Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pragma virus ("Data Protection") [Solved]

Started by Sprayall , Jun 13 2010 05:20 PM

  • This topic is locked This topic is locked

#1
Sprayall
Posted 13 June 2010 - 05:20 PM

Sprayall

    New Member

  • Member
  • Pip
  • 7 posts
After infection, I had repeated BSODs, no control over services, duplicate and empty directories (newly created), disabled DVD and CD drives, missing icons, programs and directories, and very poor overall performance. I know I shouldn't have ran ComboFix but I did. Almost all symptoms disappeared and it doesn't seem that I've complicated things by running ComboFix.
I have just gone through the "Malware and Spyware Cleaning Guide". The logs are below. I have no way of knowing whether or not my system is clean. Malwarebyte's detects nothing on quick scans. AVG detects nothing (now uninstalled - trying to use Avast with no luck). If you could please offer any help it would be greatly appreciated. Thanks in advance.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4192

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

6/12/2010 5:07:03 PM
mbam-log-2010-06-12 (17-07-03).txt

Scan type: Quick scan
Objects scanned: 137151
Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-13 14:06:50
Windows 6.0.6002 Service Pack 2
Running: h6xtcld3.exe; Driver: C:\Users\Jim\AppData\Local\Temp\kxrdypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90C07000, 0x250DAC, 0xE8000020]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] C95D0AC61487C02523CB39863FCDE4CBEA57AC35B7F4DEA5555AEA7D4645700DE317D4480856033B
8BC870E47DE69579A8C57D3BE4C97D5ABF3461176AE1770E17CBDFF91FA5083D9924A306CA412A758
91D92F0063D542D09D0FA8C253BC2D1E6108ADB773B9D5ECCFC173D537DE6942DA5B69872E83AB40B
BDA6B19A035E4D8A5E88F22281A61AD9D4E45E35DEA272E30987F975069B4B5472A8DDE58E6C3D6D9
361C82685992BA813F7C3834A486DB25877DD50F5F910A8C5956C12D5A1A2AE71F0E77DFA7F15D681
92CC464D56A654864B94373CE7E77DF25A3EA0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BE
CC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC
79338EDD5E5BE2F6E667A9C6AECB7A5D1407E2A11DF0254674845B0E33ACD7493B74AD651B7DC4FD5
67D01298B9C9BCDA03D7BDFF5AA9F7556B1739881359EA523A7A43B980F6EFCB3757EA9896D83D3DC
07FC303561955250BA11C54D9BC9DA6810219B9F007BBDFBA10C7EF90D8FC84072C9899408D299C78
B91A0110EEECA826418C78DDD6C68562657C03A82C4B9C63369F690C3865D2804F34A8E6E062D6CD3
A21701669F77F01FB1976B8B8C096BEF06186D6DC304E0F75CF645D36B8D257D7D705F0DDC3C7B199
143F297B769B2446FA1AF1402C7632F116E00095F4932F60AD1D

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 6/13/2010 2:17:55 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Jim\Desktop\Geeks To Go Recommendations
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): c:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 78.96 Gb Free Space | 34.61% Space Free | Partition Type: NTFS
Drive D: | 227.87 Gb Total Space | 210.18 Gb Free Space | 92.24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JIM-PC
Current User Name: Jim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/09 20:21:25 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\Geeks To Go Recommendations\OTL.exe
PRC - [2010/03/25 15:11:15 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/16 13:27:34 | 000,290,816 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe


========== Modules (SafeList) ==========

MOD - [2010/06/09 20:21:25 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\Geeks To Go Recommendations\OTL.exe
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 00:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (CLTNetCnService)
SRV - [2010/05/04 21:21:17 | 002,478,640 | ---- | M] () [Disabled | Stopped] -- c:\Program Files\Common Files\Akamai\rswin_3697.dll -- (Akamai)
SRV - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009/03/16 13:27:06 | 000,180,224 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/08/25 16:37:01 | 000,079,360 | ---- | M] (SolidWorks) [Disabled | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008/07/10 09:23:26 | 000,053,032 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - [2008/07/10 09:23:16 | 001,442,088 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2008/04/04 10:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/04/04 18:54:08 | 000,266,343 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2007/02/15 13:45:36 | 000,707,344 | ---- | M] (O&O Software GmbH) [Disabled | Stopped] -- C:\Windows\System32\oodag.exe -- (O&O Defrag)
SRV - [2007/02/07 00:04:26 | 000,457,512 | ---- | M] (HiTRSUT) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/31 19:18:42 | 000,053,248 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/12/29 17:51:56 | 000,028,672 | ---- | M] () [Disabled | Stopped] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006/10/26 13:45:00 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2005/10/11 16:13:38 | 000,667,648 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2005/10/11 16:03:26 | 000,204,800 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2005/10/11 16:00:24 | 000,053,248 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync)
SRV - [2005/10/11 16:00:22 | 000,045,056 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\Windows\System32\lkads.exe -- (lkClassAds)
SRV - [2005/10/10 15:08:32 | 000,049,152 | ---- | M] (National Instruments Corp.) [Disabled | Stopped] -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2005/10/03 23:52:40 | 000,005,728 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2005/09/02 15:34:40 | 000,913,408 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2005/08/25 15:43:14 | 000,688,190 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer)


========== Driver Services (SafeList) ==========

DRV - [2010/05/19 19:30:49 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/05/25 23:31:23 | 000,040,896 | ---- | M] (SniffUsb/UsbSnoop Project) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbsnoop.sys -- (usbsnoop) usbsnoop (display)
DRV - [2009/03/16 14:33:54 | 004,361,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/02/25 10:55:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner v2.24\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009/02/19 22:17:50 | 000,095,760 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/01/13 19:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/01/13 19:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/01/13 19:13:36 | 000,031,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2009/01/13 19:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/01/13 19:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008/10/31 17:28:26 | 000,022,432 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/07/10 09:23:14 | 000,040,488 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2008/07/10 09:23:14 | 000,038,952 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2008/07/10 09:23:04 | 000,128,424 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2008/07/03 22:12:45 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/04/28 06:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/01/18 22:57:16 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2007/12/06 09:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/08/08 09:54:10 | 000,028,968 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ATITool.sys -- (ATITool)
DRV - [2007/06/29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/04/16 17:58:28 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2007/03/26 04:18:18 | 001,761,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/07 00:04:54 | 000,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2007/02/07 00:04:50 | 000,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk)
DRV - [2007/02/07 00:04:48 | 000,020,264 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2007/02/02 01:37:36 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/12/07 19:12:02 | 000,076,584 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/09/19 17:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
DRV - [2005/06/10 11:01:00 | 000,007,140 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2004/04/10 10:42:36 | 000,002,944 | ---- | M] ([email protected]) [Kernel | Auto | Running] -- C:\Windows\System32\mbmiodrvr.sys -- (mbmiodrvr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "https://login.yahoo....ntl=us&.src=ym"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {bcb4f322-a177-4ecd-9c80-835d96e1e595}:0.1.3.20090408
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/25 15:11:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/15 22:30:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/27 20:07:04 | 000,000,000 | ---D | M]

[2010/05/15 22:30:11 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Mozilla\Extensions
[2010/05/30 14:49:07 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\rfbewqkr.default\extensions
[2010/05/15 22:36:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\rfbewqkr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/16 01:58:30 | 000,000,000 | ---D | M] (XML Digital Signature Procesing Tool) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\rfbewqkr.default\extensions\{bcb4f322-a177-4ecd-9c80-835d96e1e595}
[2010/05/29 20:52:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/29 20:52:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/29 20:51:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/05/25 18:17:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.co...sreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} file:///E:/win/setup/iaieplay.dll (IEPlayInterface Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....NPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} file:///E:/win/setup/iamce.dll (IAMCE Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} http://www.solidwork...dimdownload.cab (SolidWorks Installation Manager Contol)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 14:43:38 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.FSS -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/05/12 14:26:28 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: wave2 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/06/12 10:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/10 01:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/08 22:17:06 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\AVG9
[2010/06/08 22:00:08 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\Geeks To Go Recommendations
[2010/06/03 00:49:24 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jim\Desktop\HijackThisInstaller.exe
[2010/05/29 22:12:41 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/05/29 21:07:48 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Malwarebytes
[2010/05/29 21:07:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/29 21:07:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/29 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/29 21:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/29 20:53:48 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\WinPatrol
[2010/05/29 20:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/05/27 19:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/26 01:37:16 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/05/25 18:28:46 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\temp
[2010/05/25 18:27:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/05/25 17:47:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/05/25 17:47:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/05/25 17:47:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/05/25 17:47:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/25 17:34:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/25 17:34:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/05/24 12:15:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2010/05/22 23:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/05/22 23:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/05/22 22:35:42 | 000,000,000 | ---D | C] -- C:\Windows\Profiles
[2010/05/20 11:07:45 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\SWViewer
[2010/05/19 19:30:49 | 000,717,296 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010/05/19 19:30:03 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies Inc
[2010/05/15 22:30:03 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Mozilla
[2010/05/15 22:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/14 01:47:27 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\dpvhasuba
[2010/05/13 21:57:59 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\Solutions Manual - Engineering Economic Analysis 9th Edition
[2010/05/07 00:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\SolidWorks Corp
[2010/05/07 00:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SolidWorks
[2010/05/06 23:50:52 | 000,000,000 | ---D | C] -- C:\SolidWorks Data
[2010/04/29 23:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\FFmpeg for Audacity
[2010/04/29 23:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity
[2010/04/29 23:30:47 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Audacity
[2010/04/29 23:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/04/20 20:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010/04/18 20:42:41 | 000,000,000 | ---D | C] -- C:\Users\Jim\Documents\Casio fx115ES
[2010/04/10 23:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avery
[2010/04/09 00:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\DassaultSystemes
[2010/04/08 23:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\eDrawings2010
[2010/04/03 23:11:22 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\My Solidworks Templates
[2010/03/25 15:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/03/25 15:11:17 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/03/25 15:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/03/25 15:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/03/25 02:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2007/04/16 18:09:21 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/13 14:18:00 | 006,553,600 | -HS- | M] () -- C:\Users\Jim\ntuser.dat
[2010/06/13 13:26:05 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/13 13:00:07 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/13 13:00:07 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/12 22:26:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/12 17:07:09 | 000,828,996 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/12 17:07:09 | 000,693,210 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/12 17:07:09 | 000,138,596 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/12 17:00:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/12 17:00:03 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2010/06/12 16:58:24 | 000,524,288 | -HS- | M] () -- C:\Users\Jim\ntuser.dat{e4ee5ffd-5264-11de-8ee9-001c2555092d}.TMContainer00000000000000000001.regtrans-ms
[2010/06/12 16:58:24 | 000,065,536 | -HS- | M] () -- C:\Users\Jim\ntuser.dat{e4ee5ffd-5264-11de-8ee9-001c2555092d}.TM.blf
[2010/06/12 16:57:38 | 000,001,278 | ---- | M] () -- C:\Users\Jim\Documents\cc_20100612_165735.reg
[2010/06/12 16:57:23 | 000,003,208 | ---- | M] () -- C:\Users\Jim\Documents\cc_20100612_165719.reg
[2010/06/12 16:50:30 | 002,833,058 | -H-- | M] () -- C:\Users\Jim\AppData\Local\IconCache.db
[2010/06/12 15:06:28 | 000,021,468 | ---- | M] () -- C:\Users\Jim\Documents\passwords.docx
[2010/06/11 21:05:13 | 000,017,423 | ---- | M] () -- C:\Users\Jim\Documents\Food.xlsx
[2010/06/10 01:59:59 | 051,731,232 | ---- | M] () -- C:\Users\Jim\Desktop\setup_av_free.exe
[2010/06/09 06:31:05 | 001,032,449 | ---- | M] () -- C:\Users\Jim\Desktop\scan.jpg
[2010/06/08 00:23:18 | 000,043,008 | ---- | M] () -- C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/08 00:22:27 | 008,841,941 | ---- | M] () -- C:\Users\Jim\Desktop\Ellie Grad.wmv
[2010/06/07 22:42:31 | 002,056,909 | ---- | M] () -- C:\Users\Jim\Documents\Untitled.wma
[2010/06/07 22:21:33 | 000,691,200 | ---- | M] () -- C:\Users\Jim\Desktop\Ellie Grad.MSWMM
[2010/06/06 23:42:23 | 000,001,028 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\WavCodec.wff
[2010/06/06 23:25:18 | 013,244,228 | ---- | M] () -- C:\Users\Jim\Desktop\MSD Wiring Diagrams and Tech Notes.pdf
[2010/06/03 00:49:22 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jim\Desktop\HijackThisInstaller.exe
[2010/06/02 20:15:26 | 000,012,710 | ---- | M] () -- C:\Users\Jim\Desktop\Purchases.xlsx
[2010/06/02 12:22:34 | 000,052,581 | ---- | M] () -- C:\Users\Jim\Desktop\Bank of America _ Online Banking _ Transaction Image Print2.pdf
[2010/06/02 12:22:24 | 000,052,012 | ---- | M] () -- C:\Users\Jim\Desktop\Bank of America _ Online Banking _ Transaction Image Print.pdf
[2010/06/01 15:47:09 | 000,000,998 | ---- | M] () -- C:\Users\Jim\Documents\cc_20100601_154705.reg
[2010/05/31 11:41:36 | 089,503,744 | ---- | M] () -- C:\Users\Jim\Desktop\FreeCAD_0.7.2072_installer.msi
[2010/05/29 21:07:18 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/28 18:28:50 | 000,001,932 | ---- | M] () -- C:\Users\Jim\Documents\cc_20100528_182846.reg
[2010/05/27 15:44:01 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/05/25 18:17:24 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/05/25 18:17:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/05/23 23:49:35 | 000,018,580 | ---- | M] () -- C:\Users\Jim\Documents\Contacts PRINT.xlsx
[2010/05/23 23:28:39 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/05/23 23:11:45 | 000,008,750 | ---- | M] () -- C:\Users\Jim\Documents\cc_20100523_231126.reg
[2010/05/20 07:11:54 | 000,000,850 | ---- | M] () -- C:\Users\Jim\Documents\cc_20100520_071150.reg
[2010/05/19 20:20:23 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/05/19 20:20:23 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/05/19 19:30:49 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010/05/18 23:57:53 | 001,601,864 | ---- | M] () -- C:\Users\Jim\Documents\Costs to Adept.pdf
[2010/05/16 05:29:52 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/16 04:29:48 | 000,005,576 | ---- | M] () -- C:\Users\Jim\Documents\cc_20100516_042944.reg
[2010/05/15 22:44:51 | 000,344,614 | ---- | M] () -- C:\Users\Jim\Documents\bookmark.htm
[2010/05/15 22:44:51 | 000,000,410 | ---- | M] () -- C:\Users\Jim\Documents\feeds.opml
[2010/05/15 22:30:06 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/05/15 03:18:27 | 000,000,082 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\default.pls
[2010/05/14 20:36:50 | 000,000,198 | ---- | M] () -- C:\Users\Jim\Documents\cc_20100514_203646.reg
[2010/05/14 20:36:32 | 000,023,796 | ---- | M] () -- C:\Users\Jim\Documents\cc_20100514_203626.reg
[2010/05/14 20:36:08 | 000,084,278 | ---- | M] () -- C:\Users\Jim\Documents\cc_20100514_203556.reg
[2010/05/10 20:47:21 | 000,407,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/08 01:14:21 | 000,113,792 | ---- | M] () -- C:\Users\Jim\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/29 23:30:40 | 000,000,855 | ---- | M] () -- C:\Users\Jim\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/27 02:56:53 | 000,011,415 | ---- | M] () -- C:\Users\Jim\Desktop\1st of the Month Payment (Envelope).docx
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/20 20:54:59 | 000,236,616 | ---- | M] () -- C:\Users\Jim\Desktop\installer.exe
[2010/04/10 15:47:49 | 000,016,158 | ---- | M] () -- C:\Users\Jim\Documents\CLASSIC GRAD PACK.docx
[2010/04/08 22:31:00 | 000,010,999 | ---- | M] () -- C:\Users\Jim\Desktop\SASE (Envelope).docx
[2010/04/08 22:27:08 | 000,011,086 | ---- | M] () -- C:\Users\Jim\Desktop\15th Payment (Envelope).docx
[2010/04/04 21:35:04 | 000,036,187 | ---- | M] () -- C:\Users\Jim\Documents\EYE PRESCRIPTION.jpg
[2010/04/04 21:33:01 | 000,137,898 | ---- | M] () -- C:\Users\Jim\Documents\EYE PRESCRIPTION.docx
[2010/03/25 15:12:40 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-106263510-2633795892-3628432610-1000.job
[2010/03/25 15:11:17 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/03/25 02:30:14 | 000,011,714 | ---- | M] () -- C:\Users\Jim\Documents\Phone Contacts.xlsx
[2010/03/15 19:12:18 | 000,204,990 | ---- | M] () -- C:\Users\Jim\Desktop\Grad Pics Coupon.jpg
[2010/03/15 18:07:20 | 000,029,047 | ---- | M] () -- C:\Users\Jim\Documents\Legal Payments.xlsx
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/12 16:57:36 | 000,001,278 | ---- | C] () -- C:\Users\Jim\Documents\cc_20100612_165735.reg
[2010/06/12 16:57:21 | 000,003,208 | ---- | C] () -- C:\Users\Jim\Documents\cc_20100612_165719.reg
[2010/06/10 01:59:38 | 051,731,232 | ---- | C] () -- C:\Users\Jim\Desktop\setup_av_free.exe
[2010/06/09 06:31:05 | 001,032,449 | ---- | C] () -- C:\Users\Jim\Desktop\scan.jpg
[2010/06/08 00:22:26 | 008,841,941 | ---- | C] () -- C:\Users\Jim\Desktop\Ellie Grad.wmv
[2010/06/07 22:42:30 | 002,056,909 | ---- | C] () -- C:\Users\Jim\Documents\Untitled.wma
[2010/06/07 22:21:33 | 000,691,200 | ---- | C] () -- C:\Users\Jim\Desktop\Ellie Grad.MSWMM
[2010/06/06 23:25:18 | 013,244,228 | ---- | C] () -- C:\Users\Jim\Desktop\MSD Wiring Diagrams and Tech Notes.pdf
[2010/06/02 12:22:35 | 000,052,581 | ---- | C] () -- C:\Users\Jim\Desktop\Bank of America _ Online Banking _ Transaction Image Print2.pdf
[2010/06/02 12:22:26 | 000,052,012 | ---- | C] () -- C:\Users\Jim\Desktop\Bank of America _ Online Banking _ Transaction Image Print.pdf
[2010/06/01 19:05:30 | 000,012,710 | ---- | C] () -- C:\Users\Jim\Desktop\Purchases.xlsx
[2010/06/01 15:47:07 | 000,000,998 | ---- | C] () -- C:\Users\Jim\Documents\cc_20100601_154705.reg
[2010/05/31 11:38:15 | 089,503,744 | ---- | C] () -- C:\Users\Jim\Desktop\FreeCAD_0.7.2072_installer.msi
[2010/05/29 21:07:18 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/28 18:28:47 | 000,001,932 | ---- | C] () -- C:\Users\Jim\Documents\cc_20100528_182846.reg
[2010/05/25 17:47:32 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/05/25 17:47:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/05/25 17:47:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/05/25 17:47:32 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/05/25 17:47:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/23 23:49:35 | 000,018,580 | ---- | C] () -- C:\Users\Jim\Documents\Contacts PRINT.xlsx
[2010/05/23 23:11:28 | 000,008,750 | ---- | C] () -- C:\Users\Jim\Documents\cc_20100523_231126.reg
[2010/05/20 07:11:52 | 000,000,850 | ---- | C] () -- C:\Users\Jim\Documents\cc_20100520_071150.reg
[2010/05/18 23:57:50 | 001,601,864 | ---- | C] () -- C:\Users\Jim\Documents\Costs to Adept.pdf
[2010/05/16 05:29:51 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/16 04:29:45 | 000,005,576 | ---- | C] () -- C:\Users\Jim\Documents\cc_20100516_042944.reg
[2010/05/16 03:38:32 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/05/15 22:44:51 | 000,000,410 | ---- | C] () -- C:\Users\Jim\Documents\feeds.opml
[2010/05/15 22:44:48 | 000,344,614 | ---- | C] () -- C:\Users\Jim\Documents\bookmark.htm
[2010/05/15 22:30:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/05/15 03:32:00 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/05/15 03:32:00 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/05/14 20:36:47 | 000,000,198 | ---- | C] () -- C:\Users\Jim\Documents\cc_20100514_203646.reg
[2010/05/14 20:36:29 | 000,023,796 | ---- | C] () -- C:\Users\Jim\Documents\cc_20100514_203626.reg
[2010/05/14 20:36:04 | 000,084,278 | ---- | C] () -- C:\Users\Jim\Documents\cc_20100514_203556.reg
[2010/04/29 23:30:40 | 000,000,855 | ---- | C] () -- C:\Users\Jim\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/04/27 05:08:36 | 002,463,872 | ---- | C] () -- C:\Users\Jim\Desktop\Devil Went Down to Jamaica.mp3
[2010/04/27 02:56:52 | 000,011,415 | ---- | C] () -- C:\Users\Jim\Desktop\1st of the Month Payment (Envelope).docx
[2010/04/20 20:54:58 | 000,236,616 | ---- | C] () -- C:\Users\Jim\Desktop\installer.exe
[2010/04/10 15:47:49 | 000,016,158 | ---- | C] () -- C:\Users\Jim\Documents\CLASSIC GRAD PACK.docx
[2010/04/08 22:30:59 | 000,010,999 | ---- | C] () -- C:\Users\Jim\Desktop\SASE (Envelope).docx
[2010/04/08 22:27:08 | 000,011,086 | ---- | C] () -- C:\Users\Jim\Desktop\15th Payment (Envelope).docx
[2010/04/04 21:35:04 | 000,036,187 | ---- | C] () -- C:\Users\Jim\Documents\EYE PRESCRIPTION.jpg
[2010/03/25 14:40:02 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-106263510-2633795892-3628432610-1000.job
[2010/03/25 02:06:24 | 000,011,714 | ---- | C] () -- C:\Users\Jim\Documents\Phone Contacts.xlsx
[2010/03/15 19:12:18 | 000,204,990 | ---- | C] () -- C:\Users\Jim\Desktop\Grad Pics Coupon.jpg
[2010/02/14 02:42:42 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/08/22 20:51:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/25 15:26:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/02/21 15:13:45 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Dfdlg100.dll
[2009/02/21 15:13:45 | 000,002,427 | ---- | C] () -- C:\Windows\THERM5.ini
[2009/01/01 18:14:25 | 000,223,232 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2008/12/29 02:26:15 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008/12/15 23:51:31 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2008/08/28 01:05:26 | 000,000,061 | ---- | C] () -- C:\Windows\Jcmkr32.INI
[2008/08/25 16:40:14 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2008/08/20 23:45:02 | 000,000,283 | ---- | C] () -- C:\Windows\matlab.ini
[2008/07/03 19:23:11 | 000,003,943 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/06/29 18:11:16 | 000,000,000 | ---- | C] () -- C:\Windows\QTW.ini
[2008/03/27 18:53:54 | 000,000,611 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/07 19:04:22 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/02/26 20:17:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/02/26 20:16:42 | 000,000,079 | ---- | C] () -- C:\Windows\EPSCX7400.ini
[2008/01/16 14:26:18 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/01/16 14:26:18 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2007/08/08 09:54:10 | 000,028,968 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2007/04/16 18:41:33 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/04/16 18:09:21 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/04/16 17:28:29 | 000,000,818 | ---- | C] () -- C:\Windows\generic.ini
[2007/04/16 17:28:29 | 000,000,125 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/02/06 23:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/02/06 23:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/02/06 23:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/02/06 23:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/02/06 23:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/02/06 23:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/09/28 17:26:34 | 000,000,244 | ---- | C] () -- C:\Windows\System32\nirpc.ini
[2005/06/10 11:00:00 | 000,102,400 | ---- | C] () -- C:\Windows\System32\cviUSI.dll
[2005/06/10 11:00:00 | 000,007,140 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[2001/07/03 04:54:12 | 000,184,832 | ---- | C] () -- C:\Windows\System32\JPeg32.dll
[1999/07/29 01:27:10 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[1997/08/06 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
[1997/08/06 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997/08/06 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

========== LOP Check ==========

[2008/02/26 18:28:14 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Acer
[2010/06/08 01:28:40 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Audacity
[2010/06/08 22:17:06 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\AVG9
[2008/11/05 22:11:58 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\DassaultSystemes
[2008/08/25 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\DWGeditor
[2010/04/24 04:33:47 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\EDrawings
[2008/03/29 23:33:12 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\EPSON
[2008/03/23 19:18:06 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\flightgear.org
[2008/03/24 00:07:38 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\fltk.org
[2008/02/27 22:03:14 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Grisoft
[2010/05/07 01:08:54 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\IM
[2008/02/26 18:28:14 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Leadertech
[2009/09/04 01:22:21 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\MuPAD
[2008/07/03 22:12:32 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\NCH Swift Sound
[2009/11/07 02:51:05 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\SecondLife
[2009/01/27 00:57:40 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Uniblue
[2010/05/29 20:53:50 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\WinPatrol
[2010/06/12 16:58:25 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/04/16 18:09:58 | 000,003,358 | ---- | M] () -- C:\-20070416.log
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2006/09/18 14:43:38 | 000,000,024 | ---- | M] () -- C:\AUTOEXEC.FSS
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/04/16 17:29:05 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/05/25 18:28:45 | 000,021,797 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 14:43:38 | 000,000,010 | ---- | M] () -- C:\CONFIG.FSS
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/06/01 20:53:32 | 000,005,188 | -H-- | M] () -- C:\ffastun.ffa
[2008/06/01 20:53:32 | 001,196,032 | -H-- | M] () -- C:\ffastun.ffl
[2008/06/01 20:53:32 | 000,413,696 | -H-- | M] () -- C:\ffastun.ffo
[2008/06/01 20:53:32 | 012,079,104 | -H-- | M] () -- C:\ffastun0.ffx
[2010/05/29 20:57:11 | 000,028,713 | ---- | M] () -- C:\HijackPatrol.log
[2008/03/02 00:19:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/11/29 08:35:22 | 000,000,512 | ---- | M] () -- C:\MDR.iss
[2008/03/02 00:19:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/07/31 10:39:09 | 000,000,828 | ---- | M] () -- C:\net_save.dna
[2009/02/15 14:30:03 | 000,038,291 | ---- | M] () -- C:\NTFY_CD.LOG
[2010/06/12 16:59:57 | 3221,225,472 | -HS- | M] () -- C:\pagefile.sys
[2007/04/16 17:48:32 | 000,000,420 | ---- | M] () -- C:\RHDSetup.log
[2007/04/16 17:59:41 | 000,000,178 | ---- | M] () -- C:\setup.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/10 23:28:18 | 001,209,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\comsvcs.dll
[2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/10 23:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2009/04/10 23:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/19 00:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
< End of report >

OTL Extras logfile created on: 6/13/2010 2:17:55 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Jim\Desktop\Geeks To Go Recommendations
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): c:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 78.96 Gb Free Space | 34.61% Space Free | Partition Type: NTFS
Drive D: | 227.87 Gb Total Space | 210.18 Gb Free Space | 92.24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JIM-PC
Current User Name: Jim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-106263510-2633795892-3628432610-1000]
"EnableNotificationsRef" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iCall\iCall.exe" = C:\Program Files\iCall\iCall.exe:*:Enabled:iCall -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E88A322-169E-49CF-B0B4-EBBF8CD17EF4}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x86\rpcsandrasrv.exe |
"{218D3BCD-97F1-4A77-850D-64D95CB2C3DD}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x86\rpcsandrasrv.exe |
"{35FF8F58-A03A-4E25-AC7D-548637A9345A}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{47BBC686-02DC-4077-8B72-526C53C555F0}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x86\rpcsandrasrv.exe |
"{4DC72E77-683C-40B7-AB7B-2F0C520CC077}" = rport=139 | protocol=6 | dir=out | app=system |
"{4F5F0FB9-7398-49C1-A578-CCC866934FDC}" = rport=137 | protocol=17 | dir=out | app=system |
"{5FF5E8AD-7AF3-4433-906C-BE6ED951687B}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x86\rpcsandrasrv.exe |
"{6B6714B5-D14E-4B51-9F47-861F3A5A567F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{71FEFDC3-717E-4FCD-9CF5-98DB8365273E}" = lport=5060 | protocol=17 | dir=in | name=icall port |
"{76EE0A44-2351-43B5-9C2F-42659CD1055E}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x86\rpcsandrasrv.exe |
"{7AAAC0D5-15DA-4842-AC7F-9CFA909B0D55}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface |
"{7BDEF9A2-1FA4-4BAA-9282-DE7784F01B6D}" = lport=49188 | protocol=6 | dir=in | name=akamai netsession interface |
"{806CAC4D-6002-4DB4-A771-AE6C702AF419}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{847BDED1-969A-4927-8617-71DC1BEA57BD}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x86\rpcsandrasrv.exe |
"{89E997C1-C9D7-4F52-A6C7-A5622D1A7C85}" = rport=138 | protocol=17 | dir=out | app=system |
"{8C6501F4-1725-4B53-A753-40BAF016CBF9}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x86\rpcsandrasrv.exe |
"{AC0D2D1F-ADDA-4F9C-AE21-7F967E5D5F9B}" = lport=445 | protocol=6 | dir=in | app=system |
"{C7AE9F49-A661-4FF0-8BAF-282CC0E9BBF3}" = lport=137 | protocol=17 | dir=in | app=system |
"{CB63606E-D359-47B4-8290-301219D4AB64}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{D1621F09-8880-4B1F-A81B-61C79609498A}" = lport=139 | protocol=6 | dir=in | app=system |
"{D45B2977-1BCD-4D59-A77F-474747C3EADF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\rpcagentsrv.exe |
"{E4BC6668-05D3-4EB3-A0A9-CEBCC59A660A}" = lport=138 | protocol=17 | dir=in | app=system |
"{EC427085-3881-4C80-BA3C-16BEC227187A}" = rport=445 | protocol=6 | dir=out | app=system |
"{ECFA88DA-B672-4EFC-BA9B-99495681EBC9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F1A5146D-2069-42E4-8431-B8545ADA3560}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x86\rpcsandrasrv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14086823-4714-431E-9F9C-C2D6A586AA92}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1955E669-BE1F-4C13-B854-FB32F2900974}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{2329702D-5881-4A79-BF2C-4C080EEBC31A}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{49E42150-5589-4414-B160-16E769B5341E}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{5D3DB7B9-C9EC-4BA2-BEDD-352162C66B55}" = protocol=1 | dir=out | [email protected],-28544 |
"{5F06C73B-3B46-4ED5-983C-2880071833B2}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\homemedia connect.exe |
"{64C52DD3-2977-4C34-BDA1-8FD96179DF00}" = dir=in | app=c:\program files\acer arcade live\slideshow dvd\component\clsldvd.exe |
"{681C12E7-16FB-48E1-B564-0218CCEA281D}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{6C62A068-965F-4BF0-93A1-A2459A19D9C4}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{77AC590D-EC11-4A85-A28B-5D8FADE86E62}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{79C351DB-147C-4CAD-815B-21AB176EEEE5}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{92550EA0-8DBA-49F6-A38D-F4797F171D0A}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{94D0E207-E080-441E-ABA7-9BCB00A0340B}" = protocol=58 | dir=out | [email protected],-203 |
"{9EE75243-CB5E-41ED-8CC0-59008EFAD478}" = protocol=58 | dir=in | app=system |
"{A0103CE1-32FA-4C01-A233-3BB1F5476071}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{A0E22BD1-9D17-41A4-BF50-419B503C50D0}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\component\dvax2process.exe |
"{A8757501-B402-4C19-AD10-EA4697A9512B}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\videomagician.exe |
"{AE664747-ADBC-4126-8449-EBA9C6B391D7}" = protocol=1 | dir=in | [email protected],-28543 |
"{C0B04953-9D63-4886-9FEE-B20972592777}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{C5A6A6A0-D297-4AA6-9383-21A16C3F9929}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C7A81796-2BDE-421A-A8FB-4FDA6F07827F}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{CD5944C7-EFE0-47EA-A509-06AE484150B8}" = protocol=58 | dir=out | [email protected],-28546 |
"{DEA3DBCA-6ACC-422A-B7AE-8B1A7EBFD226}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DFFF3429-DA90-43DB-898C-FAEEFE3F39E2}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\homemedia.exe |
"{E59634F8-1C07-40AC-84E1-E301FBC238EE}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\dvdivine.exe |
"{E6C665D7-12F4-4780-B74C-F2C1807884B7}" = protocol=58 | dir=in | [email protected],-28545 |
"{E7F6AF81-AB81-4E39-8ACC-51F25E541E32}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{ED1E9675-5C5C-4552-8979-8FFBD704C996}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F42A10AE-D383-4A78-9E05-64BBC84376C5}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\component\arawp.exe |
"{F9E26FFB-3B1D-4E22-80CC-C76FF3AE5D7E}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"TCP Query User{00056E7A-2590-4D7D-A8C6-2E57C9106B18}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{01C40002-B874-49CA-AD40-AF4A07E46F5C}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{090A9192-29A2-4070-BC20-2AFA60DC1225}C:\program files\microsoft games\crimson skies\crimson.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\crimson skies\crimson.icd |
"TCP Query User{1C841C24-ECBB-4521-AFDF-3EC1CD070254}C:\program files\microsoft games\combat flight simulator\combatfs.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\combat flight simulator\combatfs.exe |
"TCP Query User{36E89FBD-4619-40DB-8D6C-4503A2111656}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{39557940-E882-4D2E-931A-A340E8CF0376}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe |
"TCP Query User{44970E69-B106-4963-8759-3833A7E372B7}C:\program files\national instruments\labview 8.0\labview.exe" = protocol=6 | dir=in | app=c:\program files\national instruments\labview 8.0\labview.exe |
"TCP Query User{5BAB279B-D012-418D-871E-98520837FC76}C:\program files\nero\nero8\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero showtime\showtime.exe |
"TCP Query User{5C82F794-B122-4B42-AE2F-11CF2D46F4B3}C:\users\jim\appdata\local\xenocode\appliancecaches\kumaclient.exe_v7b24cb33\native\stubexe\@programfiles@\kuma games\kuma.exe" = protocol=6 | dir=in | app=c:\users\jim\appdata\local\xenocode\appliancecaches\kumaclient.exe_v7b24cb33\native\stubexe\@programfiles@\kuma games\kuma.exe |
"TCP Query User{65FE65F1-D98E-4762-8C62-0454DC5E1094}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{67B7F2EE-1976-4257-91F1-FE7AFB7242DF}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{6B8619B7-4C34-492C-9BA3-9429CE2E3478}C:\program files\ea sports\nascar thunder tm 2004\nascar_thunder_2004.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\nascar thunder tm 2004\nascar_thunder_2004.exe |
"TCP Query User{96E276ED-7E78-4B5E-B26A-19231690D64F}C:\program files\icall\icall.exe" = protocol=6 | dir=in | app=c:\program files\icall\icall.exe |
"TCP Query User{B63F9C4B-6B57-42EB-95C3-318690BFA069}C:\program files\america's army\system\armyops.exe" = protocol=6 | dir=in | app=c:\program files\america's army\system\armyops.exe |
"TCP Query User{C200605E-34B9-4C24-91FF-FE04624D4765}C:\program files\microsoft games\combat flight simulator\combatfs.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\combat flight simulator\combatfs.exe |
"TCP Query User{DB695612-D27F-4E91-B5D3-6A4499003A4C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E112B57B-04D4-4832-878B-189C0F02A2B4}C:\program files\flightgear\bin\win32\fgfs.exe" = protocol=6 | dir=in | app=c:\program files\flightgear\bin\win32\fgfs.exe |
"TCP Query User{F1CEF07E-D284-4FEF-A207-C56B220FABA7}C:\program files\national instruments\shared\example finder\1.0\bin\niexamplefinder.exe" = protocol=6 | dir=in | app=c:\program files\national instruments\shared\example finder\1.0\bin\niexamplefinder.exe |
"TCP Query User{FC94FD10-11BB-452F-88DA-A5F5DD9CC5F3}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{03255DC7-4220-4685-8A12-B3FC03904EB5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{165634F5-9CD9-44C9-A78C-38D4EAFCA126}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{1C56E0A5-CDB1-485C-8B84-CDB84AC94755}C:\users\jim\appdata\local\xenocode\appliancecaches\kumaclient.exe_v7b24cb33\native\stubexe\@programfiles@\kuma games\kuma.exe" = protocol=17 | dir=in | app=c:\users\jim\appdata\local\xenocode\appliancecaches\kumaclient.exe_v7b24cb33\native\stubexe\@programfiles@\kuma games\kuma.exe |
"UDP Query User{1F660DEC-7755-4B02-910C-FC09B444B5EB}C:\program files\national instruments\shared\example finder\1.0\bin\niexamplefinder.exe" = protocol=17 | dir=in | app=c:\program files\national instruments\shared\example finder\1.0\bin\niexamplefinder.exe |
"UDP Query User{24C7AD37-2314-44B0-BC78-7A1E5C3D581A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2A7EFA8F-1237-49C8-A5D1-1CA47875C142}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{30CAD7A0-CF35-48F8-98C7-F5DCBE31D7A3}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{52CA618B-EBA0-4D34-896E-1265D9EF5824}C:\program files\america's army\system\armyops.exe" = protocol=17 | dir=in | app=c:\program files\america's army\system\armyops.exe |
"UDP Query User{646A6404-A2EC-44E0-B3DA-C835C05F3C7B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{6ED602B5-95D0-4823-A904-72C27E88E4A4}C:\program files\nero\nero8\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero showtime\showtime.exe |
"UDP Query User{7F6852D0-C7BE-481D-9B5A-D18FD80D7B91}C:\program files\microsoft games\crimson skies\crimson.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\crimson skies\crimson.icd |
"UDP Query User{862CF6BD-7246-4696-A20A-06E0E66E8340}C:\program files\icall\icall.exe" = protocol=17 | dir=in | app=c:\program files\icall\icall.exe |
"UDP Query User{A2D2D325-34F3-44D5-8319-F313AC101819}C:\program files\microsoft games\combat flight simulator\combatfs.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\combat flight simulator\combatfs.exe |
"UDP Query User{A3607320-6C37-4D2A-88A0-370B79D0A3E3}C:\program files\microsoft games\combat flight simulator\combatfs.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\combat flight simulator\combatfs.exe |
"UDP Query User{AD1AF095-8B19-44D9-B469-CB22831E1788}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{AFEB5BBF-700A-4549-B16E-1EBA9FF3A967}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe |
"UDP Query User{B2A3FDD7-95BE-4C42-B4E9-38EC3F8DC592}C:\program files\national instruments\labview 8.0\labview.exe" = protocol=17 | dir=in | app=c:\program files\national instruments\labview 8.0\labview.exe |
"UDP Query User{D322E734-8E7C-4189-A32B-E6361D8CB7F2}C:\program files\flightgear\bin\win32\fgfs.exe" = protocol=17 | dir=in | app=c:\program files\flightgear\bin\win32\fgfs.exe |
"UDP Query User{EF9380F0-7AF7-41F6-AA0E-1D7FF42EE86A}C:\program files\ea sports\nascar thunder tm 2004\nascar_thunder_2004.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\nascar thunder tm 2004\nascar_thunder_2004.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00D15456-F679-4AD4-8BD2-56450D4C3F72}" = WarRock
"{021661E0-C377-C87B-9583-E0A69E61A489}" = Catalyst Control Center Localization Thai
"{023387B5-AF74-D690-D2C6-C8D474597284}" = CCC Help Polish
"{042B8532-E27C-C06E-A8F5-71F36B98B2DE}" = Catalyst Control Center Localization Portuguese
"{067F17C1-43AD-42D4-81FB-4EE68F319391}" = NI OPC Support
"{07AE9F43-360F-7412-577B-2B4B73E5EAB9}" = CCC Help Hungarian
"{0965D484-1777-4BA5-8C3A-095A6B0D2696}_is1" = Driver Sweeper 1.5.5
"{0B0BEF37-B327-48ED-A2E0-BF6974676294}" = NI Logos 4.6
"{0C09E020-9996-4E1C-9839-97DA8F9C8D6B}" = CCC Help Danish
"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
"{0CCC0F9A-81E6-3529-4394-86384585325C}" = Catalyst Control Center Graphics Light
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12E5279E-4828-48EC-9ED1-CD344787F50F}" = NI LabVIEW 8.0 Examples
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{153A64E0-7140-A1AE-C7ED-745A3218DFBD}" = ccc-utility
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{16850024-A6D4-41AC-905D-0D73EADCBBA0}" = NI LabVIEW 8.0 User.lib
"{1CD22E87-2EAF-43E9-AB88-362B75FBEE02}" = NI LabVIEW 8.0 MeasAppChm File
"{1D51A29C-475D-43A7-A6E8-5592FF6E343D}" = NI LabVIEW 8.0 Simulation
"{1E85A47B-4150-4003-8283-8B2EB94AF5C9}" = NI-RPC 3.2.1f0
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22183FFB-C8A7-4740-847A-DD2FAE27B4F3}" = Microsoft Flight Simulator X SP2 SDK
"{2224B408-E7E4-15CF-0674-EC7C36D68741}" = Catalyst Control Center Localization Hungarian
"{236D1288-99DB-C3D6-D132-EDE6317BF619}" = CCC Help Japanese
"{23A17C05-776A-41A2-900A-ECF81DC14852}" = NI LabVIEW 8.0 iMath
"{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU
"{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}" = EPSON Stylus CX7400 Series Scanner Driver Update
"{255D87CE-1E45-4795-9731-454EF5371B02}" = NI USI 1.2.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28C59BDD-55F3-4454-BF17-37AC537F894B}" = NI MDF Support
"{2AABA091-41DF-D0D3-83F8-0133F8C7AA97}" = Catalyst Control Center Localization Swedish
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2C99779B-99A9-CE50-C43F-A9F765E1FE23}" = ATI Catalyst Install Manager
"{2D7B1642-931E-47C5-9B55-A4E83A9548FD}" = NI-RPC 3.2.1f0 for Phar Lap ETS
"{2FBE4C1F-D40A-B18C-FEC0-EE01199DECD1}" = ccc-core-static
"{317DE552-B622-0DD2-4E7E-28400D64C100}" = Catalyst Control Center Localization Dutch
"{32117214-B9F1-4EAC-8EC3-417161EC388D}" = NI LabVIEW MAX XML
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3D284BAE-C39D-4733-9E00-C2C898F9177D}" = NI License Manager
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{42DF661F-6351-B582-DE2C-B8C46B30303F}" = CCC Help Dutch
"{4847BBB9-EADD-4C92-90BF-4223B0892FF6}" = Microsoft Flight Simulator X Service Pack 2
"{4960B043-C25F-4C85-B5DF-817448F4D31E}" = NI LabVIEW Deployable License 8.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software
"{4C8ECD77-7CFD-4CD0-BA6F-B2ADDA48FD4C}" = THERM5
"{4D917177-4E73-144B-EFFE-802EFF83D5B4}" = Catalyst Control Center InstallProxy
"{4F5641C5-409C-7E5A-A2F9-B6D00A190B55}" = Catalyst Control Center Graphics Previews Vista
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{5A4A9B77-F0D5-4DF6-9BF9-9BB96562A10D}" = NI LabVIEW 8.0 gMath
"{5C98841E-DEF1-4319-BF2D-470209D82316}" = AMD CAL 1.3.0_beta
"{5EA96EEF-4E57-C1F0-6A06-088191FE110C}" = CCC Help Thai
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{60FC2242-9CF5-4264-B02A-A4A86447F560}" = NI EULA Depot
"{633A8D0D-46B4-4161-9CFD-BFBE0FF08894}" = NI LabVIEW 8.0 Menus
"{66679848-5EFD-41E7-B06E-179D9ED70040}" = NI-DAQmx - LabVIEW shared documentation
"{668FE489-BC20-409f-8985-43BC6DBBF899}" = AMD Brook+ 1.3.0_beta
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69C3FF9F-647F-4077-8BF5-750B9614C4BF}" = NI MXS 4.0
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{6E06C016-09D6-492A-8804-A6CC41224599}" = NI LabVIEW 8.0 Project
"{6EF3B8BD-7ED2-4E4E-A05F-8F5B2F285A16}" = NI LabVIEW 8.0 VI.lib
"{7007D9E6-F820-CFEA-EB87-9C9377A967F7}" = CCC Help Swedish
"{710EA46C-2A49-F39A-5EC7-3884DC5329D7}" = Catalyst Control Center Localization Spanish
"{7157C65D-270C-F593-C873-FF9AD949E221}" = Skins
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{733C47BE-4A73-66BE-03EC-460AC98E550C}" = Catalyst Control Center Graphics Previews Vista
"{746B3247-FEFC-4C04-0087-E87636B0B1D3}" = NASCAR Thunder TM 2004
"{74AF0F2A-A87D-B6B7-6671-61B53F98254B}" = Catalyst Control Center Localization Turkish
"{760F3E42-B1E4-5324-4C4A-0459C8938B6A}" = Catalyst Control Center Localization Italian
"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774892EA-B255-4ED8-9678-16578B63E6AE}" = NI LabVIEW 8.0 Help File
"{79C051A5-3141-1CD2-D601-7127D0CD9E22}" = Catalyst Control Center HydraVision Full
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A52749A-24BD-4515-A7F0-A892396B85DF}" = NI Variable Engine
"{7C11F7B1-C286-4FA0-AD3D-1FB38BAA8986}" = NI LabVIEW 8.0
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7F7E92E4-A60C-4A6C-9D57-D04E577B8B20}" = NI LabVIEW 8.0 Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837F9742-DCC8-3FF4-5066-E11E48EE2391}" = Catalyst Control Center Localization Korean
"{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}" = AMD Fusion for Gaming Beta
"{8601B1C8-3A99-4E70-A9AE-0F08E657D687}" = NI Logos LabVIEW 8.0 Support
"{86861408-CB40-247E-B851-608792116658}" = CCC Help Norwegian
"{86E71966-9EE0-9AD3-2C17-FC3A0B8BB810}" = Catalyst Control Center Localization Chinese Standard
"{8769A3F3-6CD2-4C87-AEF3-F4D016EE7D56}" = NI LabVIEW 8.0 Resource
"{87C45EA9-AD01-4F41-BAED-FA34DBFDF602}" = NI LabVIEW 8.0 CINtools
"{88BBB9A9-C034-466E-BB83-8197AFD1669C}" = NI LVBrokerAux8.0
"{899FEBB5-CDF7-FD73-01B5-1381EAA75EED}" = CCC Help English
"{8BAAFEB7-7DFD-47CE-978A-2B64E66F0C32}" = NI Example Finder 8.0
"{8BCA7792-CF78-46C6-66A7-EB9A8F0FB0A2}" = Catalyst Control Center Localization Russian
"{8C271AA1-EABD-4057-84D6-302C86A95E1A}" = NI DataSocket 4.3.0
"{8C42C789-B0EF-3226-9069-D1956B220B38}" = Catalyst Control Center Localization Greek
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9223CE17-3922-41AD-98D3-9A390D941033}" = Nero 8 Essentials
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{9C353B52-07E4-07A7-B95F-392D8AA37210}" = Catalyst Control Center Localization Japanese
"{9DBB76DD-812B-26E9-C681-B7CD2DA27A78}" = CCC Help French
"{9E0AE153-88DC-428B-99EB-6A3D984230B8}" = NI LabWindows/CVI 7.1.1 Run Time Engine
"{9F96AFEF-28F1-2479-1D6A-33F8D4A7BF11}" = CCC Help Chinese Standard
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0F8DADB-5454-477E-A2A2-5725ACE22AD2}" = NI Variable Engine LabVIEW 8.0 Support
"{A10FCB8E-F4C3-0C5E-4FFC-8C9A560095A8}" = CCC Help Russian
"{A17F7304-F24C-4401-9B73-C0957C13AF14}" = NI LabVIEW 8.0 Applibs
"{A3BC9DDC-4B4C-F307-FEDC-7B77992FBC9F}" = Catalyst Control Center Graphics Full New
"{A5D1EA23-CEE5-4B72-A0C3-8BCEDFC6F94C}" = NI LabVIEW Run-Time Engine 8.0
"{A6038CD2-72AF-2C0A-C1A3-93D360F5A889}" = CCC Help Korean
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9A281C2-EF84-4EB5-8D3D-0E23DDDFC3D7}" = NI LabVIEW 8.0 WWW
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}" = Microsoft Visual C++ 2005 Express Edition - ENU
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ADF6F323-5E7A-4EE5-A86F-136A2BF5474B}" = NI Variable Manager
"{AE223864-BFA1-1F17-49B2-13C8971DACA2}" = Catalyst Control Center Localization German
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B1F27A23-B6D1-4397-BA2F-25F348DF135F}" = NI Uninstaller
"{B22D8435-CB77-849A-B9AE-D1737A073914}" = Catalyst Control Center Localization Polish
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B8666F62-DA19-4F46-AF6E-723CF9C58EB7}" = NI LabVIEW 8.0 Manuals
"{BCBFC045-973F-4318-9607-B089E226AFF8}" = NI LabVIEW 8.0 Templates
"{BCD6D492-DB6C-4582-8AE3-8EE9D4EAF74A}" = NI LabVIEW Broker
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP1
"{C485A66D-3521-20E8-2A7B-F060B1773491}" = Catalyst Control Center Localization French
"{C73A0FC7-FFDC-4BAD-912A-C5791FF9EAC6}" = NI Service Locator
"{CD960D1B-2D16-5A6A-FAD7-E5C32BB78CE7}" = Catalyst Control Center Graphics Full Existing
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D191837E-0AE9-F062-9EE3-A97DD6D9A11D}" = Catalyst Control Center Core Implementation
"{D2EB6337-42E5-4D6E-B01F-2FF9E30F4A06}" = NI Web Pipeline
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D4A2EF65-9888-4EFF-8EA0-A2D2C3152A29}" = Samsung USB Driver (MCCI 4.34) WHQL v3.4
"{D53330AD-A8BF-44D8-A955-C28753057FA8}" = NI LabVIEW 8.0 Activity
"{D5E905F1-7657-7B1E-E5BD-2C69C89C8ABE}" = CCC Help Italian
"{D6DB00A1-4BCC-AB1B-24C2-0999BDA43D85}" = CCC Help Greek
"{D7D4DB0F-9070-AED1-D2F4-D11BD42C7588}" = CCC Help Chinese Traditional
"{D7F01E28-9D36-F8EC-872F-9FD71792F858}" = CCC Help Finnish
"{DA6AB13B-4D72-6EBB-AA4D-656CE9C0E512}" = CCC Help English
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DF59BA36-54DC-6BB4-FCED-C9B9F2BCB4AE}" = CCC Help Spanish
"{DFC7D9F7-892A-489C-9B15-0211D63EAC44}" = NI LabVIEW 8.0 Instr.lib
"{E0325EFE-9D02-0F1E-7306-F4D95979715A}" = Catalyst Control Center Localization Chinese Traditional
"{E3AD8913-0BF6-455C-92E3-5CDCD8C7D266}" = NI Instrument IO Assistant for LabVIEW 8.0
"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
"{E63AA3F4-5647-0BC8-24FC-F40CFE56B579}" = Catalyst Control Center Localization Norwegian
"{E6541F6A-3D2D-30E5-57F9-4DD411C2E4F0}" = CCC Help German
"{E720B248-D9F5-5E20-8E72-3E419D45D703}" = Catalyst Control Center Localization Finnish
"{E8E32E53-18F7-095E-CC75-F77E412F1AD9}" = CCC Help Portuguese
"{E94F42C9-75F5-FFA4-0112-37D2F040017F}" = Catalyst Control Center Graphics Previews Common
"{EA9AAB32-160B-4FC1-AF18-71F11257C574}" = SolidWorks eDrawings 2010
"{ED318768-B5F9-4102-9852-B2AAB68819B2}" = NI LabVIEW 8.0 Device Detection and Deployment Support
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F09030B7-7B8A-30DE-539B-607C9B1831DB}" = CCC Help Czech
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F76D7388-A433-E572-4718-CD3421738166}" = CCC Help Turkish
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F80E2443-811E-4864-9AC7-0C6DDBED3186}" = NI LabVIEW C Interface
"31a1277a4ecf5a49d78b2efb64054f96" = Open CASCADE Technology 6.3.0
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Aces High II" = Aces High II
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"AS_Me262A" = AS_Me262A
"ATITool" = ATITool Overclocking Utility
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"c4508df7e95cfe98157c75f8353c80a7" = OCCT Documentation 6.3.0
"Canyon_Racing_1.0" = Canyon Racing 1.0
"CCleaner" = CCleaner (remove only)
"Combat Flight Simulator 1.00" = Microsoft Combat Flight Simulator
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"CoolPack_is1" = CoolPack
"Crimson Skies 1.0" = Microsoft Crimson Skies
"EES - Engineering Equation Solver - Academic" = EES - Engineering Equation Solver - Academic
"EES Heat Transfer Library" = EES Heat Transfer Library
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"FEHT - Finite Element Analysis Program" = FEHT - Finite Element Analysis Program
"FerrariVR" = Ferrari Virtual Race (remove only)
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"FlightGear_is1" = FlightGear v1.0.0
"FMS" = FMS
"GanttProject" = GanttProject
"getPlus®_ocx" = getPlus®_ocx
"Google Updater" = Google Updater
"Heat Transfer Solver 3.00" = Heat Transfer Solver 3.00
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{D4A2EF65-9888-4EFF-8EA0-A2D2C3152A29}" = Samsung USB Driver (MCCI 4.34) WHQL v3.4
"Interactive Heat Transfer V3" = Interactive Heat Transfer V3
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LEKIN -- Scheduling System" = LEKIN -- Scheduling System
"LManager" = Launch Manager
"LucasArts' Star Wars: Episode I Racer" = LucasArts' Star Wars: Episode I Racer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2007a" = MATLAB Student R2007a
"MatlabR2008b" = MATLAB Student R2008b
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C++ 2005 Express Edition - ENU" = Microsoft Visual C++ 2005 Express Edition - ENU
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Motherboard Monitor 5_is1" = Motherboard Monitor 5
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NI Uninstaller" = National Instruments Software
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.6.0
"Picasa 3" = Picasa 3
"PlexUtil" = SmartPack 1.19.0
"PuTTY_is1" = PuTTY version 0.60
"RealPlayer 12.0" = RealPlayer
"SecondLife" = SecondLife (remove only)
"Silent Package Run-Time Sample" = EPSON CX7400 User's Guide
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Snowglobe" = Snowglobe (remove only)
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"ST4UNST #1" = DDay v1.0
"ST6UNST #1" = EURO_Screenshot 2.0
"ST6UNST #2" = CFS Mission Editor
"ST6UNST #3" = Airport 2.60 for Windows
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"ULTIMATER" = Microsoft Office Ultimate 2007
"ViewpointMediaPlayer" = Viewpoint Media Player
"WavePad" = WavePad Uninstall
"WGC CDROM_is1" = WGC CDRom Lobbies
"WinPatrol" = WinPatrol 2010
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"World Gaming Center_is1" = World Gaming Center Version 2.1.2 with Gamescript Files
"Yahoo! Messenger" = Yahoo! Messenger
"YInformer" = YInformer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/10/2009 11:10:08 AM | Computer Name = Jim-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/10/2009 11:10:08 AM | Computer Name = Jim-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/10/2009 11:10:08 AM | Computer Name = Jim-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/10/2009 11:10:08 AM | Computer Name = Jim-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/10/2009 11:10:08 AM | Computer Name = Jim-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/10/2009 11:10:08 AM | Computer Name = Jim-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/10/2009 11:10:08 AM | Computer Name = Jim-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/10/2009 11:10:08 AM | Computer Name = Jim-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/10/2009 11:33:15 AM | Computer Name = Jim-PC | Source = VSS | ID = 8194
Description =

Error - 7/10/2009 11:33:57 AM | Computer Name = Jim-PC | Source = VSS | ID = 8194
Description =

[ OSession Events ]
Error - 10/23/2008 6:30:22 AM | Computer Name = Jim-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 16, Application Name: Microsoft Office Groove, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/21/2009 1:06:53 AM | Computer Name = Jim-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 16, Application Name: Microsoft Office Groove, Application Version:
12.0.6421.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/21/2009 1:10:51 AM | Computer Name = Jim-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 16, Application Name: Microsoft Office Groove, Application Version:
12.0.6421.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/21/2009 1:14:42 AM | Computer Name = Jim-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 16, Application Name: Microsoft Office Groove, Application Version:
12.0.6421.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/21/2009 1:18:58 AM | Computer Name = Jim-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 16, Application Name: Microsoft Office Groove, Application Version:
12.0.6421.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 34
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/21/2009 1:32:18 AM | Computer Name = Jim-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/21/2009 4:08:43 AM | Computer Name = Jim-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/21/2008 2:10:08 AM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/21/2008 2:23:49 AM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 12/21/2008 5:36:29 AM | Computer Name = Jim-PC | Source = HTTP | ID = 15016
Description =

Error - 12/21/2008 5:38:04 AM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/21/2008 5:38:40 AM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/21/2008 6:27:40 AM | Computer Name = Jim-PC | Source = HTTP | ID = 15016
Description =

Error - 12/21/2008 6:28:41 AM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/21/2008 6:29:53 AM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/21/2008 6:35:40 AM | Computer Name = Jim-PC | Source = HTTP | ID = 15016
Description =

Error - 12/21/2008 6:36:24 AM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >
  • 0

Advertisements

#2
SweetTech
Posted 14 June 2010 - 03:51 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message to me on here. :)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
:OTL
SRV - File not found [Disabled | Stopped] -- -- (CLTNetCnService)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix

In the event you already have ComboFix downloaded on your desktop please delete the current copy you have on your desktop and download a fresh version from one of the links provided below.

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#3
Sprayall
Posted 14 June 2010 - 08:17 PM

Sprayall

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you for such a quick response. No, I have not received help on this issue yet. I just did the "Run Fix" with OTL and ran ComboFix per your instructions. Here are the logs. Thanks again.

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service CLTNetCnService stopped successfully!
Service CLTNetCnService deleted successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\ProgramData\xmlF112.tmp deleted successfully.
C:\ProgramData\xmlF6AE.tmp deleted successfully.
C:\ProgramData\xmlF845.tmp deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jim
->Temp folder emptied: 1366238 bytes
->Temporary Internet Files folder emptied: 329106 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35562514 bytes
->Flash cache emptied: 1314 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 960796 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 92649337 bytes

Total Files Cleaned = 125.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jim
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06142010_184006

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
________________________________________________________________________________
_______________________________

ComboFix 10-06-14.02 - Jim 06/14/2010 18:53:12.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1956 [GMT -7:00]
Running from: c:\users\Jim\Desktop\ComboFix.exe
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.lnk

.
((((((((((((((((((((((((( Files Created from 2010-05-15 to 2010-06-15 )))))))))))))))))))))))))))))))
.

2010-06-15 02:03 . 2010-06-15 02:03 -------- d-----w- c:\users\Jim\AppData\Local\temp
2010-06-15 02:03 . 2010-06-15 02:03 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-15 02:03 . 2010-06-15 02:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-15 02:03 . 2010-06-15 02:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-15 01:40 . 2010-06-15 01:40 -------- d-----w- C:\_OTL
2010-06-14 04:20 . 2010-06-14 04:37 -------- d-----w- c:\users\Jim\AppData\Roaming\FreeCAD
2010-06-14 04:16 . 2010-06-14 04:16 -------- d-----w- c:\program files\FreeCAD0.7
2010-06-13 22:41 . 2010-06-13 22:41 -------- d-----w- c:\program files\Windows Portable Devices
2010-06-13 22:40 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-06-13 22:40 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-06-13 22:40 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-06-13 22:38 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-06-13 22:38 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-06-13 22:38 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-06-13 22:31 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-13 21:23 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-13 21:23 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-13 21:23 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-13 21:23 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-13 21:23 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-13 21:23 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-13 21:23 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-13 21:23 . 2010-06-13 21:23 -------- d-----w- c:\programdata\Alwil Software
2010-06-13 21:23 . 2010-06-13 21:23 -------- d-----w- c:\program files\Alwil Software
2010-06-12 17:37 . 2010-06-12 17:37 -------- d-----w- c:\program files\ESET
2010-06-10 08:18 . 2010-06-10 08:18 -------- d-----w- c:\program files\ERUNT
2010-06-09 05:17 . 2010-06-09 05:17 -------- d-----w- c:\users\Jim\AppData\Roaming\AVG9
2010-05-30 05:12 . 2010-05-30 05:12 -------- d-----w- C:\$AVG
2010-05-30 04:07 . 2010-05-30 04:07 -------- d-----w- c:\users\Jim\AppData\Roaming\Malwarebytes
2010-05-30 04:07 . 2010-05-30 04:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-30 04:07 . 2010-05-30 04:07 -------- d-----w- c:\programdata\Malwarebytes
2010-05-30 04:07 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-30 04:07 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-30 03:53 . 2006-09-18 21:43 10 ----a-w- c:\users\Jim\AppData\Roaming\WinPatrol\Config.sys
2010-05-30 03:53 . 2006-09-18 21:43 24 ----a-w- c:\users\Jim\AppData\Roaming\WinPatrol\Autoexec.bat
2010-05-30 03:53 . 2010-05-30 03:53 -------- d-----w- c:\users\Jim\AppData\Roaming\WinPatrol
2010-05-30 03:53 . 2010-05-30 03:53 -------- d-----w- c:\program files\BillP Studios
2010-05-28 02:59 . 2010-03-04 17:33 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-05-28 02:55 . 2010-05-30 03:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-26 08:49 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-24 19:15 . 2010-06-15 01:43 -------- d-----w- c:\windows\system32\catroot2
2010-05-23 06:39 . 2010-05-28 02:28 -------- d-----w- c:\programdata\Norton
2010-05-23 06:39 . 2010-05-23 06:39 -------- d-----w- c:\programdata\NortonInstaller
2010-05-23 05:47 . 2010-05-23 05:47 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Nero
2010-05-23 05:35 . 2010-05-23 05:35 -------- d-----w- c:\windows\Profiles
2010-05-22 14:38 . 2010-05-22 14:38 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2010-05-22 01:21 . 2010-05-22 01:21 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\ATI
2010-05-22 01:21 . 2010-05-22 01:21 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\ATI
2010-05-20 02:30 . 2010-05-20 02:30 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-20 02:30 . 2010-05-20 02:30 -------- d-----w- c:\program files\LSoft Technologies Inc
2010-05-16 11:11 . 2010-05-21 21:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-16 11:10 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-16 11:10 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-16 11:10 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-16 11:10 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-05-16 11:10 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-05-16 11:10 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-05-16 11:10 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-16 11:10 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-16 11:10 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-16 11:10 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-16 11:09 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-05-16 08:58 . 2009-04-08 07:26 507904 ----a-w- c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\rfbewqkr.default\extensions\{bcb4f322-a177-4ecd-9c80-835d96e1e595}\platform\WINNT_x86-msvc\depcomps\xsec_1_3_0.dll
2010-05-16 08:58 . 2009-04-08 07:26 212992 ----a-w- c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\rfbewqkr.default\extensions\{bcb4f322-a177-4ecd-9c80-835d96e1e595}\platform\WINNT_x86-msvc\depcomps\xsecxpcom.dll
2010-05-16 08:58 . 2009-04-08 07:26 139264 ----a-w- c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\rfbewqkr.default\extensions\{bcb4f322-a177-4ecd-9c80-835d96e1e595}\platform\WINNT_x86-msvc\depcomps\xmldsigtool.dll
2010-05-16 08:58 . 2009-04-08 07:26 11776 ----a-w- c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\rfbewqkr.default\extensions\{bcb4f322-a177-4ecd-9c80-835d96e1e595}\platform\WINNT_x86-msvc\components\xmldsigtoolstub.dll
2010-05-16 05:30 . 2010-05-16 05:30 0 ----a-w- c:\windows\nsreg.dat
2010-05-16 05:30 . 2010-05-16 05:30 -------- d-----w- c:\users\Jim\AppData\Local\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-15 01:45 . 2010-04-21 03:55 -------- d-----w- c:\program files\Common Files\Akamai
2010-06-13 22:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-13 22:41 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-13 22:41 . 2010-06-13 22:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-06-13 22:41 . 2010-06-13 22:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-06-13 22:38 . 2007-04-17 01:00 -------- d-----w- c:\programdata\Microsoft Help
2010-06-08 08:28 . 2010-04-30 06:30 -------- d-----w- c:\users\Jim\AppData\Roaming\Audacity
2010-05-30 03:52 . 2008-10-15 01:10 -------- d-----w- c:\program files\Common Files\Java
2010-05-30 03:51 . 2008-10-15 01:10 -------- d-----w- c:\program files\Java
2010-05-28 02:50 . 2007-04-17 01:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-28 02:28 . 2007-04-17 00:52 -------- d-----w- c:\programdata\Symantec
2010-05-28 01:03 . 2007-04-17 00:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-26 17:06 . 2010-06-13 22:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-13 22:30 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 19:25 . 2009-01-27 08:31 -------- d-----w- c:\program files\CCleaner
2010-05-23 05:36 . 2008-02-27 01:23 113792 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-20 02:30 . 2007-04-17 00:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-08 08:14 . 2008-02-27 01:28 113792 ----a-w- c:\users\Jim\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-07 08:08 . 2009-10-26 06:37 -------- d-----w- c:\users\Jim\AppData\Roaming\IM
2010-05-07 08:08 . 2009-10-26 06:38 -------- d-----w- c:\program files\Common Files\SolidWorks Installation Manager
2010-05-07 08:08 . 2010-05-07 07:22 -------- d-----w- c:\programdata\SolidWorks
2010-05-07 08:08 . 2008-03-04 07:34 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-07 08:07 . 2010-05-07 07:22 -------- d-----w- c:\program files\SolidWorks Corp
2010-05-07 08:07 . 2008-08-25 23:30 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2010-05-07 07:55 . 2008-08-25 23:41 -------- d-----w- c:\users\Jim\AppData\Roaming\SolidWorks
2010-05-04 19:15 . 2010-06-13 22:30 834048 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-13 22:30 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-01 14:13 . 2010-06-13 22:30 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 07:18 . 2010-04-30 06:34 -------- d-----w- c:\program files\FFmpeg for Audacity
2010-04-30 06:33 . 2010-04-30 06:33 -------- d-----w- c:\program files\Lame for Audacity
2010-04-30 06:30 . 2010-04-30 06:30 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-04-24 11:33 . 2009-11-14 12:12 -------- d-----w- c:\users\Jim\AppData\Roaming\EDrawings
2010-04-24 11:25 . 2010-04-09 07:28 -------- d-----w- c:\programdata\DassaultSystemes
2010-03-25 22:11 . 2010-03-25 22:11 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-25 22:11 . 2010-03-25 22:11 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-25 22:11 . 2010-03-25 22:11 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-25 22:11 . 2010-03-25 22:11 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-25 22:11 . 2010-03-25 22:11 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-25 22:11 . 2010-03-25 22:11 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-25 22:11 . 2010-03-25 22:11 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-25 22:11 . 2010-03-25 22:11 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-03-25 22:11 . 2010-03-25 21:40 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-25 21:37 . 2010-03-25 21:37 734728 ----a-w- c:\users\Jim\AppData\Roaming\Real\RealPlayer\setup\AU_setup13.exe
2008-04-18 19:56 . 2009-04-26 10:39 753 ----a-w- c:\program files\setup.bat
2008-04-07 02:29 . 2008-04-07 02:25 35067 ----a-w- c:\program files\oaveuninstaller.exe
2008-01-24 22:27 . 2009-04-26 10:39 24 ----a-w- c:\program files\swdata1.id
2005-10-13 00:04 . 2005-10-13 00:04 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-07-10 16:23 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-26 323976]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-25 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 630784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 4423680]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-04 834056]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-16 151552]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-28 2387968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a6,80,c9,ee,e7,f5,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-106263510-2633795892-3628432610-1000]
"EnableNotificationsRef"=dword:00000003

R3 atidgllk;atidgllk;c:\users\Jim\Desktop\NEW BIOS for 4830\HD4830_SJ3G01\HD4830\atidgllk.sys [x]
R3 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-07-10 53032]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-20 80744]
R4 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-05 266343]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 133104]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-10-26 2799808]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-05-20 717296]
R4 usbsnoop;usbsnoop (display);c:\windows\system32\drivers\usbsnoop.sys [2009-05-26 40896]
R4 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-04-04 30152]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-03-16 180224]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-28 06:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 02:05]

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 02:05]

2010-03-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-106263510-2633795892-3628432610-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
TCP: {2367C62A-EAEB-4796-AACA-43B0569F7911} = 4.2.2.1,4.2.2.2
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///E:/win/setup/iamce.dll
DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} - hxxp://www.solidworks.com/sw/support/subscription/sldimdownload.cab
FF - ProfilePath - c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\rfbewqkr.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=us&.src=ym
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Jim\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\users\Jim\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\Jim\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-14 19:03
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-106263510-2633795892-3628432610-1000\ *¬ $*]
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-106263510-2633795892-3628432610-1000\S*" *]
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="C95D0AC61487C02523CB39863FCDE4CBEA57AC35B7F4DEA5555AEA7D4645700DE317D448085
6033B8BC870E47DE69579A8C57D3BE4C97D5ABF3461176AE1770E17CBDFF91FA5083D9924A306CA41
2A75891D92F0063D542D09D0FA8C253BC2D1E6108ADB773B9D5ECCFC173D537DE6942DA5B69872E83
AB40BBDA6B19A035E4D8A5E88F22281A61AD9D4E45E35DEA272E30987F975069B4B5472A8DDE58E6C
3D6D9361C82685992BA813F7C3834A486DB25877DD50F5F910A8C5956C12D5A1A2AE71F0E77DFA7F1
5D68192CC464D56A654864B94373CE7E77DF25A3EA0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E
127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4
980AC79338EDD5E5BE2F6E667A9C6AECB7A5D1407E2A11DF0254674845B0E33ACD7493B74AD651B7D
C4FD567D01298B9C9BCDA03D7BDFF5AA9F7556B1739881359EA523A7A43B980F6EFCB3757EA9896D8
3D3DC07FC303561955250BA11C54D9BC9DA6810219B9F007BBDFBA10C7EF90D8FC84072C9899408D2
99C78B91A0110EEECA826418C78DDD6C68562657C03A82C4B9C63369F690C3865D2804F34A8E6E062
D6CD3A21701669F77F01FB1976B8B8C096BEF06186D6DC304E0F75CF645D36B8D257D7D705F0DDC3C
7B199143F297B769B2446FA1AF1402C7632F116E00095F4932F60AD1D0FA4C592B168F15F94CF6E42
03D97D7A2F61E35A567808C468B06939AC84D4DC00AFA47388D6BF46D03DFD73DE09798548D552E24
CEBA436A10E9F3E8F1EE06DF4ADB51DF6687DA7E45EEF31923275295814CE9DC0BF015FDF974442E6
13CB7A1004317E10267562256023DC4F0A6877E2E8AEF52337C9BD766F7B3FDFCA7AF3FA06A8D8331
B50A12A9DA8B55291A50E7A67A200BD259821423A745EE1E444DB45B6FFA0EB9C02C4A68208D659DA
6586FB1EC2A91E9A70912B19D4F9C114C07410C53FB4DD57A858D6D5DC21297985EF9C5941675EDAB
85F34AD47C28179AE468487C8012B2F9F6DFCAFE00FCCFDDB4AA13873CC8C54BDEA1D52D4B34E5B20
77456324CB07476700B45D7ED4B760945EC7A43CAA14D151245F4EC1068A5B89BF0B223F6032FD0F8
1CD41F8A28AD5288EE10A6431CD5B62F4FF73B70F0F274692D0D61EBE3EC872A63A5EF25400E140F2
31F747CD4A1065AF166A4677CDFD3C93E4860EA35AD44B47718466345214D7BBE24549F6FE9F8CAA4
FA99C3BF71E5A9FB7BFB085C614ED730C107BDEB6720863CD1D129935B2DCFA323EEA7F120620A82F
36FABBFEE93ECAB6AF60270D254FADA0C5C6CEA13E146EB825C8A4E5A2280B0AFDD114DAFA75B4A8E
414F8DCA54B69A6EC68EA329FAA4C2707E37167F1F37AC62CAC6F6F23F23B1DE741B87292F2EC4C34
90A712200712DF556CC0B647C6ADD"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-06-14 19:05:48
ComboFix-quarantined-files.txt 2010-06-15 02:05
ComboFix2.txt 2010-05-26 01:28

Pre-Run: 83,240,886,272 bytes free
Post-Run: 83,189,350,400 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 221571759916DB3D5E7F692890E83EBC
  • 0

#4
SweetTech
Posted 14 June 2010 - 08:26 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
RegNull::
[HKEY_USERS\S-1-5-21-106263510-2633795892-3628432610-1000\*¬ $*]
[HKEY_USERS\S-1-5-21-106263510-2633795892-3628432610-1000\S*" *]

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following bolded text into the Posted Image textbox.


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /180
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Push Posted Image
  • A report will open. Copy and Paste that report in your next reply.



NEXT:


Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the ComboFix scan.
3. The log that was produced after running the updated MalwareBytes' Anti-Malware scan.
4. The log that was produced after running the ESET Online Virus Scanner.
5. The log that was produced after running the OTL scan.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Cheers,
SweetTech.
  • 0

#5
Sprayall
Posted 15 June 2010 - 03:59 AM

Sprayall

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
1. How will I ever be sure that my system is safe for online purchases/banking (at least as safe as it was before the infection)? Also, I have read GTGs' recommendations on free AV and Spyware, etc. I understand the choice of who's AV to use is up to the user and their opinions, but what types should a system have installed to be considered "protected"? For example, right now I'm using the free Avast, Windows firewall, Windows defender, WinPatrol, and daily updates/scans with Malwarebyte's Anti-Malware. What other programs (free) should I be running to have the best protection? If it is not much trouble can you point out, in which if any, the logs that show any type of infection being detected/removed?

Commments: Sincere thanks for all your help. You guys are awesome.
________________________________________________________________________________
_____________________________________________________
2. ComboFix 10-06-14.02 - Jim 06/14/2010 19:41:10.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1868 [GMT -7:00]
Running from: c:\users\Jim\Desktop\ComboFix.exe
Command switches used :: c:\users\Jim\Desktop\CFScript.txt
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-05-15 to 2010-06-15 )))))))))))))))))))))))))))))))
.

2010-06-15 02:47 . 2010-06-15 02:50 -------- d-----w- c:\users\Jim\AppData\Local\temp
2010-06-15 02:47 . 2010-06-15 02:47 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-15 02:47 . 2010-06-15 02:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-15 02:47 . 2010-06-15 02:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-15 01:40 . 2010-06-15 01:40 -------- d-----w- C:\_OTL
2010-06-14 04:20 . 2010-06-14 04:37 -------- d-----w- c:\users\Jim\AppData\Roaming\FreeCAD
2010-06-14 04:16 . 2010-06-14 04:16 -------- d-----w- c:\program files\FreeCAD0.7
2010-06-13 22:41 . 2010-06-13 22:41 -------- d-----w- c:\program files\Windows Portable Devices
2010-06-13 22:40 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-06-13 22:40 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-06-13 22:40 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-06-13 22:38 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-06-13 22:38 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-06-13 22:38 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-06-13 22:31 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-13 21:23 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-13 21:23 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-13 21:23 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-13 21:23 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-13 21:23 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-13 21:23 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-13 21:23 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-13 21:23 . 2010-06-13 21:23 -------- d-----w- c:\programdata\Alwil Software
2010-06-13 21:23 . 2010-06-13 21:23 -------- d-----w- c:\program files\Alwil Software
2010-06-12 17:37 . 2010-06-12 17:37 -------- d-----w- c:\program files\ESET
2010-06-10 08:18 . 2010-06-10 08:18 -------- d-----w- c:\program files\ERUNT
2010-06-09 05:17 . 2010-06-09 05:17 -------- d-----w- c:\users\Jim\AppData\Roaming\AVG9
2010-05-30 05:12 . 2010-05-30 05:12 -------- d-----w- C:\$AVG
2010-05-30 04:07 . 2010-05-30 04:07 -------- d-----w- c:\users\Jim\AppData\Roaming\Malwarebytes
2010-05-30 04:07 . 2010-05-30 04:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-30 04:07 . 2010-05-30 04:07 -------- d-----w- c:\programdata\Malwarebytes
2010-05-30 04:07 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-30 04:07 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-30 03:53 . 2010-05-30 03:53 -------- d-----w- c:\users\Jim\AppData\Roaming\WinPatrol
2010-05-30 03:53 . 2010-05-30 03:53 -------- d-----w- c:\program files\BillP Studios
2010-05-28 02:59 . 2010-03-04 17:33 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-05-28 02:55 . 2010-05-30 03:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-26 08:49 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-24 19:15 . 2010-06-15 01:43 -------- d-----w- c:\windows\system32\catroot2
2010-05-23 06:39 . 2010-05-28 02:28 -------- d-----w- c:\programdata\Norton
2010-05-23 06:39 . 2010-05-23 06:39 -------- d-----w- c:\programdata\NortonInstaller
2010-05-23 05:47 . 2010-05-23 05:47 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Nero
2010-05-23 05:35 . 2010-05-23 05:35 -------- d-----w- c:\windows\Profiles
2010-05-22 14:38 . 2010-05-22 14:38 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2010-05-22 01:21 . 2010-05-22 01:21 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\ATI
2010-05-22 01:21 . 2010-05-22 01:21 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\ATI
2010-05-20 02:30 . 2010-05-20 02:30 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-20 02:30 . 2010-05-20 02:30 -------- d-----w- c:\program files\LSoft Technologies Inc
2010-05-16 11:11 . 2010-05-21 21:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-16 11:10 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-16 11:10 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-16 11:10 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-16 11:10 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-05-16 11:10 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-05-16 11:10 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-05-16 11:10 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-16 11:10 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-16 11:10 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-16 11:10 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-16 11:09 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-05-16 05:30 . 2010-05-16 05:30 0 ----a-w- c:\windows\nsreg.dat
2010-05-16 05:30 . 2010-05-16 05:30 -------- d-----w- c:\users\Jim\AppData\Local\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-15 02:49 . 2010-04-21 03:55 -------- d-----w- c:\program files\Common Files\Akamai
2010-06-13 22:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-13 22:41 . 2010-06-13 22:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-06-13 22:41 . 2010-06-13 22:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-06-13 22:38 . 2007-04-17 01:00 -------- d-----w- c:\programdata\Microsoft Help
2010-06-08 08:28 . 2010-04-30 06:30 -------- d-----w- c:\users\Jim\AppData\Roaming\Audacity
2010-05-30 03:52 . 2008-10-15 01:10 -------- d-----w- c:\program files\Common Files\Java
2010-05-30 03:51 . 2008-10-15 01:10 -------- d-----w- c:\program files\Java
2010-05-28 02:50 . 2007-04-17 01:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-28 02:28 . 2007-04-17 00:52 -------- d-----w- c:\programdata\Symantec
2010-05-28 01:03 . 2007-04-17 00:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-26 17:06 . 2010-06-13 22:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-13 22:30 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 19:25 . 2009-01-27 08:31 -------- d-----w- c:\program files\CCleaner
2010-05-23 05:36 . 2008-02-27 01:23 113792 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-20 02:30 . 2007-04-17 00:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-08 08:14 . 2008-02-27 01:28 113792 ----a-w- c:\users\Jim\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-07 08:08 . 2009-10-26 06:37 -------- d-----w- c:\users\Jim\AppData\Roaming\IM
2010-05-07 08:08 . 2009-10-26 06:38 -------- d-----w- c:\program files\Common Files\SolidWorks Installation Manager
2010-05-07 08:08 . 2010-05-07 07:22 -------- d-----w- c:\programdata\SolidWorks
2010-05-07 08:08 . 2008-03-04 07:34 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-07 08:07 . 2010-05-07 07:22 -------- d-----w- c:\program files\SolidWorks Corp
2010-05-07 08:07 . 2008-08-25 23:30 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2010-05-07 07:55 . 2008-08-25 23:41 -------- d-----w- c:\users\Jim\AppData\Roaming\SolidWorks
2010-05-04 19:15 . 2010-06-13 22:30 834048 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-13 22:30 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-01 14:13 . 2010-06-13 22:30 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 07:18 . 2010-04-30 06:34 -------- d-----w- c:\program files\FFmpeg for Audacity
2010-04-30 06:33 . 2010-04-30 06:33 -------- d-----w- c:\program files\Lame for Audacity
2010-04-30 06:30 . 2010-04-30 06:30 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-04-24 11:33 . 2009-11-14 12:12 -------- d-----w- c:\users\Jim\AppData\Roaming\EDrawings
2010-04-24 11:25 . 2010-04-09 07:28 -------- d-----w- c:\programdata\DassaultSystemes
2008-04-18 19:56 . 2009-04-26 10:39 753 ----a-w- c:\program files\setup.bat
2008-04-07 02:29 . 2008-04-07 02:25 35067 ----a-w- c:\program files\oaveuninstaller.exe
2008-01-24 22:27 . 2009-04-26 10:39 24 ----a-w- c:\program files\swdata1.id
2005-10-13 00:04 . 2005-10-13 00:04 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-07-10 16:23 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-26 323976]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-25 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 630784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 4423680]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-04 834056]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-16 151552]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-28 2387968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a6,80,c9,ee,e7,f5,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-106263510-2633795892-3628432610-1000]
"EnableNotificationsRef"=dword:00000003

R3 atidgllk;atidgllk;c:\users\Jim\Desktop\NEW BIOS for 4830\HD4830_SJ3G01\HD4830\atidgllk.sys [x]
R3 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-07-10 53032]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-20 80744]
R4 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-05 266343]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 133104]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-10-26 2799808]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-05-20 717296]
R4 usbsnoop;usbsnoop (display);c:\windows\system32\drivers\usbsnoop.sys [2009-05-26 40896]
R4 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-04-04 30152]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-03-16 180224]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-28 06:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 02:05]

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 02:05]

2010-03-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-106263510-2633795892-3628432610-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
TCP: {2367C62A-EAEB-4796-AACA-43B0569F7911} = 4.2.2.1,4.2.2.2
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///E:/win/setup/iamce.dll
DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} - hxxp://www.solidworks.com/sw/support/subscription/sldimdownload.cab
FF - ProfilePath - c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\rfbewqkr.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=us&.src=ym
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Jim\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\users\Jim\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\Jim\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-106263510-2633795892-3628432610-1000\ *¬ $*]
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-106263510-2633795892-3628432610-1000\S*" *]
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="C95D0AC61487C02523CB39863FCDE4CBEA57AC35B7F4DEA5555AEA7D4645700DE317D448085
6033B8BC870E47DE69579A8C57D3BE4C97D5ABF3461176AE1770E17CBDFF91FA5083D9924A306CA41
2A75891D92F0063D542D09D0FA8C253BC2D1E6108ADB773B9D5ECCFC173D537DE6942DA5B69872E83
AB40BBDA6B19A035E4D8A5E88F22281A61AD9D4E45E35DEA272E30987F975069B4B5472A8DDE58E6C
3D6D9361C82685992BA813F7C3834A486DB25877DD50F5F910A8C5956C12D5A1A2AE71F0E77DFA7F1
5D68192CC464D56A654864B94373CE7E77DF25A3EA0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E
127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4
980AC79338EDD5E5BE2F6E667A9C6AECB7A5D1407E2A11DF0254674845B0E33ACD7493B74AD651B7D
C4FD567D01298B9C9BCDA03D7BDFF5AA9F7556B1739881359EA523A7A43B980F6EFCB3757EA9896D8
3D3DC07FC303561955250BA11C54D9BC9DA6810219B9F007BBDFBA10C7EF90D8FC84072C9899408D2
99C78B91A0110EEECA826418C78DDD6C68562657C03A82C4B9C63369F690C3865D2804F34A8E6E062
D6CD3A21701669F77F01FB1976B8B8C096BEF06186D6DC304E0F75CF645D36B8D257D7D705F0DDC3C
7B199143F297B769B2446FA1AF1402C7632F116E00095F4932F60AD1D0FA4C592B168F15F94CF6E42
03D97D7A2F61E35A567808C468B06939AC84D4DC00AFA47388D6BF46D03DFD73DE09798548D552E24
CEBA436A10E9F3E8F1EE06DF4ADB51DF6687DA7E45EEF31923275295814CE9DC0BF015FDF974442E6
13CB7A1004317E10267562256023DC4F0A6877E2E8AEF52337C9BD766F7B3FDFCA7AF3FA06A8D8331
B50A12A9DA8B55291A50E7A67A200BD259821423A745EE1E444DB45B6FFA0EB9C02C4A68208D659DA
6586FB1EC2A91E9A70912B19D4F9C114C07410C53FB4DD57A858D6D5DC21297985EF9C5941675EDAB
85F34AD47C28179AE468487C8012B2F9F6DFCAFE00FCCFDDB4AA13873CC8C54BDEA1D52D4B34E5B20
77456324CB07476700B45D7ED4B760945EC7A43CAA14D151245F4EC1068A5B89BF0B223F6032FD0F8
1CD41F8A28AD5288EE10A6431CD5B62F4FF73B70F0F274692D0D61EBE3EC872A63A5EF25400E140F2
31F747CD4A1065AF166A4677CDFD3C93E4860EA35AD44B47718466345214D7BBE24549F6FE9F8CAA4
FA99C3BF71E5A9FB7BFB085C614ED730C107BDEB6720863CD1D129935B2DCFA323EEA7F120620A82F
36FABBFEE93ECAB6AF60270D254FADA0C5C6CEA13E146EB825C8A4E5A2280B0AFDD114DAFA75B4A8E
414F8DCA54B69A6EC68EA329FAA4C2707E37167F1F37AC62CAC6F6F23F23B1DE741B87292F2EC4C34
90A712200712DF556CC0B647C6ADD"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\locator.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-06-14 20:02:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-15 03:02
ComboFix2.txt 2010-06-15 02:05
ComboFix3.txt 2010-05-26 01:28

Pre-Run: 83,218,178,048 bytes free
Post-Run: 83,080,605,696 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 6DDE503BFE99B311F4ED40B02C0AE4D5
________________________________________________________________________________
_______________________________________________________

3. Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4199

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

6/14/2010 8:08:43 PM
mbam-log-2010-06-14 (20-08-43).txt

Scan type: Quick scan
Objects scanned: 138084
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

________________________________________________________________________________
_____________________________________________________

4. ESET Online Scanner reported "No threats found" so there was no option to produce report.

________________________________________________________________________________
_______________________________________________________

5. OTL logfile created on: 6/15/2010 2:16:24 AM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Jim\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 76.84 Gb Free Space | 33.68% Space Free | Partition Type: NTFS
Drive D: | 227.87 Gb Total Space | 210.18 Gb Free Space | 92.24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JIM-PC
Current User Name: Jim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/14 18:30:42 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
PRC - [2010/04/09 19:05:06 | 000,408,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/16 13:27:34 | 000,290,816 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/03/16 13:27:06 | 000,180,224 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe


========== Modules (SafeList) ==========

MOD - [2010/06/14 18:30:42 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 00:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/05/04 21:21:17 | 002,478,640 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3697.dll -- (Akamai)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009/03/16 13:27:06 | 000,180,224 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/08/25 16:37:01 | 000,079,360 | ---- | M] (SolidWorks) [Disabled | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008/07/10 09:23:26 | 000,053,032 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - [2008/07/10 09:23:16 | 001,442,088 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2008/04/04 10:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/04/04 18:54:08 | 000,266,343 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2007/02/15 13:45:36 | 000,707,344 | ---- | M] (O&O Software GmbH) [Disabled | Stopped] -- C:\Windows\System32\oodag.exe -- (O&O Defrag)
SRV - [2007/02/07 00:04:26 | 000,457,512 | ---- | M] (HiTRSUT) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/31 19:18:42 | 000,053,248 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/12/29 17:51:56 | 000,028,672 | ---- | M] () [Disabled | Stopped] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006/10/26 13:45:00 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2005/10/11 16:13:38 | 000,667,648 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2005/10/11 16:03:26 | 000,204,800 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2005/10/11 16:00:24 | 000,053,248 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync)
SRV - [2005/10/11 16:00:22 | 000,045,056 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\Windows\System32\lkads.exe -- (lkClassAds)
SRV - [2005/10/10 15:08:32 | 000,049,152 | ---- | M] (National Instruments Corp.) [Disabled | Stopped] -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2005/10/03 23:52:40 | 000,005,728 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2005/09/02 15:34:40 | 000,913,408 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2005/08/25 15:43:14 | 000,688,190 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/05/19 19:30:49 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/06 13:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 13:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 13:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 13:34:10 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/05/06 13:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/05/25 23:31:23 | 000,040,896 | ---- | M] (SniffUsb/UsbSnoop Project) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbsnoop.sys -- (usbsnoop) usbsnoop (display)
DRV - [2009/03/16 14:33:54 | 004,361,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/02/25 10:55:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner v2.24\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009/02/19 22:17:50 | 000,095,760 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/01/13 19:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/01/13 19:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/01/13 19:13:36 | 000,031,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2009/01/13 19:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/01/13 19:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008/10/31 17:28:26 | 000,022,432 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/07/10 09:23:14 | 000,040,488 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2008/07/10 09:23:14 | 000,038,952 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2008/07/10 09:23:04 | 000,128,424 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2008/07/03 22:12:45 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/04/28 06:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/01/18 22:57:16 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2007/12/06 09:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/08/08 09:54:10 | 000,028,968 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ATITool.sys -- (ATITool)
DRV - [2007/06/29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/04/16 17:58:28 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2007/03/26 04:18:18 | 001,761,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/07 00:04:54 | 000,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2007/02/07 00:04:50 | 000,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk)
DRV - [2007/02/07 00:04:48 | 000,020,264 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2007/02/02 01:37:36 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/12/07 19:12:02 | 000,076,584 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/09/19 17:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
DRV - [2005/06/10 11:01:00 | 000,007,140 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2004/04/10 10:42:36 | 000,002,944 | ---- | M] ([email protected]) [Kernel | Auto | Running] -- C:\Windows\System32\mbmiodrvr.sys -- (mbmiodrvr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "https://login.yahoo....ntl=us&.src=ym"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {bcb4f322-a177-4ecd-9c80-835d96e1e595}:0.1.3.20090408
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/25 15:11:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/15 22:30:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/27 20:07:04 | 000,000,000 | ---D | M]

[2010/05/15 22:30:11 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Mozilla\Extensions
[2010/06/13 18:14:55 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\rfbewqkr.default\extensions
[2010/05/15 22:36:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\rfbewqkr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/16 01:58:30 | 000,000,000 | ---D | M] (XML Digital Signature Procesing Tool) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\rfbewqkr.default\extensions\{bcb4f322-a177-4ecd-9c80-835d96e1e595}
[2010/05/29 20:52:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/29 20:52:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/29 20:51:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/06/14 19:49:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.co...sreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} file:///E:/win/setup/iaieplay.dll (IEPlayInterface Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....NPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} file:///E:/win/setup/iamce.dll (IAMCE Class)
O16 - DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} http://www.solidwork...dimdownload.cab (SolidWorks Installation Manager Contol)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 14:43:38 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.FSS -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/05/12 14:26:28 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/06/14 20:02:04 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\temp
[2010/06/14 20:01:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/06/14 19:47:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/06/14 19:39:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/06/14 18:40:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/14 18:30:43 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2010/06/13 21:20:48 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\FreeCAD
[2010/06/13 21:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\FreeCAD0.7
[2010/06/13 15:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/06/13 15:40:09 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/06/13 15:40:09 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/06/13 15:40:08 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/06/13 15:39:44 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/06/13 15:39:44 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/06/13 15:39:43 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/06/13 15:39:43 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/06/13 15:39:43 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/06/13 15:39:43 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/06/13 15:39:43 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/06/13 15:39:43 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/06/13 15:39:43 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/06/13 15:39:43 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/06/13 15:39:43 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/06/13 15:39:43 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/06/13 15:39:43 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/06/13 15:39:43 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/06/13 15:39:43 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/06/13 15:39:43 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/06/13 15:39:43 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/06/13 15:39:43 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/06/13 15:39:43 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/06/13 15:39:43 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/06/13 15:39:43 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/06/13 15:39:43 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/06/13 15:39:42 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/06/13 15:39:42 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/06/13 15:39:42 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/06/13 15:39:16 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/06/13 15:39:16 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/06/13 15:39:11 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/06/13 15:39:10 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/06/13 15:39:10 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/06/13 15:39:10 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/06/13 15:39:10 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2010/06/13 15:39:10 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/06/13 15:39:10 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/06/13 15:39:10 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/06/13 15:39:10 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2010/06/13 15:39:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2010/06/13 15:38:24 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/06/13 15:38:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/06/13 15:31:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/06/13 15:30:38 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/06/13 15:30:38 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/06/13 15:30:38 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/06/13 15:30:38 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/06/13 15:30:28 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/06/13 15:30:27 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/06/13 15:30:18 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/06/13 15:30:16 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/06/13 15:30:16 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/06/13 15:30:16 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/06/13 15:30:15 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/06/13 15:30:15 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/06/13 15:30:15 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/06/13 15:30:15 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/06/13 15:30:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/06/13 15:30:07 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/06/13 14:23:34 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/06/13 14:23:34 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/06/13 14:23:34 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/06/13 14:23:33 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/06/13 14:23:33 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/06/13 14:23:24 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/06/13 14:23:24 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/06/13 14:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/06/13 14:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/06/12 10:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/10 01:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/08 22:17:06 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\AVG9
[2010/06/08 22:00:08 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\Geeks To Go Recommendations
[2010/06/03 00:49:24 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jim\Desktop\HijackThisInstaller.exe
[2010/05/29 22:12:41 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/05/29 21:07:48 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Malwarebytes
[2010/05/29 21:07:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/29 21:07:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/29 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/29 21:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/29 20:53:48 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\WinPatrol
[2010/05/29 20:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/05/29 20:48:43 | 033,850,672 | ---- | C] (Apple Inc.) -- C:\Users\Jim\Desktop\QuickTimeInstaller.exe
[2010/05/27 19:59:25 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/05/27 19:59:20 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/05/27 19:58:11 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/05/27 19:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/27 19:55:42 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/26 01:49:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/05/25 17:47:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/05/25 17:47:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/05/25 17:47:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/05/25 17:47:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/25 17:34:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/24 12:15:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2010/05/22 23:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/05/22 23:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/05/22 22:35:42 | 000,000,000 | ---D | C] -- C:\Windows\Profiles
[2010/05/20 11:07:45 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\SWViewer
[2010/05/19 19:30:49 | 000,717,296 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010/05/19 19:30:03 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies Inc
[2010/05/16 04:11:31 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/16 04:10:28 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/05/16 04:10:28 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/05/16 04:10:09 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/05/16 04:10:09 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2007/04/16 18:09:21 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

========== Files - Modified Within 30 Days ==========

[2010/06/15 02:16:16 | 006,553,600 | -HS- | M] () -- C:\Users\Jim\ntuser.dat
[2010/06/15 01:49:23 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/15 01:49:23 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/15 01:26:48 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/14 22:26:06 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/14 20:15:55 | 002,672,312 | ---- | M] () -- C:\Users\Jim\Desktop\esetsmartinstaller_enu.exe
[2010/06/14 19:56:30 | 000,693,210 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/14 19:56:29 | 000,828,996 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/14 19:56:29 | 000,138,596 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/14 19:49:36 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/06/14 19:49:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/06/14 19:49:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/14 19:49:06 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2010/06/14 19:47:08 | 000,524,288 | -HS- | M] () -- C:\Users\Jim\ntuser.dat{e4ee5ffd-5264-11de-8ee9-001c2555092d}.TMContainer00000000000000000001.regtrans-ms
[2010/06/14 19:47:08 | 000,065,536 | -HS- | M] () -- C:\Users\Jim\ntuser.dat{e4ee5ffd-5264-11de-8ee9-001c2555092d}.TM.blf
[2010/06/14 19:47:07 | 006,291,456 | -H-- | M] () -- C:\Users\Jim\AppData\Local\IconCache.db
[2010/06/14 18:30:42 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2010/06/14 18:28:18 | 003,707,755 | R--- | M] () -- C:\Users\Jim\Desktop\ComboFix.exe
[2010/06/14 18:25:36 | 000,017,474 | ---- | M] () -- C:\Users\Jim\Documents\Food.xlsx
[2010/06/13 15:45:22 | 000,407,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/13 15:41:39 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/06/13 15:41:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/06/13 14:23:33 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/06/12 16:57:38 | 000,001,278 | ---- | M] () -- C:\Users\Jim\Documents\cc_20100612_165735.reg
[2010/06/12 16:57:23 | 000,003,208 | ---- | M] () -- C:\Users\Jim\Documents\cc_20100612_165719.reg
[2010/06/12 15:06:28 | 000,021,468 | ---- | M] () -- C:\Users\Jim\Documents\passwords.docx
[2010/06/09 06:31:05 | 001,032,449 | ---- | M] () -- C:\Users\Jim\Desktop\scan.jpg
[2010/06/08 00:23:18 | 000,043,008 | ---- | M] () -- C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/08 00:22:27 | 008,841,941 | ---- | M] () -- C:\Users\Jim\Desktop\Ellie Grad.wmv
[2010/06/07 22:42:31 | 002,056,909 | ---- | M] () -- C:\Users\Jim\Documents\Untitled.wma
[2010/06/07 22:21:33 | 000,691,200 | ---- | M] () -- C:\Users\Jim\Desktop\Ellie Grad.MSWMM
[2010/06/06 23:42:23 | 000,001,028 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\WavCodec.wff
[2010/06/03 00:49:22 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jim\Desktop\HijackThisInstaller.exe
[2010/06/02 20:15:26 | 000,012,710 | ---- | M] () -- C:\Users\Jim\Desktop\Purchases.xlsx
[2010/06/02 12:22:34 | 000,052,581 | ---- | M] () -- C:\Users\Jim\Desktop\Bank of America _ Online Banking _ Transaction Image Print2.pdf
[2010/06/02 12:22:24 | 000,052,012 | ---- | M] () -- C:\Users\Jim\Desktop\Bank of America _ Online Banking _ Transaction Image Print.pdf
[2010/06/01 15:47:09 | 000,000,998 | ---- | M] () -- C:\Users\Jim\Documents\cc_20100601_154705.reg
[2010/05/29 21:07:18 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/29 20:51:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/29 20:51:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/29 20:51:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/29 20:51:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/29 20:48:54 | 033,850,672 | ---- | M] (Apple Inc.) -- C:\Users\Jim\Desktop\QuickTimeInstaller.exe
[2010/05/28 18:28:50 | 000,001,932 | ---- | M] () -- C:\Users\Jim\Documents\cc_20100528_182846.reg
[2010/05/27 15:44:01 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/05/26 10:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/05/26 07:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/05/23 23:49:35 | 000,018,580 | ---- | M] () -- C:\Users\Jim\Documents\Contacts PRINT.xlsx
[2010/05/23 23:28:39 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/05/23 23:11:45 | 000,008,750 | ---- | M] () -- C:\Users\Jim\Documents\cc_20100523_231126.reg
[2010/05/21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/20 07:11:54 | 000,000,850 | ---- | M] () -- C:\Users\Jim\Documents\cc_20100520_071150.reg
[2010/05/19 20:20:23 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/05/19 20:20:23 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/05/19 19:30:49 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010/05/18 23:57:53 | 001,601,864 | ---- | M] () -- C:\Users\Jim\Documents\Costs to Adept.pdf
[2010/05/16 05:29:52 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/16 04:29:48 | 000,005,576 | ---- | M] () -- C:\Users\Jim\Documents\cc_20100516_042944.reg

========== Files Created - No Company Name ==========

[2010/06/14 20:15:46 | 002,672,312 | ---- | C] () -- C:\Users\Jim\Desktop\esetsmartinstaller_enu.exe
[2010/06/14 18:28:12 | 003,707,755 | R--- | C] () -- C:\Users\Jim\Desktop\ComboFix.exe
[2010/06/13 15:41:39 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/06/13 15:41:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/06/12 16:57:36 | 000,001,278 | ---- | C] () -- C:\Users\Jim\Documents\cc_20100612_165735.reg
[2010/06/12 16:57:21 | 000,003,208 | ---- | C] () -- C:\Users\Jim\Documents\cc_20100612_165719.reg
[2010/06/09 06:31:05 | 001,032,449 | ---- | C] () -- C:\Users\Jim\Desktop\scan.jpg
[2010/06/08 00:22:26 | 008,841,941 | ---- | C] () -- C:\Users\Jim\Desktop\Ellie Grad.wmv
[2010/06/07 22:42:30 | 002,056,909 | ---- | C] () -- C:\Users\Jim\Documents\Untitled.wma
[2010/06/07 22:21:33 | 000,691,200 | ---- | C] () -- C:\Users\Jim\Desktop\Ellie Grad.MSWMM
[2010/06/02 12:22:35 | 000,052,581 | ---- | C] () -- C:\Users\Jim\Desktop\Bank of America _ Online Banking _ Transaction Image Print2.pdf
[2010/06/02 12:22:26 | 000,052,012 | ---- | C] () -- C:\Users\Jim\Desktop\Bank of America _ Online Banking _ Transaction Image Print.pdf
[2010/06/01 19:05:30 | 000,012,710 | ---- | C] () -- C:\Users\Jim\Desktop\Purchases.xlsx
[2010/06/01 15:47:07 | 000,000,998 | ---- | C] () -- C:\Users\Jim\Documents\cc_20100601_154705.reg
[2010/05/29 21:07:18 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/28 18:28:47 | 000,001,932 | ---- | C] () -- C:\Users\Jim\Documents\cc_20100528_182846.reg
[2010/05/25 17:47:32 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/05/25 17:47:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/05/25 17:47:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/05/25 17:47:32 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/05/25 17:47:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/23 23:49:35 | 000,018,580 | ---- | C] () -- C:\Users\Jim\Documents\Contacts PRINT.xlsx
[2010/05/23 23:11:28 | 000,008,750 | ---- | C] () -- C:\Users\Jim\Documents\cc_20100523_231126.reg
[2010/05/20 07:11:52 | 000,000,850 | ---- | C] () -- C:\Users\Jim\Documents\cc_20100520_071150.reg
[2010/05/18 23:57:50 | 001,601,864 | ---- | C] () -- C:\Users\Jim\Documents\Costs to Adept.pdf
[2010/05/16 05:29:51 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/16 04:29:45 | 000,005,576 | ---- | C] () -- C:\Users\Jim\Documents\cc_20100516_042944.reg
[2010/05/16 03:38:32 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/14 02:42:42 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/08/22 20:51:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/25 15:26:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/02/21 15:13:45 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Dfdlg100.dll
[2009/02/21 15:13:45 | 000,002,427 | ---- | C] () -- C:\Windows\THERM5.ini
[2009/01/01 18:14:25 | 000,223,232 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2008/12/29 02:26:15 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008/12/15 23:51:31 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2008/08/28 01:05:26 | 000,000,061 | ---- | C] () -- C:\Windows\Jcmkr32.INI
[2008/08/25 16:40:14 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2008/08/20 23:45:02 | 000,000,283 | ---- | C] () -- C:\Windows\matlab.ini
[2008/07/03 19:23:11 | 000,003,943 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/06/29 18:11:16 | 000,000,000 | ---- | C] () -- C:\Windows\QTW.ini
[2008/03/27 18:53:54 | 000,000,611 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/07 19:04:22 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/02/26 20:17:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/02/26 20:16:42 | 000,000,079 | ---- | C] () -- C:\Windows\EPSCX7400.ini
[2008/01/16 14:26:18 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/01/16 14:26:18 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2007/08/08 09:54:10 | 000,028,968 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2007/04/16 18:41:33 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/04/16 18:09:21 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/04/16 17:28:29 | 000,000,818 | ---- | C] () -- C:\Windows\generic.ini
[2007/04/16 17:28:29 | 000,000,125 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/02/06 23:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/02/06 23:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/02/06 23:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/02/06 23:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/02/06 23:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/02/06 23:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/09/28 17:26:34 | 000,000,244 | ---- | C] () -- C:\Windows\System32\nirpc.ini
[2005/06/10 11:00:00 | 000,102,400 | ---- | C] () -- C:\Windows\System32\cviUSI.dll
[2005/06/10 11:00:00 | 000,007,140 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[2001/07/03 04:54:12 | 000,184,832 | ---- | C] () -- C:\Windows\System32\JPeg32.dll
[1999/07/29 01:27:10 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[1997/08/06 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
[1997/08/06 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997/08/06 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/04/16 18:09:58 | 000,003,358 | ---- | M] () -- C:\-20070416.log
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2006/09/18 14:43:38 | 000,000,024 | ---- | M] () -- C:\AUTOEXEC.FSS
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/04/16 17:29:05 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/06/14 20:02:03 | 000,022,915 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 14:43:38 | 000,000,010 | ---- | M] () -- C:\CONFIG.FSS
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/06/01 20:53:32 | 000,005,188 | -H-- | M] () -- C:\ffastun.ffa
[2008/06/01 20:53:32 | 001,196,032 | -H-- | M] () -- C:\ffastun.ffl
[2008/06/01 20:53:32 | 000,413,696 | -H-- | M] () -- C:\ffastun.ffo
[2008/06/01 20:53:32 | 012,079,104 | -H-- | M] () -- C:\ffastun0.ffx
[2010/05/29 20:57:11 | 000,028,713 | ---- | M] () -- C:\HijackPatrol.log
[2008/03/02 00:19:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/11/29 08:35:22 | 000,000,512 | ---- | M] () -- C:\MDR.iss
[2008/03/02 00:19:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/07/31 10:39:09 | 000,000,828 | ---- | M] () -- C:\net_save.dna
[2009/02/15 14:30:03 | 000,038,291 | ---- | M] () -- C:\NTFY_CD.LOG
[2010/06/14 19:49:00 | 3221,225,472 | -HS- | M] () -- C:\pagefile.sys
[2007/04/16 17:48:32 | 000,000,420 | ---- | M] () -- C:\RHDSetup.log
[2007/04/16 17:59:41 | 000,000,178 | ---- | M] () -- C:\setup.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/10 23:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /180 >
[2010/05/06 13:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/05/06 13:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/06 13:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/06 13:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/06 13:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/02/20 13:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 04:10:13 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 04:10:19 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 04:10:13 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2010/05/19 19:30:49 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010/02/18 07:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/02/18 04:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
< End of report >

________________________________________________________________________________
___________________________________________________________
6.
Computer seems to be running fine. The system has not had any of the symptoms I mentioned in my first post since my first attempt at cleaning. I haven't done anything too demanding to test performance yet.
  • 0

#6
SweetTech
Posted 15 June 2010 - 09:59 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Question:How will I ever be sure that my system is safe for online purchases/banking (at least as safe as it was before the infection)?
Answer: This is a tough question for me to answer, as I'm not really sure what type of damage was done before I got to it. I will do my best to remove all malware from your computer that I am able to see.

Question: Also, I have read GTGs' recommendations on free AV and Spyware, etc. I understand the choice of who's AV to use is up to the user and their opinions, but what types should a system have installed to be considered "protected"? For example, right now I'm using the free Avast, Windows firewall, Windows defender, WinPatrol, and daily updates/scans with Malwarebyte's Anti-Malware. What other programs (free) should I be running to have the best protection?
Answer: Avast is a great free Anti-Virus program to run on your system. I'd suggest installing a different Firewall as I'm not really big on the protection that the Windows firewall. I can recommend some free Firewall programs for you to use.

Question:If it is not much trouble can you point out, in which if any, the logs that show any type of infection being detected/removed?
Answer: I'm seeing some remedies of the infection that just need to be removed.



NEXT:



ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
RegLockDel::
[HKEY_USERS\S-1-5-21-106263510-2633795892-3628432610-1000\*¬ $*]
[HKEY_USERS\S-1-5-21-106263510-2633795892-3628432610-1000\S*" *]

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
:OTL
DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/06/14 20:15:55 | 002,672,312 | ---- | M] () -- C:\Users\Jim\Desktop\esetsmartinstaller_enu.exe

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Edited by SweetTech, 15 June 2010 - 10:00 AM.

  • 0

#7
Sprayall
Posted 15 June 2010 - 07:35 PM

Sprayall

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ran ComboFix. After "Completed Stage 4" popped up, error window popped up with "PEV.exe has stopped working". I did not click anything. ComboFix continued to run through remaining stages. ComboFix then rebooted the machine. I waited for ComboFix to finish and then saved log. Then, I went to extract JavaRa.zip using IZArc. IZArc would not run. Error "illegal operation attempted on a registry key that has been marked for deletion". So I rebooted again. IZArc then worked properly. Ran JavaRa.exe. It said "Removed C:\Program Files\Java\jre1.6.0_07." It said the log would be saved in C:\ under the filename JavaRa.log. Log did not automatically pop up. Searched entire system for JavaRa.log and found nothing. OTL ran normally with reboot. SecurityCheck.exe seemed to run fine. Logs are below.

BTW, regarding a firewall, I had planned on installing Comodo Firewall.

IMPORTANT Question: I noticed OTL only scans files created in last 30 days (at least I think I saw that setting in a pull down). My system was infected on 5/14/2010. Do I need to change that setting to longer than 30 days? Thanks again for your patience and assistance.

ComboFix 10-06-14.02 - Jim 06/15/2010 17:05:13.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1914 [GMT -7:00]
Running from: c:\users\Jim\Desktop\ComboFix.exe
Command switches used :: c:\users\Jim\Desktop\CFScript.txt
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-05-16 to 2010-06-16 )))))))))))))))))))))))))))))))
.

2010-06-16 00:15 . 2010-06-16 00:18 -------- d-----w- c:\users\Jim\AppData\Local\temp
2010-06-16 00:15 . 2010-06-16 00:15 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-16 00:15 . 2010-06-16 00:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-16 00:15 . 2010-06-16 00:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-15 01:40 . 2010-06-15 01:40 -------- d-----w- C:\_OTL
2010-06-14 04:20 . 2010-06-14 04:37 -------- d-----w- c:\users\Jim\AppData\Roaming\FreeCAD
2010-06-14 04:16 . 2010-06-14 04:16 -------- d-----w- c:\program files\FreeCAD0.7
2010-06-13 22:41 . 2010-06-13 22:41 -------- d-----w- c:\program files\Windows Portable Devices
2010-06-13 22:40 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-06-13 22:40 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-06-13 22:40 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-06-13 22:38 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-06-13 22:38 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-06-13 22:38 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-06-13 22:31 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-13 21:23 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-13 21:23 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-13 21:23 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-13 21:23 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-13 21:23 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-13 21:23 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-13 21:23 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-13 21:23 . 2010-06-13 21:23 -------- d-----w- c:\programdata\Alwil Software
2010-06-13 21:23 . 2010-06-13 21:23 -------- d-----w- c:\program files\Alwil Software
2010-06-10 08:18 . 2010-06-10 08:18 -------- d-----w- c:\program files\ERUNT
2010-06-09 05:17 . 2010-06-09 05:17 -------- d-----w- c:\users\Jim\AppData\Roaming\AVG9
2010-05-30 05:12 . 2010-05-30 05:12 -------- d-----w- C:\$AVG
2010-05-30 04:07 . 2010-05-30 04:07 -------- d-----w- c:\users\Jim\AppData\Roaming\Malwarebytes
2010-05-30 04:07 . 2010-05-30 04:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-30 04:07 . 2010-05-30 04:07 -------- d-----w- c:\programdata\Malwarebytes
2010-05-30 04:07 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-30 04:07 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-30 03:53 . 2010-05-30 03:53 -------- d-----w- c:\users\Jim\AppData\Roaming\WinPatrol
2010-05-30 03:53 . 2010-05-30 03:53 -------- d-----w- c:\program files\BillP Studios
2010-05-28 02:59 . 2010-03-04 17:33 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-05-28 02:55 . 2010-05-30 03:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-26 08:49 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-24 19:15 . 2010-06-15 01:43 -------- d-----w- c:\windows\system32\catroot2
2010-05-23 06:39 . 2010-05-28 02:28 -------- d-----w- c:\programdata\Norton
2010-05-23 06:39 . 2010-05-23 06:39 -------- d-----w- c:\programdata\NortonInstaller
2010-05-23 05:47 . 2010-05-23 05:47 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Nero
2010-05-23 05:35 . 2010-05-23 05:35 -------- d-----w- c:\windows\Profiles
2010-05-22 14:38 . 2010-05-22 14:38 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2010-05-22 01:21 . 2010-05-22 01:21 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\ATI
2010-05-22 01:21 . 2010-05-22 01:21 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\ATI
2010-05-20 02:30 . 2010-05-20 02:30 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-20 02:30 . 2010-05-20 02:30 -------- d-----w- c:\program files\LSoft Technologies Inc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-15 11:14 . 2010-04-30 06:30 -------- d-----w- c:\users\Jim\AppData\Roaming\Audacity
2010-06-15 10:32 . 2007-04-17 01:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-15 10:03 . 2010-04-21 03:55 -------- d-----w- c:\program files\Common Files\Akamai
2010-06-13 22:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-13 22:41 . 2010-06-13 22:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-06-13 22:41 . 2010-06-13 22:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-06-13 22:38 . 2007-04-17 01:00 -------- d-----w- c:\programdata\Microsoft Help
2010-05-30 03:52 . 2008-10-15 01:10 -------- d-----w- c:\program files\Common Files\Java
2010-05-30 03:51 . 2008-10-15 01:10 -------- d-----w- c:\program files\Java
2010-05-28 02:28 . 2007-04-17 00:52 -------- d-----w- c:\programdata\Symantec
2010-05-28 01:03 . 2007-04-17 00:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-26 17:06 . 2010-06-13 22:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-13 22:30 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 19:25 . 2009-01-27 08:31 -------- d-----w- c:\program files\CCleaner
2010-05-23 05:36 . 2008-02-27 01:23 113792 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-21 21:14 . 2010-05-16 11:11 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-20 02:30 . 2007-04-17 00:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-16 05:30 . 2010-05-16 05:30 0 ----a-w- c:\windows\nsreg.dat
2010-05-08 08:14 . 2008-02-27 01:28 113792 ----a-w- c:\users\Jim\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-07 08:08 . 2009-10-26 06:37 -------- d-----w- c:\users\Jim\AppData\Roaming\IM
2010-05-07 08:08 . 2009-10-26 06:38 -------- d-----w- c:\program files\Common Files\SolidWorks Installation Manager
2010-05-07 08:08 . 2010-05-07 07:22 -------- d-----w- c:\programdata\SolidWorks
2010-05-07 08:08 . 2008-03-04 07:34 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-07 08:07 . 2010-05-07 07:22 -------- d-----w- c:\program files\SolidWorks Corp
2010-05-07 08:07 . 2008-08-25 23:30 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2010-05-07 07:55 . 2008-08-25 23:41 -------- d-----w- c:\users\Jim\AppData\Roaming\SolidWorks
2010-05-04 19:15 . 2010-06-13 22:30 834048 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-13 22:30 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-01 14:13 . 2010-06-13 22:30 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 07:18 . 2010-04-30 06:34 -------- d-----w- c:\program files\FFmpeg for Audacity
2010-04-30 06:33 . 2010-04-30 06:33 -------- d-----w- c:\program files\Lame for Audacity
2010-04-30 06:30 . 2010-04-30 06:30 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-04-24 11:33 . 2009-11-14 12:12 -------- d-----w- c:\users\Jim\AppData\Roaming\EDrawings
2010-04-24 11:25 . 2010-04-09 07:28 -------- d-----w- c:\programdata\DassaultSystemes
2008-04-18 19:56 . 2009-04-26 10:39 753 ----a-w- c:\program files\setup.bat
2008-04-07 02:29 . 2008-04-07 02:25 35067 ----a-w- c:\program files\oaveuninstaller.exe
2008-01-24 22:27 . 2009-04-26 10:39 24 ----a-w- c:\program files\swdata1.id
2005-10-13 00:04 . 2005-10-13 00:04 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-07-10 16:23 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-26 323976]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-25 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 630784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-16 151552]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-28 2387968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
2007-01-24 17:27 319488 ----a-w- c:\acer\Empowering Technology\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2007-02-07 07:04 464168 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2007-07-04 02:08 834056 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 23:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-23 11:04 4423680 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-03-18 04:24 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a6,80,c9,ee,e7,f5,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-106263510-2633795892-3628432610-1000]
"EnableNotificationsRef"=dword:00000003

R3 atidgllk;atidgllk;c:\users\Jim\Desktop\NEW BIOS for 4830\HD4830_SJ3G01\HD4830\atidgllk.sys [x]
R3 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-07-10 53032]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-20 80744]
R4 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-05 266343]
R4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 133104]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-10-26 2799808]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-05-20 717296]
R4 usbsnoop;usbsnoop (display);c:\windows\system32\drivers\usbsnoop.sys [2009-05-26 40896]
R4 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-04-04 30152]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-03-16 180224]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-28 06:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 02:05]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 02:05]

2010-03-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-106263510-2633795892-3628432610-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
TCP: {2367C62A-EAEB-4796-AACA-43B0569F7911} = 4.2.2.1,4.2.2.2
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///E:/win/setup/iamce.dll
DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} - hxxp://www.solidworks.com/sw/support/subscription/sldimdownload.cab
FF - ProfilePath - c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\rfbewqkr.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=us&.src=ym
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Jim\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\users\Jim\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\Jim\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-15 17:17
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-106263510-2633795892-3628432610-1000\ *¬ $*]
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-106263510-2633795892-3628432610-1000\S*" *]
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="C95D0AC61487C02523CB39863FCDE4CBEA57AC35B7F4DEA5555AEA7D4645700DE317D448085
6033B8BC870E47DE69579A8C57D3BE4C97D5ABF3461176AE1770E17CBDFF91FA5083D9924A306CA4
1
2A75891D92F0063D542D09D0FA8C253BC2D1E6108ADB773B9D5ECCFC173D537DE6942DA5B69872E8
3
AB40BBDA6B19A035E4D8A5E88F22281A61AD9D4E45E35DEA272E30987F975069B4B5472A8DDE58E6
C
3D6D9361C82685992BA813F7C3834A486DB25877DD50F5F910A8C5956C12D5A1A2AE71F0E77DFA7F
1
5D68192CC464D56A654864B94373CE7E77DF25A3EA0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9
E
127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC
4
980AC79338EDD5E5BE2F6E667A9C6AECB7A5D1407E2A11DF0254674845B0E33ACD7493B74AD651B7
D
C4FD567D01298B9C9BCDA03D7BDFF5AA9F7556B1739881359EA523A7A43B980F6EFCB3757EA9896D
8
3D3DC07FC303561955250BA11C54D9BC9DA6810219B9F007BBDFBA10C7EF90D8FC84072C9899408D
2
99C78B91A0110EEECA826418C78DDD6C68562657C03A82C4B9C63369F690C3865D2804F34A8E6E06
2
D6CD3A21701669F77F01FB1976B8B8C096BEF06186D6DC304E0F75CF645D36B8D257D7D705F0DDC3
C
7B199143F297B769B2446FA1AF1402C7632F116E00095F4932F60AD1D0FA4C592B168F15F94CF6E4
2
03D97D7A2F61E35A567808C468B06939AC84D4DC00AFA47388D6BF46D03DFD73DE09798548D552E2
4
CEBA436A10E9F3E8F1EE06DF4ADB51DF6687DA7E45EEF31923275295814CE9DC0BF015FDF974442E
6
13CB7A1004317E10267562256023DC4F0A6877E2E8AEF52337C9BD766F7B3FDFCA7AF3FA06A8D833
1
B50A12A9DA8B55291A50E7A67A200BD259821423A745EE1E444DB45B6FFA0EB9C02C4A68208D659D
A
6586FB1EC2A91E9A70912B19D4F9C114C07410C53FB4DD57A858D6D5DC21297985EF9C5941675EDA
B
85F34AD47C28179AE468487C8012B2F9F6DFCAFE00FCCFDDB4AA13873CC8C54BDEA1D52D4B34E5B2
0
77456324CB07476700B45D7ED4B760945EC7A43CAA14D151245F4EC1068A5B89BF0B223F6032FD0F
8
1CD41F8A28AD5288EE10A6431CD5B62F4FF73B70F0F274692D0D61EBE3EC872A63A5EF25400E140F
2
31F747CD4A1065AF166A4677CDFD3C93E4860EA35AD44B47718466345214D7BBE24549F6FE9F8CAA
4
FA99C3BF71E5A9FB7BFB085C614ED730C107BDEB6720863CD1D129935B2DCFA323EEA7F120620A82
F
36FABBFEE93ECAB6AF60270D254FADA0C5C6CEA13E146EB825C8A4E5A2280B0AFDD114DAFA75B4A8
E
414F8DCA54B69A6EC68EA329FAA4C2707E37167F1F37AC62CAC6F6F23F23B1DE741B87292F2EC4C3
4
90A712200712DF556CC0B647C6ADD"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\locator.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-06-15 17:30:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-16 00:30
ComboFix2.txt 2010-06-15 03:02
ComboFix3.txt 2010-06-15 02:05
ComboFix4.txt 2010-05-26 01:28

Pre-Run: 83,107,917,824 bytes free
Post-Run: 83,131,650,048 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B82B6DB8EB423A44E698389E021F6B63
_____________________________________________________________________________

No JavaRa.log to post
______________________________________________________________________________

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
File C:\Users\Jim\Desktop\esetsmartinstaller_enu.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jim
->Temp folder emptied: 34724 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 32315209 bytes
->Flash cache emptied: 631 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 31.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jim
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06152010_175926

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

__________________________________________________________________________

Results of screen317's Security Check version 0.99.4
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner (remove only)
Java™ 6 Update 20
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader 9.3
Chinese Traditional Fonts Support For Adobe Reader 8
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
WinPatrol winpatrol.exe is disabled!
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning.

``````````End of Log````````````

Edited by Sprayall, 15 June 2010 - 07:38 PM.

  • 0

#8
SweetTech
Posted 15 June 2010 - 07:40 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Comodo Firewall is one that I usually recommend.

Could you please do me a favor and re-run JavaRa. Make sure that you right click on it first and run it as an administrator. That should give you less problems.
  • 0

#9
Sprayall
Posted 15 June 2010 - 07:51 PM

Sprayall

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Okay, it actually showed something being deleted. Should I run SecurityCheck again?


JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Jun 15 18:46:09 2010

Found and removed: C:\Program Files\Java\jre1.6.0_07 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07 Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\ ------------------------------------ Finished reporting.
  • 0

#10
SweetTech
Posted 15 June 2010 - 07:54 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



NEXT:



Firewall

Looking over your log it seems you don't have any evidence of a third party FIREWALL. As the term conveys a firewall is an extra layer of security installed onto computers which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders.

If you are using the built-in Windows XP firewall it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to phone home for more instructions. Simply put Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

I would recommend to install install a free firewall for personal use from one of these excellent vendors. Choice is yours:



NEXT:



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Clean-Up
Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.



NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE
  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here
    • If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
      • NoScript - for blocking ads and other potential website attacks
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
  • 0

#11
Sprayall
Posted 16 June 2010 - 12:18 AM

Sprayall

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you very much for all your help. Everything still seems to be working fine. If you think of anything else I should do please let me know. Thanks again.
  • 0

#12
SweetTech
Posted 16 June 2010 - 08:29 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
You are more than welcome. I am glad that I was able to be of assistance.

Take Care.

SweetTech.
  • 0

#13
SweetTech
Posted 16 June 2010 - 08:29 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP