Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Confirmed spambot, please help. [Solved]

Started by magnetik , Aug 06 2012 11:09 PM

  • This topic is locked This topic is locked

#1
magnetik
Posted 06 August 2012 - 11:09 PM

magnetik

    New Member

  • Member
  • Pip
  • 7 posts
Update: August 8th. I have confirmed that I have a spambot. I was on the phone with a friend and they told me that they received an email message from me with a link that their security software would not let them open.

Hi, I have a Windows XP SP3 machine on which I still do most of my office work.

After leaving the machine on for a few days while on vacation, I came home found that things didn't look quite right.

The font of the Start button and taskbar items had changed, and the quick launch icons were overlapping, something I had never seen before.

There was a message on my screen saying, "DEP has prevented gen service" or similar.

Now when I log off, I get a message about terminating Ping.exe, and when I kill it, the message comes back again.

The following is my OTL log:

OTL logfile created on: 8/6/2012 9:27:58 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = E:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 55.61% Memory free
2.84 Gb Paging File | 2.32 Gb Available in Paging File | 81.61% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 1.64 Gb Free Space | 8.38% Space Free | Partition Type: NTFS
Drive E: | 166.77 Gb Total Space | 39.38 Gb Free Space | 23.61% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/06 19:27:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2012/08/06 18:35:56 | 015,800,696 | ---- | M] (LogMeIn, Inc.) -- E:\Documents and Settings\Mike\Local Settings\Application Data\join.me\join.me.exe
PRC - [2012/07/19 09:28:25 | 000,913,888 | ---- | M] (Mozilla Corporation) -- E:\Programs\Firefox\firefox.exe
PRC - [2012/07/19 09:28:01 | 000,016,864 | ---- | M] (Mozilla Corporation) -- E:\Programs\Firefox\plugin-container.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2011/12/01 08:13:43 | 000,074,752 | ---- | M] () -- E:\Programs\Comcast Universal Caller ID\Comcast Universal Caller ID.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/06/17 13:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/04/08 08:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/05/06 11:16:00 | 001,556,480 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\Common\RaUI.exe
PRC - [2008/04/23 12:59:44 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/17 23:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/06 18:35:56 | 000,075,640 | ---- | M] () -- E:\Documents and Settings\Mike\Local Settings\Application Data\join.me\LMIInputHook32.dll
MOD - [2012/08/06 18:35:56 | 000,075,640 | ---- | M] () -- E:\Documents and Settings\Mike\Local Settings\Application Data\join.me\LMIFilterHook32-Clone000.dll
MOD - [2012/08/02 13:06:24 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2012/07/19 09:28:20 | 002,003,424 | ---- | M] () -- E:\Programs\Firefox\mozjs.dll
MOD - [2012/06/14 06:40:11 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/14 06:29:18 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/06/14 06:29:12 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/14 06:29:10 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/06/14 06:28:54 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/06/14 06:28:52 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/14 06:28:48 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2012/06/14 06:28:46 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/06/14 06:28:44 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/06/14 06:28:38 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2012/06/14 06:28:23 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/06/14 03:20:49 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
MOD - [2012/06/14 03:14:13 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll
MOD - [2012/06/13 21:44:34 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll
MOD - [2012/05/09 04:01:26 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/09 04:00:39 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/09 03:49:41 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0f9d7198d2c0a3953fb59b1aca0d35f7\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 03:49:19 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
MOD - [2012/05/09 03:49:15 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
MOD - [2012/05/09 03:19:35 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll
MOD - [2012/05/09 03:18:52 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/05/09 03:18:49 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/05/09 03:18:36 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/05/09 03:18:19 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/05/09 03:17:50 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- E:\Programs\FileZilla FTP Client\fzshellext.dll
MOD - [2011/12/01 08:13:43 | 000,074,752 | ---- | M] () -- E:\Programs\Comcast Universal Caller ID\Comcast Universal Caller ID.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/05 10:51:40 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/03/05 10:51:39 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/03/05 10:51:37 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/03/05 10:51:37 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/03/05 10:51:37 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/03/05 10:51:37 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/03/05 10:51:36 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/03/05 10:51:36 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/03/05 10:51:35 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/03/05 10:51:35 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/03/05 10:51:35 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/02/20 13:41:38 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/02/20 13:41:37 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2010/02/20 13:41:35 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/02/20 13:41:35 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/02/20 13:41:33 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/02/20 13:41:32 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/02/20 13:41:32 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/02/20 13:41:32 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/02/20 13:41:31 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/02/20 13:41:31 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/02/20 13:41:31 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2007/11/28 05:32:00 | 001,163,264 | ---- | M] () -- C:\Program Files\RALINK\Common\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/02 13:06:27 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/19 09:28:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/06/17 13:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/04/23 12:59:44 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\sthda.sys -- (STHDA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DOCUME~1\Mike\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2012/08/06 19:29:08 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/03/30 23:38:26 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2009/03/28 09:38:26 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2008/04/14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/05 12:46:04 | 000,491,648 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/08/17 13:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman)
DRV - [2001/08/17 13:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1)
DRV - [2001/08/17 13:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k)
DRV - [2001/08/17 13:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/08/17 09:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {C1E4A1A1-C1B9-44AD-B7F7-80CA7B1891A1}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{C1E4A1A1-C1B9-44AD-B7F7-80CA7B1891A1}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msnbc.msn.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Programs\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Programs\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: E:\Programs\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: E:\Programs\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: E:\Programs\Firefox\components [2012/07/19 09:28:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: E:\Programs\Firefox\plugins [2012/06/14 12:12:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: E:\Programs\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: E:\Programs\plugins

[2010/01/01 23:04:58 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2010/01/01 23:29:44 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\Deafult Profile Backup\extensions
[2010/01/01 23:29:44 | 000,000,000 | ---D | M] (Adblock Plus) -- E:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\Deafult Profile Backup\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/07/25 14:03:21 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\r5uh4r0r.default\extensions
[2010/04/30 13:07:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\r5uh4r0r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/01 23:36:25 | 000,000,000 | ---D | M] (Favicon Picker 3) -- E:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\r5uh4r0r.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2012/05/17 15:47:56 | 000,000,000 | ---D | M] (WOT) -- E:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\r5uh4r0r.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/06/14 12:11:51 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/07/23 19:13:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- E:\PROGRAMS\FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/14 12:12:38 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAMS\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

========== Chrome ==========

CHR - homepage: http://www.msnbc.msn.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.msnbc.msn.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Skype Toolbars (Enabled) = E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = E:\Documents and Settings\Mike\Application Data\Mozilla\plugins\npatgpc.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = E:\Programs\Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = E:\Programs\Firefox\plugins\NPOFF12.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Google Update (Enabled) = E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = E:\Programs\Picasa3\npPicasa3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = E:\Programs\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = E:\Programs\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = E:\Programs\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.27_0\
CHR - Extension: Skype Click to Call = E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\
CHR - Extension: Gmail = E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2003/03/31 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - Startup: E:\Documents and Settings\Mike\Start Menu\Programs\Startup\Comcast Universal Caller ID.lnk = E:\Programs\Comcast Universal Caller ID\Comcast Universal Caller ID.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://whartonmbacm...bex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D308BFCE-F612-4A36-B30B-127BCCE09F04}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: E:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/30 09:24:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b4c65a3e-61b4-11df-b52d-000129feb7af}\Shell\AutoRun\command - "" = H:\JDSecure\Windows\JDSecure31.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/06 21:38:29 | 004,731,392 | ---- | C] (AVAST Software) -- E:\Documents and Settings\Mike\Desktop\aswMBR.exe
[2012/08/06 19:29:08 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/08/06 19:27:11 | 000,596,480 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Mike\Desktop\OTL.exe
[2012/08/06 09:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2012/07/28 13:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2012/07/28 13:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan

========== Files - Modified Within 30 Days ==========

[2012/08/06 21:39:04 | 004,731,392 | ---- | M] (AVAST Software) -- E:\Documents and Settings\Mike\Desktop\aswMBR.exe
[2012/08/06 21:23:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/06 21:22:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/06 21:06:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/06 20:50:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-113007714-1417001333-1003UA.job
[2012/08/06 19:29:08 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/08/06 19:28:51 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/06 19:27:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Mike\Desktop\OTL.exe
[2012/08/06 09:54:29 | 000,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2012/08/06 09:54:29 | 000,001,811 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/08/06 09:50:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-113007714-1417001333-1003Core.job
[2012/08/06 02:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-OFFICE-Mike.job
[2012/08/05 19:57:49 | 000,002,267 | ---- | M] () -- E:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/04 18:23:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/25 14:57:23 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/24 15:22:09 | 000,002,355 | ---- | M] () -- E:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007 (2).lnk
[2012/07/23 09:52:14 | 000,002,393 | ---- | M] () -- E:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007 (2).lnk
[2012/07/20 11:47:26 | 000,203,900 | ---- | M] () -- E:\Documents and Settings\Mike\My Documents\Buddy Holly Story tickets.pdf
[2012/07/13 09:23:49 | 000,000,662 | ---- | M] () -- E:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/07/13 08:34:13 | 003,605,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/12 22:02:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/07/28 13:20:42 | 000,001,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2012/07/28 13:20:42 | 000,001,811 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/07/28 13:20:39 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/20 11:47:26 | 000,203,900 | ---- | C] () -- E:\Documents and Settings\Mike\My Documents\Buddy Holly Story tickets.pdf
[2012/03/24 15:03:32 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/15 07:54:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/01 21:42:18 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2012/01/01 21:42:05 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\rt2661.bin
[2012/01/01 21:42:05 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\rt2561s.bin
[2012/01/01 21:42:05 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\rt2561.bin
[2011/12/14 10:10:23 | 000,110,456 | ---- | C] () -- E:\Documents and Settings\Mike\g2ax_customer_downloadhelper_win32_x86.exe
[2011/11/05 11:40:19 | 000,786,504 | ---- | C] () -- C:\WINDOWS\System32\CNQ9602N.DAT
[2011/11/05 11:40:18 | 000,296,064 | ---- | C] () -- C:\WINDOWS\System32\CNQ9602W.DAT
[2011/09/09 07:50:14 | 000,058,824 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/08/20 14:49:33 | 000,000,115 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2011/06/03 12:58:45 | 000,060,304 | ---- | C] () -- E:\Documents and Settings\Mike\g2mdlhlpx.exe
[2010/07/03 17:16:40 | 000,025,488 | ---- | C] () -- E:\Documents and Settings\Mike\Application Data\Comma Separated Values (Windows).ADR
[2010/05/23 12:09:36 | 000,057,856 | ---- | C] () -- E:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2011/11/05 11:41:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\Canon
[2010/01/04 13:11:54 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2010/04/22 13:07:58 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\dimdim
[2012/01/16 17:29:18 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\FileZilla
[2012/04/24 22:22:01 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\foobar2000
[2010/01/02 00:03:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\Foxit
[2010/02/25 16:57:10 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\Foxit Software
[2010/03/06 16:25:02 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\ImgBurn
[2012/06/26 10:59:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\JCP
[2010/02/03 18:14:37 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\PDF Writer
[2011/01/02 16:27:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\rockbox.org
[2011/12/14 20:18:03 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\TeamViewer
[2012/03/29 13:48:00 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\webex
[2010/01/03 18:40:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\Windows Desktop Search
[2010/01/04 20:26:32 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\Windows Search

========== Purity Check ==========

< End of report >

Edited by magnetik, 08 August 2012 - 06:29 PM.

  • 0

Advertisements

#2
Gammo
Posted 10 August 2012 - 07:31 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
magnetik
Posted 10 August 2012 - 09:08 AM

magnetik

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi, thanks for the reply.

I am not home at the moment, but at the next opportunity I will post another OTL log.

This should be within 24 hours.
  • 0

#4
Gammo
Posted 10 August 2012 - 09:15 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Fine with me. :)
  • 0

#5
magnetik
Posted 11 August 2012 - 09:43 AM

magnetik

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I ran the OTL scan and did not get a new Extras file. Here's the OTL.txt log. I will append the Extras file from my previous scan, after the OTL log:

OTL logfile created on: 8/11/2012 11:13:20 AM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = E:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 71.37% Memory free
2.84 Gb Paging File | 2.54 Gb Available in Paging File | 89.44% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 1.54 Gb Free Space | 7.86% Space Free | Partition Type: NTFS
Drive E: | 166.77 Gb Total Space | 39.30 Gb Free Space | 23.56% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/06 19:27:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2011/12/01 08:13:43 | 000,074,752 | ---- | M] () -- E:\Programs\Comcast Universal Caller ID\Comcast Universal Caller ID.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/06/17 13:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/04/08 08:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/05/06 11:16:00 | 001,556,480 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\Common\RaUI.exe
PRC - [2008/04/23 12:59:44 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/17 23:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 06:40:11 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/14 06:29:18 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/06/14 06:29:12 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/14 06:29:10 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/06/14 06:28:54 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/06/14 06:28:52 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/14 06:28:48 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2012/06/14 06:28:46 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/06/14 06:28:44 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/06/14 06:28:38 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2012/06/14 06:28:23 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/06/14 03:20:49 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
MOD - [2012/06/14 03:14:13 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll
MOD - [2012/06/13 21:44:34 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll
MOD - [2012/05/09 04:01:26 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/09 04:00:39 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/09 03:49:41 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0f9d7198d2c0a3953fb59b1aca0d35f7\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 03:49:19 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
MOD - [2012/05/09 03:49:15 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
MOD - [2012/05/09 03:19:35 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll
MOD - [2012/05/09 03:18:52 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/05/09 03:18:49 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/05/09 03:18:36 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/05/09 03:18:19 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/05/09 03:17:50 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- E:\Programs\FileZilla FTP Client\fzshellext.dll
MOD - [2011/12/01 08:13:43 | 000,074,752 | ---- | M] () -- E:\Programs\Comcast Universal Caller ID\Comcast Universal Caller ID.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/05 10:51:40 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/03/05 10:51:39 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/03/05 10:51:37 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/03/05 10:51:37 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/03/05 10:51:37 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/03/05 10:51:37 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/03/05 10:51:36 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/03/05 10:51:36 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/03/05 10:51:35 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/03/05 10:51:35 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/03/05 10:51:35 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/02/20 13:41:38 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/02/20 13:41:37 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2010/02/20 13:41:35 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/02/20 13:41:35 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/02/20 13:41:33 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/02/20 13:41:32 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/02/20 13:41:32 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/02/20 13:41:32 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/02/20 13:41:31 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/02/20 13:41:31 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/02/20 13:41:31 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2007/11/28 05:32:00 | 001,163,264 | ---- | M] () -- C:\Program Files\RALINK\Common\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/02 13:06:27 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/19 09:28:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/06/17 13:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/04/23 12:59:44 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\sthda.sys -- (STHDA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DOCUME~1\Mike\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2012/08/06 19:29:08 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/03/30 23:38:26 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2009/03/28 09:38:26 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2008/04/14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/05 12:46:04 | 000,491,648 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/08/17 13:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman)
DRV - [2001/08/17 13:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1)
DRV - [2001/08/17 13:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k)
DRV - [2001/08/17 13:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/08/17 09:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1547161642-113007714-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
IE - HKU\S-1-5-21-1547161642-113007714-1417001333-1003\..\SearchScopes,DefaultScope = {C1E4A1A1-C1B9-44AD-B7F7-80CA7B1891A1}
IE - HKU\S-1-5-21-1547161642-113007714-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1547161642-113007714-1417001333-1003\..\SearchScopes\{C1E4A1A1-C1B9-44AD-B7F7-80CA7B1891A1}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-1547161642-113007714-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1547161642-113007714-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msnbc.msn.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Programs\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Programs\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: E:\Programs\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: E:\Programs\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: E:\Programs\Firefox\components [2012/07/19 09:28:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: E:\Programs\Firefox\plugins [2012/06/14 12:12:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: E:\Programs\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: E:\Programs\plugins

[2010/01/01 23:04:58 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2010/01/01 23:29:44 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\Deafult Profile Backup\extensions
[2010/01/01 23:29:44 | 000,000,000 | ---D | M] (Adblock Plus) -- E:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\Deafult Profile Backup\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/07/25 14:03:21 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\r5uh4r0r.default\extensions
[2010/04/30 13:07:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\r5uh4r0r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/01 23:36:25 | 000,000,000 | ---D | M] (Favicon Picker 3) -- E:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\r5uh4r0r.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2012/05/17 15:47:56 | 000,000,000 | ---D | M] (WOT) -- E:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\r5uh4r0r.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/06/14 12:11:51 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/07/23 19:13:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- E:\PROGRAMS\FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/14 12:12:38 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAMS\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

========== Chrome ==========

CHR - homepage: http://www.msnbc.msn.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.msnbc.msn.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Skype Toolbars (Enabled) = E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = E:\Documents and Settings\Mike\Application Data\Mozilla\plugins\npatgpc.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = E:\Programs\Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = E:\Programs\Firefox\plugins\NPOFF12.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Google Update (Enabled) = E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = E:\Programs\Picasa3\npPicasa3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = E:\Programs\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = E:\Programs\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = E:\Programs\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.27_0\
CHR - Extension: Skype Click to Call = E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\
CHR - Extension: Gmail = E:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2003/03/31 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - Startup: E:\Documents and Settings\Mike\Start Menu\Programs\Startup\Comcast Universal Caller ID.lnk = E:\Programs\Comcast Universal Caller ID\Comcast Universal Caller ID.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-113007714-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1547161642-113007714-1417001333-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://whartonmbacm...bex/ieatgpc.cab (GpcContainer Class)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: E:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/30 09:24:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b4c65a3e-61b4-11df-b52d-000129feb7af}\Shell\AutoRun\command - "" = H:\JDSecure\Windows\JDSecure31.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/07 20:38:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/08/06 21:38:29 | 004,731,392 | ---- | C] (AVAST Software) -- E:\Documents and Settings\Mike\Desktop\aswMBR.exe
[2012/08/06 19:29:08 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/08/06 19:27:11 | 000,596,480 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Mike\Desktop\OTL.exe
[2012/08/06 09:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2012/07/28 13:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2012/07/28 13:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan

========== Files - Modified Within 30 Days ==========

[2012/08/11 11:06:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/11 10:50:10 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-113007714-1417001333-1003UA.job
[2012/08/11 10:23:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/11 10:22:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/10 09:50:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-113007714-1417001333-1003Core.job
[2012/08/10 02:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-OFFICE-Mike.job
[2012/08/09 15:14:43 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/07 22:04:34 | 000,000,512 | ---- | M] () -- E:\Documents and Settings\Mike\Desktop\MBR.dat
[2012/08/06 21:39:04 | 004,731,392 | ---- | M] (AVAST Software) -- E:\Documents and Settings\Mike\Desktop\aswMBR.exe
[2012/08/06 19:29:08 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/08/06 19:28:51 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/06 19:27:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Mike\Desktop\OTL.exe
[2012/08/06 09:54:29 | 000,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2012/08/06 09:54:29 | 000,001,811 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/08/05 19:57:49 | 000,002,267 | ---- | M] () -- E:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/04 18:23:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/24 15:22:09 | 000,002,355 | ---- | M] () -- E:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007 (2).lnk
[2012/07/23 09:52:14 | 000,002,393 | ---- | M] () -- E:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007 (2).lnk
[2012/07/20 11:47:26 | 000,203,900 | ---- | M] () -- E:\Documents and Settings\Mike\My Documents\Buddy Holly Story tickets.pdf
[2012/07/13 09:23:49 | 000,000,662 | ---- | M] () -- E:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/07/13 08:34:13 | 003,605,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/12 22:02:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/08/06 21:50:32 | 000,000,512 | ---- | C] () -- E:\Documents and Settings\Mike\Desktop\MBR.dat
[2012/07/28 13:20:42 | 000,001,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2012/07/28 13:20:42 | 000,001,811 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/07/28 13:20:39 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/20 11:47:26 | 000,203,900 | ---- | C] () -- E:\Documents and Settings\Mike\My Documents\Buddy Holly Story tickets.pdf
[2012/03/24 15:03:32 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/15 07:54:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/01 21:42:18 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2012/01/01 21:42:05 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\rt2661.bin
[2012/01/01 21:42:05 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\rt2561s.bin
[2012/01/01 21:42:05 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\rt2561.bin
[2011/12/14 10:10:23 | 000,110,456 | ---- | C] () -- E:\Documents and Settings\Mike\g2ax_customer_downloadhelper_win32_x86.exe
[2011/11/05 11:40:19 | 000,786,504 | ---- | C] () -- C:\WINDOWS\System32\CNQ9602N.DAT
[2011/11/05 11:40:18 | 000,296,064 | ---- | C] () -- C:\WINDOWS\System32\CNQ9602W.DAT
[2011/09/09 07:50:14 | 000,058,824 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/08/20 14:49:33 | 000,000,115 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2011/06/03 12:58:45 | 000,060,304 | ---- | C] () -- E:\Documents and Settings\Mike\g2mdlhlpx.exe
[2010/07/03 17:16:40 | 000,025,488 | ---- | C] () -- E:\Documents and Settings\Mike\Application Data\Comma Separated Values (Windows).ADR
[2010/05/23 12:09:36 | 000,057,856 | ---- | C] () -- E:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2011/11/05 11:41:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\Canon
[2010/01/04 13:11:54 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2010/04/22 13:07:58 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\dimdim
[2012/01/16 17:29:18 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\FileZilla
[2012/04/24 22:22:01 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\foobar2000
[2010/01/02 00:03:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\Foxit
[2010/02/25 16:57:10 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\Foxit Software
[2010/03/06 16:25:02 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\ImgBurn
[2012/06/26 10:59:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\JCP
[2010/02/03 18:14:37 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\PDF Writer
[2011/01/02 16:27:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\rockbox.org
[2011/12/14 20:18:03 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\TeamViewer
[2012/03/29 13:48:00 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\webex
[2010/01/03 18:40:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\Windows Desktop Search
[2010/01/04 20:26:32 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Mike\Application Data\Windows Search

========== Purity Check ==========



< End of report >

Here's the Extras file from scan earlier this week:

OTL Extras logfile created on: 8/6/2012 9:27:58 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = E:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 55.61% Memory free
2.84 Gb Paging File | 2.32 Gb Available in Paging File | 81.61% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 1.64 Gb Free Space | 8.38% Space Free | Partition Type: NTFS
Drive E: | 166.77 Gb Total Space | 39.38 Gb Free Space | 23.61% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Programs\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- E:\Programs\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dimdim\Plugin\Application\Dimdim.exe" = C:\Program Files\Dimdim\Plugin\Application\Dimdim.exe:*:Enabled:Dimdim
"C:\Documents and Settings\All Users\Application Data\Dimdim\Updater\next.exe" = C:\Documents and Settings\All Users\Application Data\Dimdim\Updater\next.exe:*:Enabled:next
"C:\Program Files\Dimdim\Plugin\Application\myScreen.exe" = C:\Program Files\Dimdim\Plugin\Application\myScreen.exe:*:Enabled:myScreen
"H:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe" = H:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe:*:Enabled:Windows Messanger
"C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe" = C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe:*:Enabled:Windows Messanger
"E:\Programs\Java\jre6\bin\java.exe" = E:\Programs\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9602" = CanoScan 9000F Scanner Driver
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{20ED157B-1A84-4DF7-945E-4951A38A9CBA}" = iPod Reset Utility
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{32E1E918-4FBE-CA4E-DAEA-5CE418514A63}" = Comcast Universal Caller ID
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C391720-EAA2-012B-AE98-000000000000}" = TurboTax 2009 wpaiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{4647B1E4-9907-4A58-963C-E785DF674C3E}" = TurboTax 2010 wpaiper
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6C528316-05A0-4594-A949-94B792EC396C}" = TurboTax 2011 wpaiper
"{733A1884-C946-49EC-8177-41E7526803CC}" = Cisco WebEx Meeting Center for Firefox or Chrome
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{993A94A9-DCE3-4774-B35D-D8C74FC1E0BE}" = Royale Remixed Theme
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C82F54A0-FB7A-4A5D-BCA2-9992EB7ED122}" = TurboTax 2011 widiper
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}" = ArcSoft PhotoStudio 6
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink Wireless LAN
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"7-Zip" = 7-Zip 4.65
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1136
"Canon CanoScan 9000F User Registration" = Canon CanoScan 9000F User Registration
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CobBackup9" = Cobian Backup 9
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1" = Comcast Universal Caller ID
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"FileZilla Client" = FileZilla Client 3.5.3
"foobar2000" = foobar2000 v1.0.2.1
"Foxit Reader" = Foxit Reader
"Google Calendar Sync" = Google Calendar Sync
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.8.0
"Picasa 3" = Picasa 3
"PROSet" = Intel® PRO Network Connections Drivers
"RealAlt_is1" = Real Alternative 2.0.1
"SpeedFan" = SpeedFan (remove only)
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"JoinMe" = join.me

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/1/2012 1:06:02 PM | Computer Name = OFFICE | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.268,
faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.

Error - 8/2/2012 3:06:03 AM | Computer Name = OFFICE | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.268,
faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.

Error - 8/2/2012 1:20:01 PM | Computer Name = OFFICE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/2/2012 1:20:01 PM | Computer Name = OFFICE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/3/2012 8:18:02 PM | Computer Name = OFFICE | Source = Application Error | ID = 1004
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.268,
faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.

Error - 8/3/2012 8:18:50 PM | Computer Name = OFFICE | Source = Application Error | ID = 1004
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.268,
faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.

Error - 8/3/2012 8:18:52 PM | Computer Name = OFFICE | Source = Application Error | ID = 1004
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.268,
faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.

Error - 8/6/2012 9:12:34 AM | Computer Name = OFFICE | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 8/6/2012 9:26:45 AM | Computer Name = OFFICE | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 8/6/2012 9:52:08 AM | Computer Name = OFFICE | Source = Application Error | ID = 1001
Description = Fault bucket 00536409.

[ OSession Events ]
Error - 2/19/2010 3:55:38 PM | Computer Name = OFFICE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 15399 seconds with 360 seconds of active time. This session ended with a
crash.

Error - 2/19/2010 3:55:50 PM | Computer Name = OFFICE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/17/2011 11:15:40 PM | Computer Name = OFFICE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 56
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/28/2011 9:01:29 PM | Computer Name = OFFICE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/18/2011 10:54:13 AM | Computer Name = OFFICE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 5552 seconds with 3240 seconds of active time. This session ended with a
crash.

Error - 9/23/2011 2:16:22 PM | Computer Name = OFFICE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 3576 seconds with 1440 seconds of active time. This session ended with a
crash.

Error - 10/13/2011 5:17:50 PM | Computer Name = OFFICE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 30825
seconds with 2220 seconds of active time. This session ended with a crash.

Error - 2/9/2012 12:51:58 PM | Computer Name = OFFICE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14316
seconds with 2040 seconds of active time. This session ended with a crash.

Error - 3/8/2012 1:54:28 PM | Computer Name = OFFICE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18307
seconds with 4860 seconds of active time. This session ended with a crash.

Error - 5/1/2012 1:22:38 PM | Computer Name = OFFICE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21735
seconds with 2280 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/5/2012 7:24:18 PM | Computer Name = OFFICE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 8/6/2012 9:09:22 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 8/6/2012 9:25:14 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 8/6/2012 11:27:12 AM | Computer Name = OFFICE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 8/6/2012 1:29:30 PM | Computer Name = OFFICE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 8/6/2012 3:30:51 PM | Computer Name = OFFICE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 8/6/2012 5:31:10 PM | Computer Name = OFFICE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 8/6/2012 7:31:35 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 8/6/2012 9:22:25 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 8/6/2012 9:24:18 PM | Computer Name = OFFICE | Source = System Error | ID = 1003
Description = Error code 000000c2, parameter1 00000007, parameter2 00000cd4, parameter3
0000003f, parameter4 8a0d4008.


< End of report >

Edited by magnetik, 11 August 2012 - 10:00 AM.

  • 0

#6
Gammo
Posted 12 August 2012 - 11:14 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes

:Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"H:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe" =-
"C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe" =-

:Files
C:\RECYCLER\k-1-3542-4232123213-7676767-8888886
D:\RECYCLER\k-1-3542-4232123213-7676767-8888886
E:\RECYCLER\k-1-3542-4232123213-7676767-8888886
F:\RECYCLER\k-1-3542-4232123213-7676767-8888886
G:\RECYCLER\k-1-3542-4232123213-7676767-8888886
H:\RECYCLER\k-1-3542-4232123213-7676767-8888886
I:\RECYCLER\k-1-3542-4232123213-7676767-8888886
J:\RECYCLER\k-1-3542-4232123213-7676767-8888886

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
magnetik
Posted 12 August 2012 - 07:19 PM

magnetik

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for your response. I followed your instructions. Below are the OTM and ComboFix logs. Computer appears to be fully functional. Once you've had an opportunity to review the logs, please advise me on next steps. I would like to confirm my system is clean before resuming use of my email client. Thanks.

OTM log:

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\H:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe" not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe" not found.
========== FILES ==========
C:\RECYCLER\k-1-3542-4232123213-7676767-8888886 folder moved successfully.
File/Folder D:\RECYCLER\k-1-3542-4232123213-7676767-8888886 not found.
File/Folder E:\RECYCLER\k-1-3542-4232123213-7676767-8888886 not found.
File/Folder F:\RECYCLER\k-1-3542-4232123213-7676767-8888886 not found.
File/Folder G:\RECYCLER\k-1-3542-4232123213-7676767-8888886 not found.
File/Folder H:\RECYCLER\k-1-3542-4232123213-7676767-8888886 not found.
File/Folder I:\RECYCLER\k-1-3542-4232123213-7676767-8888886 not found.
File/Folder J:\RECYCLER\k-1-3542-4232123213-7676767-8888886 not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Mike
->Temp folder emptied: 74667672 bytes
->Temporary Internet Files folder emptied: 181337162 bytes
->Java cache emptied: 4002822 bytes
->FireFox cache emptied: 72706914 bytes
->Google Chrome cache emptied: 219431890 bytes
->Apple Safari cache emptied: 18279424 bytes
->Flash cache emptied: 235429 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12961211 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 288129798 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 171855228 bytes

Total Files Cleaned = 995.00 mb

Error creating restore point.

[EMPTYFLASH]

User: Mike
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 08122012_202321

ComboFix log:

ComboFix 12-08-10.02 - Mike 08/12/2012 20:47:03.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.832 [GMT -4:00]
Running from: e:\documents and settings\Mike\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\documents and settings\Mike\g2ax_customer_downloadhelper_win32_x86.exe
e:\documents and settings\Mike\g2mdlhlpx.exe
e:\documents and settings\Mike\Recent\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-08 00:39 . 2012-08-08 00:39 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-08-06 23:29 . 2012-08-06 23:29 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-28 17:20 . 2012-07-28 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2012-07-28 17:20 . 2012-08-06 13:54 -------- d-----w- c:\program files\McAfee Security Scan
2012-07-28 17:20 . 2012-08-02 17:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-28 17:20 . 2012-08-02 17:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:46 . 2010-01-02 03:47 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-14 16:11 . 2012-06-14 16:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-14 16:11 . 2012-06-14 16:12 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-14 16:11 . 2010-05-03 17:55 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:19 . 2008-04-14 05:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 09:42 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-14 09:42 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 09:42 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2009-08-07 00:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2009-12-30 13:21 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2009-12-30 13:21 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2009-12-30 13:21 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2009-12-30 13:21 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2009-12-30 13:21 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2009-08-07 00:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2008-04-14 09:41 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-07 00:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2009-12-30 13:21 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2009-12-30 13:21 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2011-04-19 14:01 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2011-04-19 14:01 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2011-04-19 14:01 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-14 09:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-04-14 09:42 916992 ----a-w- c:\windows\system32\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="e:\programs\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
e:\documents and settings\Mike\Start Menu\Programs\Startup\
Comcast Universal Caller ID.lnk - e:\programs\Comcast Universal Caller ID\Comcast Universal Caller ID.exe [2011-12-1 74752]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2012-1-1 1556480]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dimdim.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dimdim.lnk
backup=c:\windows\pss\Dimdim.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WSearch"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"e:\\Programs\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [5/30/2010 5:02 PM 20968]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [3/28/2009 9:38 AM 31896]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [7/5/2012 6:41 PM 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/6/2012 7:49 AM 250056]
S3 ALSysIO;ALSysIO;\??\e:\docume~1\Mike\LOCALS~1\Temp\ALSysIO.sys --> e:\docume~1\Mike\LOCALS~1\Temp\ALSysIO.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/6/2012 7:29 PM 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [6/17/2011 1:33 PM 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/4/2012 7:10 AM 113120]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 17:06]
.
2012-08-10 c:\windows\Tasks\AdobeAAMUpdater-1.0-OFFICE-Mike.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-12-08 08:44]
.
2012-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-113007714-1417001333-1003Core.job
- e:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-17 20:30]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-113007714-1417001333-1003UA.job
- e:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-17 20:30]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - e:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\r5uh4r0r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Mozilla Firefox (3.5.6) - e:\programs\uninstall\helper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-12 20:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-08-12 20:58:39
ComboFix-quarantined-files.txt 2012-08-13 00:58
.
Pre-Run: 1,762,013,184 bytes free
Post-Run: 1,784,745,984 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6851913B44121FA3351CF1B8F0F57FD3
  • 0

#8
Gammo
Posted 13 August 2012 - 04:53 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Please change the password of your email account.





Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Google Chrome and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

The WOT add-on will nicely help to enhance your security, no matter which web browser you use. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:
  • 0

#9
magnetik
Posted 13 August 2012 - 06:16 AM

magnetik

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Gammo,

Thanks for your help!
  • 0

#10
Gammo
Posted 13 August 2012 - 06:56 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP