERUNT.lnk
[2010/04/11 20:08:59 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/11 16:54:40 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/11 16:11:22 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\Rebekah\Desktop\HiJackThis.lnk
[2010/04/11 03:16:11 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/04/10 20:38:00 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/10 19:34:08 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2010/04/10 19:05:17 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\wstrenderer.ax
[2010/04/10 19:05:17 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\wstpager.ax
[2010/04/10 19:05:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbicodec.ax
[2010/04/10 19:01:05 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/04/10 19:01:04 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/04/10 19:01:03 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/04/10 18:58:32 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/10 18:01:25 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/04/10 17:51:59 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/04/10 17:51:57 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/04/10 17:51:57 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/04/10 17:51:54 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/04/10 17:51:50 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/04/08 12:05:28 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/04/08 12:05:28 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/04/08 12:05:28 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/04/08 12:05:27 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/04/08 09:44:07 | 000,016,384 | -H-- | C] () -- C:\SZKGFS.dat
[2010/01/01 13:13:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/01/01 12:37:48 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Perl
[2010/01/01 12:37:48 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Rebekah\Application Data\PageLibraries
[2010/01/01 12:37:47 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/01/01 12:35:03 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\People
[2010/01/01 12:35:03 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Rebekah\Application Data\PDEs
[2010/01/01 12:35:03 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/10/19 19:24:40 | 009,543,680 | ---- | C] () -- C:\Documents and Settings\Rebekah\ntuser.dat
[2009/10/11 12:08:15 | 000,153,600 | ---- | C] () -- C:\Documents and Settings\Rebekah\Application Data\SharedSettings.ccs
[2009/10/11 12:07:46 | 000,000,208 | ---- | C] () -- C:\WINDOWS\System32\xpysys.dll
[2009/10/07 18:31:14 | 009,113,600 | ---- | C] () -- C:\Documents and Settings\Rebekah\ntuser.rhk
[2008/06/28 18:25:24 | 000,006,408 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log
[2008/06/28 14:40:35 | 000,000,846 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/25 21:12:39 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS1N.DLL
[2008/02/11 20:29:06 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2008/02/10 23:29:37 | 000,004,325 | ---- | C] () -- C:\Documents and Settings\Rebekah\resetlog.txt
[2007/12/20 08:15:30 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/12/20 08:08:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/11/29 18:15:51 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/10/24 20:40:41 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/10/24 20:40:40 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/05/30 17:30:20 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ÄÐ3113.sys
[2007/03/24 22:57:12 | 000,000,073 | ---- | C] () -- C:\WINDOWS\MindManager.INI
[2007/02/26 18:13:39 | 000,000,007 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameF.txt
[2006/12/18 20:03:11 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/17 23:36:02 | 000,000,026 | ---- | C] () -- C:\WINDOWS\FPKPMSV.INI
[2006/12/16 01:35:33 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/12/06 00:18:12 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\Chip.dll
[2006/11/03 01:05:47 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Rebekah\Local Settings\Application Data\fusioncache.dat
[2006/09/11 19:59:36 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2006/08/16 22:22:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/22 23:02:28 | 000,018,057 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2006/06/23 20:34:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/06/12 21:54:03 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2006/06/12 21:53:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2006/06/12 21:53:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2006/06/08 23:57:46 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2006/06/01 10:06:32 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/05/27 16:44:58 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/05/27 16:44:58 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/05/27 16:31:59 | 000,006,096 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2006/05/01 23:08:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2006/05/01 23:08:34 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2006/05/01 23:08:34 | 000,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys
[2006/05/01 23:08:34 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2006/04/12 21:29:58 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Rebekah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/06 00:19:50 | 000,000,033 | ---- | C] () -- C:\WINDOWS\quark.ini
[2006/04/03 00:11:10 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/04/01 22:54:53 | 000,000,012 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2006/04/01 22:49:27 | 000,000,430 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/04/01 22:30:27 | 000,000,007 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2006/04/01 22:05:45 | 000,000,467 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/01 21:50:19 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Rebekah\ntuser.ini
[2006/04/01 21:50:18 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Rebekah\NTUSER.DAT.LOG
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/05 07:12:06 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\authdvd.dll

========== LOP Check ==========

[2010/04/10 16:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/12 02:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/01 12:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dance Kit
[2010/01/01 12:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Distortion
[2010/01/01 12:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2007/12/20 07:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/05/19 02:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2006/09/08 16:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mindjet
[2010/01/01 12:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2006/08/19 19:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ONE
[2006/12/06 22:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Palo Alto Software
[2007/12/06 16:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prevx
[2006/04/02 15:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2006/04/01 22:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/04/08 09:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/04/08 21:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2006/04/16 23:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/04/13 21:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/01 12:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/04/11 20:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/11/06 20:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\3D Photo Album Screensaver
[2006/11/24 22:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\acccore
[2007/03/28 15:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\Aim
[2009/12/19 12:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\BitTorrent
[2006/06/24 05:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\Blackberry Desktop
[2009/08/17 16:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\Canon
[2009/10/11 12:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\CoffeeCup Software
[2010/04/13 22:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\DNA
[2006/11/03 01:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\Downloaded Installations
[2010/01/31 14:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\Facebook
[2010/04/08 19:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\FileZilla
[2006/04/01 22:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\Interact Commerce
[2008/01/23 17:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\JAlbum
[2006/12/17 23:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\Kinko's
[2010/04/11 20:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\Lala Music Mover
[2008/12/08 20:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\LinkedIn
[2007/03/20 18:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\My Pictures 3D
[2007/01/01 11:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\MySQL
[2010/01/01 12:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\Nikon
[2006/04/03 19:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\Opera
[2006/12/06 22:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\Palo Alto Software
[2007/03/20 20:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\Photozig Albums
[2009/10/19 20:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\Registry Booster
[2006/06/24 05:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\Research In Motion
[2006/04/01 22:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\ScanSoft
[2007/03/28 15:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\SecondLife
[2006/09/06 15:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\slooz.com
[2007/10/31 00:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\SmartDraw
[2008/02/16 03:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\Smilebox
[2006/08/23 00:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\Snapfish
[2006/07/08 03:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\Sync App Settings
[2007/05/26 11:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\Viewpoint
[2007/10/25 10:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\WebEx
[2010/04/12 19:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rebekah\Application Data\Wesabe Uploader
[2010/04/13 20:36:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/04/13 21:23:06 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/28 18:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/28 16:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2002/08/28 18:40:52 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2002/08/28 18:41:08 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2002/08/28 18:41:12 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 05:42:02 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/04/01 13:33:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/04/01 13:33:03 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/04/01 13:33:03 | 000,425,984 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/11 11:59:07 | 000,066,992 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys
[2010/04/11 11:59:06 | 000,024,698 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\cdralw2k.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/03/10 11:36:36 | 000,217,032 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys
[2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctgntdi.sys
[2010/02/05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctplsg.sys
[2010/04/10 20:36:52 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys
[2010/02/02 10:13:54 | 000,051,984 | --S- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\TfFsMon.sys
[2010/02/02 10:13:54 | 000,033,552 | --S- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\TfNetMon.sys
[2010/02/02 10:13:54 | 000,059,664 | --S- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\TfSysMon.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

[Rorschach112]

hi

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O20 - Winlogon\Notify\ljJASmlL: DllName - ljJASmlL.dll - File not found
  O20 - Winlogon\Notify\urqPfFut: DllName - urqPfFut.dll - File not found
  O30 - LSA: Authentication Packages - (C:\WINDOWS\System32\fccdayvs) - File not found
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them
  
  Click me
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

[RPaul]

Thank you, I will follow your direction this evening. Will you be around this weekend to review the results?

Best,
Rebekah

[RPaul]

Hi, again. :-) I did what you instructed with OTL and got an error:

Access violation at address 00402903 in module 'OTL.exe'. Read of address 00212000.

When I hit OK, it then started going through the create system restore point and stopped. Nothing for more than 10 minutes, so I shut the computer off. When it came back up, I came into this forum to type the above and got a 'blue screen of death' that said it created a data dump. When I rebooted it was severely slow but I managed to get it to restore back to like this past Wednesday and am now here. It scared the beegeesus out of me! How to proceed?

[Rorschach112]

run combofix

[RPaul]

I'm nervous to run ComboFix without first cloning my PC. Should I be? I've looked into this but can't afford the $70 right now for say, Ghost.

[RPaul]

Hi, I backedup c: onto d: as a precaution with Acronis. I then ran Combofix. This is the result. Does it tell you anything? I just searched on 'frogs in amazon' and was able to pull up the pages correctly. I am tentatively saying it appears fixed.

ComboFix 10-04-17.07 - Rebekah 04/18/2010 20:24:33.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.734 [GMT -7:00]
Running from: c:\documents and settings\Rebekah\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HelpAssistant.TAZ.000\System
c:\documents and settings\HelpAssistant.TAZ.000\System\win_qs8.jqx
c:\documents and settings\HelpAssistant.TAZ\System
c:\documents and settings\HelpAssistant.TAZ\System\win_qs8.jqx
c:\documents and settings\HelpAssistant\System
c:\documents and settings\HelpAssistant\System\win_qs8.jqx
c:\documents and settings\Rebekah\System
c:\documents and settings\Rebekah\System\win_qs8.jqx
c:\windows\system\d3d9.dll
c:\windows\system32\Chip.dll

.
original MBR restored successfully !
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EXPLORERSVC


((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))
.

2010-04-18 23:03 . 2010-04-18 23:03 160704 ----a-w- c:\windows\system32\drivers\afcdp.sys
2010-04-18 23:02 . 2010-04-18 23:02 911680 ----a-w- c:\windows\system32\drivers\tdrpm258.sys
2010-04-18 23:02 . 2010-04-18 23:02 581984 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-04-18 23:02 . 2010-04-18 23:02 166272 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-04-18 23:02 . 2010-04-18 23:03 -------- d-----w- c:\program files\Common Files\Acronis
2010-04-18 23:02 . 2010-04-18 23:02 -------- d-----w- c:\program files\Acronis
2010-04-18 17:55 . 2010-04-18 17:55 -------- d-----w- c:\program files\GFI
2010-04-17 02:30 . 2010-04-17 02:30 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-17 02:28 . 2010-04-17 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-17 01:41 . 2010-04-17 01:41 -------- d-----w- C:\_OTL
2010-04-14 04:34 . 2010-04-14 04:34 -------- d-----w- c:\program files\Sophos
2010-04-14 02:08 . 2010-04-14 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-14 02:08 . 2010-04-14 02:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-14 02:08 . 2010-04-14 02:08 -------- d-----w- c:\documents and settings\Rebekah\Application Data\SUPERAntiSpyware.com
2010-04-13 06:42 . 2010-04-13 06:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-04-13 03:49 . 2009-06-30 16:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-04-13 03:47 . 2010-04-13 03:47 -------- d-----w- c:\program files\Panda Security
2010-04-13 02:59 . 2010-04-13 02:59 -------- d-----w- c:\program files\ERUNT
2010-04-13 02:30 . 2010-04-13 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Ipswitch
2010-04-13 02:30 . 2010-04-13 02:30 -------- d-----w- c:\program files\Wesabe Uploader
2010-04-13 02:30 . 2010-04-13 02:30 -------- d-----w- c:\documents and settings\Rebekah\Application Data\Wesabe Uploader
2010-04-13 02:12 . 2010-04-13 02:12 -------- d-----w- c:\program files\VS Revo Group
2010-04-12 03:31 . 2010-04-12 03:31 -------- d-----w- c:\program files\Common Files\Java
2010-04-12 03:31 . 2010-04-12 03:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-11 23:54 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-11 23:54 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-11 19:31 . 2010-04-11 19:31 -------- d-----w- c:\program files\AVG
2010-04-11 19:30 . 2010-04-12 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-11 10:16 . 2010-04-11 10:16 -------- d-----w- c:\windows\system32\KB905474
2010-04-11 10:16 . 2009-03-11 05:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-04-11 10:16 . 2009-03-11 05:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2010-04-11 10:13 . 2010-04-11 10:13 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-04-11 10:02 . 2010-04-11 10:02 -------- d-----w- c:\program files\MSXML 4.0
2010-04-11 03:36 . 2010-04-11 03:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-11 03:20 . 2010-04-13 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-11 03:18 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-11 03:17 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-11 03:16 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-11 03:16 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-04-11 03:16 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-04-11 03:16 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-04-11 03:15 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-11 03:15 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-11 03:15 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-04-11 03:14 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-04-11 03:09 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-04-11 03:09 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-04-11 03:09 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-04-11 03:09 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-04-11 03:09 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-04-11 03:09 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-04-11 03:09 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-04-11 03:09 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-04-11 03:09 . 2009-12-08 19:26 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-11 03:09 . 2009-12-08 19:27 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-11 03:09 . 2009-12-08 18:43 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-11 03:07 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-04-11 02:52 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-04-11 02:52 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-04-11 02:50 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-04-11 02:44 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-11 02:44 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-04-11 02:44 . 2009-08-13 15:16 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-04-11 02:16 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-11 02:13 . 2010-04-11 02:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-04-11 02:12 . 2010-04-12 03:32 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2010-04-11 02:01 . 2008-04-14 12:41 25471 ------w- c:\windows\system32\drivers\atv04nt5.dll
2010-04-11 01:55 . 2010-04-11 01:55 -------- d-----w- c:\windows\EHome
2010-04-11 01:01 . 2010-02-02 17:13 59664 --s-a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-04-11 01:01 . 2010-02-02 17:13 51984 --s-a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-04-11 01:01 . 2010-02-02 17:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-04-11 01:01 . 2010-01-22 16:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-11 01:01 . 2010-01-22 16:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-11 01:01 . 2010-01-22 16:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-11 01:01 . 2010-01-22 16:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-11 00:51 . 2010-02-05 16:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-11 00:51 . 2010-03-10 18:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-11 00:51 . 2009-11-23 20:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-11 00:51 . 2010-02-05 16:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-11 00:51 . 2010-04-11 00:51 -------- d-----w- c:\documents and settings\Rebekah\Application Data\PC Tools
2010-04-10 23:57 . 2010-04-10 23:57 -------- d-----w- c:\documents and settings\HelpAssistant.TAZ.000\WINDOWS
2010-04-10 23:57 . 2010-04-10 23:57 -------- d-----w- c:\documents and settings\HelpAssistant.TAZ.000\UserData
2010-04-10 23:57 . 2010-04-10 23:57 -------- d-----w- c:\documents and settings\HelpAssistant.TAZ.000\TEMP
2010-04-10 23:52 . 2010-04-10 23:52 -------- d-----w- c:\documents and settings\HelpAssistant.TAZ.000\Contacts
2010-04-10 23:28 . 2010-04-10 23:28 -------- d-----w- c:\documents and settings\HelpAssistant.TAZ\WINDOWS
2010-04-10 23:28 . 2010-04-10 23:28 -------- d-----w- c:\documents and settings\HelpAssistant.TAZ\UserData
2010-04-10 23:28 . 2010-04-10 23:28 -------- d-----w- c:\documents and settings\HelpAssistant.TAZ\TEMP
2010-04-10 21:07 . 2010-04-10 21:07 -------- d-----w- c:\documents and settings\Rebekah\Application Data\Malwarebytes
2010-04-10 21:07 . 2010-04-11 23:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-10 21:07 . 2010-04-10 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-10 19:12 . 2010-04-10 23:32 -------- d-----w- c:\program files\SpywareBlaster
2010-04-10 06:26 . 2010-04-10 06:26 -------- d-----w- c:\program files\TrendMicro
2010-04-10 04:37 . 2010-04-10 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft(2)
2010-04-08 19:05 . 2008-11-26 19:08 131 ----a-w- c:\windows\IDB.zip
2010-04-08 19:05 . 2009-10-28 08:36 1152444 ----a-w- c:\windows\UDB.zip
2010-04-08 18:56 . 2010-04-11 01:06 -------- d-----w- c:\program files\Spyware Doctor
2010-04-08 18:56 . 2010-04-11 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-04-08 16:44 . 2010-04-08 16:44 16384 ---ha-w- C:\SZKGFS.dat
2010-04-08 16:43 . 2010-04-08 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-04-08 16:42 . 2010-04-08 16:42 -------- d-----w- c:\program files\Common Files\iS3
2010-04-08 16:42 . 2010-04-09 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-04-06 02:05 . 2010-04-10 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-06 02:05 . 2010-04-06 02:05 -------- d-----w- c:\program files\Alwil Software
2010-04-05 07:55 . 2010-04-10 23:44 -------- d-----w- c:\documents and settings\HelpAssistant\TEMP
2010-04-05 07:55 . 2010-04-05 07:55 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-04-05 07:48 . 2010-04-10 23:45 -------- d-----w- c:\documents and settings\HelpAssistant\Contacts
2010-04-05 07:46 . 2010-04-10 23:45 -------- d-s---w- c:\documents and settings\HelpAssistant
2010-04-01 01:49 . 2010-04-09 02:43 -------- d-----w- c:\documents and settings\Rebekah\Application Data\FileZilla
2010-04-01 01:48 . 2010-04-10 23:45 -------- d-----w- c:\program files\FileZilla FTP Client

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 03:36 . 2006-03-05 04:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-19 03:36 . 2008-12-08 03:44 -------- d-----w- c:\program files\DNA
2010-04-19 03:36 . 2008-12-08 03:44 -------- d-----w- c:\documents and settings\Rebekah\Application Data\DNA
2010-04-17 01:34 . 2009-10-08 01:22 -------- d-----w- c:\program files\Yahoo!
2010-04-14 02:09 . 2010-04-14 02:09 52224 ----a-w- c:\documents and settings\Rebekah\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-14 02:09 . 2010-04-14 02:09 117760 ----a-w- c:\documents and settings\Rebekah\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-14 02:08 . 2006-05-27 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-14 02:07 . 2006-04-17 06:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-13 01:41 . 2006-04-03 05:06 -------- d-----w- c:\documents and settings\Rebekah\Application Data\Ipswitch
2010-04-12 03:31 . 2010-04-12 03:31 503808 ----a-w- c:\documents and settings\Rebekah\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e7aaa22-n\msvcp71.dll
2010-04-12 03:31 . 2010-04-12 03:31 348160 ----a-w- c:\documents and settings\Rebekah\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e7aaa22-n\msvcr71.dll
2010-04-12 03:31 . 2010-04-12 03:31 499712 ----a-w- c:\documents and settings\Rebekah\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e7aaa22-n\jmc.dll
2010-04-12 03:31 . 2010-04-12 03:31 61440 ----a-w- c:\documents and settings\Rebekah\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7763b315-n\decora-sse.dll
2010-04-12 03:31 . 2010-04-12 03:31 12800 ----a-w- c:\documents and settings\Rebekah\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7763b315-n\decora-d3d.dll
2010-04-12 03:30 . 2006-05-28 19:00 -------- d-----w- c:\program files\Java
2010-04-12 03:25 . 2009-10-25 19:04 -------- d-----w- c:\documents and settings\Rebekah\Application Data\Lala Music Mover
2010-04-12 03:20 . 2006-04-03 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-04-11 23:11 . 2010-04-11 23:11 388096 ----a-r- c:\documents and settings\Rebekah\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-11 23:07 . 2006-04-03 02:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-11 20:51 . 2007-05-30 17:17 -------- d-----w- c:\program files\Conference
2010-04-11 19:05 . 2006-04-02 05:20 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-04-11 19:05 . 2006-04-02 05:21 -------- d-----w- c:\program files\Roxio
2010-04-11 18:59 . 2002-08-28 04:22 761856 ----a-w- c:\windows\system32\CDDBUIRoxio.dll
2010-04-11 18:59 . 2002-08-28 04:22 589824 ----a-w- c:\windows\system32\CDDBControlRoxio.dll
2010-04-11 18:59 . 2003-06-25 08:18 66992 ----a-w- c:\windows\system32\drivers\cdr4_xp.sys
2010-04-11 18:59 . 2003-06-25 08:18 61440 ----a-w- c:\windows\system32\cdrtc.dll
2010-04-11 18:59 . 2003-06-25 08:18 45056 ----a-w- c:\windows\system32\cdral.dll
2010-04-11 18:59 . 2003-06-25 08:18 24698 ----a-w- c:\windows\system32\drivers\cdralw2k.sys
2010-04-11 10:35 . 2006-04-02 09:52 83432 ----a-w- c:\documents and settings\Rebekah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-11 02:50 . 2009-12-19 19:41 -------- d-----w- c:\program files\Wise Disk Cleaner
2010-04-11 02:34 . 2009-10-08 01:26 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-04-11 02:07 . 2006-04-02 04:44 80007 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-04-11 01:01 . 2008-06-28 20:34 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-10 23:42 . 2006-04-02 22:23 -------- d-----w- c:\program files\Siber Systems
2010-04-06 01:43 . 2008-05-19 06:47 -------- d-----w- c:\program files\CCleaner
2010-03-24 05:55 . 2010-01-01 19:37 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2010-03-24 05:54 . 2010-01-01 19:35 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2010-02-26 05:43 . 2006-06-23 19:33 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2010-04-11 02:05 81920 ------w- c:\windows\system32\ieencode.dll
2010-01-31 21:30 . 2010-01-31 21:30 50354 ----a-w- c:\documents and settings\Rebekah\Application Data\Facebook\uninstall.exe
2010-01-27 03:21 . 2010-01-27 03:21 847040 ----a-w- c:\documents and settings\Rebekah\Application Data\Facebook\axfbootloader.dll
2010-01-27 03:20 . 2010-01-27 03:20 5578752 ----a-w- c:\documents and settings\Rebekah\Application Data\Facebook\npfbplugin_1_0_1.dll
2009-11-22 01:03 . 2009-11-22 01:03 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 09:06 . 2007-10-25 03:38 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2007-10-25 03:38 31232 --sha-r- c:\windows\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfSaver3"="c:\program files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-06 380928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-15 323392]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-04-11 160328]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]
"GFI Backup 2009 - Home Edition"="c:\progra~1\GFI\GFIBAC~1\GFIAgent.exe" [2009-10-22 1839912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-02 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-25 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-24 319488]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"WorkFlowTray"="c:\program files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe" [2003-11-12 139363]
"Opware14"="c:\program files\ScanSoft\OmniPagePro14.0\Opware14.exe" [2003-11-12 57344]
"OpScheduler"="c:\program files\ScanSoft\OmniPagePro14.0\OpScheduler.exe" [2003-11-12 114688]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-22 30192]
"MMReminderService"="c:\program files\Mindjet\MindManager 6\MMReminderService.exe" [2005-09-13 28672]
"Bubbles"="c:\program files\Bubbles\Bubbles.exe" [2008-06-24 534016]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"VX3000"="c:\windows\vVX3000.exe" [2006-10-14 707376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-14 277296]
"EPSON Stylus C82 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE" [2003-10-15 99840]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-02-25 479232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-03-27 5107232]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-03-27 362232]

c:\documents and settings\Rebekah\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Palo Alto Software Update Manager 8.0.lnk - c:\program files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe [2004-6-29 102400]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2006-3-14 5517312]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"7521:TCP"= 7521:TCP:Services
"7522:TCP"= 7522:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"3992:TCP"= 3992:TCP:Services
"6484:TCP"= 6484:TCP:Services
"7310:TCP"= 7310:TCP:Services
"7311:TCP"= 7311:TCP:Services

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [4/12/2010 8:49 PM 28552]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [4/18/2010 4:02 PM 911680]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [4/10/2010 6:01 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [4/10/2010 6:01 PM 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [4/10/2010 5:51 PM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [4/18/2010 4:03 PM 2480048]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [4/10/2010 6:01 PM 112592]
R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~1\GFI\GFIBAC~1\GFIHInst.exe [4/18/2010 10:55 AM 440616]
R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;c:\progra~1\GFI\GFIBAC~1\GFIHSC~1.EXE [4/18/2010 10:55 AM 1410856]
R2 MSSQL$MSDE;MSSQL$MSDE;c:\program files\Microsoft SQL Server\MSSQL$MSDE\Binn\sqlservr.exe -sMSDE --> c:\program files\Microsoft SQL Server\MSSQL$MSDE\Binn\sqlservr.exe -sMSDE [?]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [4/18/2010 4:03 PM 160704]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/6/2009 4:06 PM 135664]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/12/2006 8:26 PM 30192]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\10.tmp --> c:\windows\system32\10.tmp [?]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [4/10/2010 5:51 PM 70408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [4/10/2010 5:51 PM 366840]
S3 SQLAgent$MSDE;SQLAgent$MSDE;c:\program files\Microsoft SQL Server\MSSQL$MSDE\Binn\sqlagent.EXE -i MSDE --> c:\program files\Microsoft SQL Server\MSSQL$MSDE\Binn\sqlagent.EXE -i MSDE [?]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [4/10/2010 6:01 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
Contents of the 'Scheduled Tasks' folder

2010-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]

2010-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 23:06]

2010-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 23:06]

2010-04-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-11 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Linked&In Search - c:\program files\LinkedIn\IE Toolbar\3.0.4.1100\LinkedinIEToolbar.dll/ContextMenu.htm
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: Subscribe to... - \feedscript.htm
IE: {{A3A0268C-3146-431d-84EE-2789B750ABD2} - {4E2E9E0B-6C23-45e9-A8A3-6A5581779451} - c:\program files\Bubbles\BubblesHBO.dll
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: profx.us\www
TCP: {96BE7652-4FFA-48EE-9A6D-2BE393CF2CD6} = 61.105.132.250,64.105.166.122
FF - ProfilePath - c:\documents and settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\ylgz891a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\Rebekah\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

BHO-{76a89d48-e230-4363-a66c-64e799583ac6} - (no file)
BHO-{A984B32E-D1F2-4FE8-AFA0-F8DC81979D79} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-Lala Music Mover - c:\program files\Lala.com\Lala Music Mover\LalaMover.exe
Notify-avgrsstarter - (no file)
Notify-ljJASmlL - ljJASmlL.dll
Notify-urqPfFut - urqPfFut.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-18 20:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\10.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0A2C6EC6-E1BC-9BF5-B3F7D282645EFB0F}\{C08E0694-C5E1-48EE-3ACF6A24AC2BF796}\{A9549B8D-B7EF-15E1-4BD44DC35FFCD192}*]
"526BA65ZPQS4U365YNAELLJ5XA1"=hex:01,00,01,00,00,00,00,00,50,bd,9f,8a,7e,a0,d0,
fa,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6041C420-22B4-140A-3B055037524C6B59}\{9A77D18C-4DFD-83C2-41C1A5F44022B903}\{B579578C-D2DD-BD46-01C9D6D000184189}*]
"526BA65ZPQS4U365YNAELLJ5XA1"=hex:01,00,01,00,00,00,00,00,50,bd,9f,8a,7e,a0,d0,
fa,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(960)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(2356)
c:\program files\ScanSoft\OmniPagePro14.0\OpHook14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
c:\program files\TechSmith\SnagIt 8\TSCHelp.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\LxrJD31s.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Microsoft SQL Server\MSSQL$MSDE\Binn\sqlservr.exe
c:\windows\System32\wdfmgr.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-04-18 20:44:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-19 03:44

Pre-Run: 6,956,580,864 bytes free
Post-Run: 6,853,394,432 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 602351F742FBFB80E6F79F5983B6BB4D

[Rorschach112]

Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
Close out all other open programs and windows.
Double click the file to run it and follow any prompts.
If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.


*In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

mbr -f

Now, please do the Start>Run>mbr -f command a second time.
Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.
Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).

[RPaul]

Hi, I'm having a problem with the program you asked me to run. It jus says "pleasw wait" and isn't doing anything. What do I do now?