Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Gen, Trojan.FakeAV!gen 42 can't be cleaned

Started by deegeesmith , Mar 28 2011 10:58 AM

  • This topic is locked This topic is locked

#1
deegeesmith
Posted 28 March 2011 - 10:58 AM

deegeesmith

    New Member

  • Member
  • Pip
  • 6 posts
Norton AV quarantined these two trojans but I'm still infrected. I'm on a Vista system and getting BSOD's and Intrusion attempts regularly. I've run a full Norton scan, a full MSFT Malicious software removal scan and a full SpyBot scan and none of them pick up on any virus signatures.

This thing seems to be lurking in my drivers (hence the BSODs) and is beaconing to the controller over ports 80 and 443 which is trying to download Here's what the Norton log says:

Intrusion detected and blocked. Risk name: TidServ Activity 2
from 68.168.212.18 443
from 68.168.212.19 443
from 68.168.212.29 443
from 91.199.75.37

Intrusion detected and blocked. Risk name: Malicious Toolkit Website 8
from 89.149.236.142:80

Suspicious.Cloud.5 quarantined
6e27.tmp

Trojan.Gen quarantined
ymp.exe

Trojan.FakeAV!gen42 detected
woxmsncera.exe

Suspicious.Cloud.5 detected
70e5.tmp


Here's the OTL log
OTL logfile created on: 3/25/2011 1:57:41 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\dgsmith\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free
7.00 Gb Paging File | 4.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.99 Gb Total Space | 30.40 Gb Free Space | 22.19% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.71 Gb Free Space | 57.09% Space Free | Partition Type: NTFS

Computer Name: XPS-M1710 | User Name: dgsmith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/25 13:56:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\dgsmith\Desktop\OTL.exe
PRC - [2011/01/25 00:55:56 | 001,948,736 | ---- | M] (ES-Computing) -- C:\Program Files\EditPlus 3\editplus.exe
PRC - [2010/11/30 06:49:38 | 000,024,636 | ---- | M] (Apache Software Foundation) -- C:\Program Files\CollabNet\svn\bin\httpd.exe
PRC - [2010/11/25 22:48:46 | 000,619,288 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/11/23 19:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/04/04 10:38:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
PRC - [2010/04/04 10:38:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/27 22:19:26 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/01/19 00:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2007/09/26 22:57:34 | 060,059,648 | ---- | M] (Oracle Corporation) -- c:\oracle\product\10.2.0\db_1\bin\oracle.exe
PRC - [2007/07/20 18:13:26 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/07/20 18:11:12 | 000,390,424 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/03/29 17:37:00 | 000,045,161 | ---- | M] () -- C:\oracle\product\10.2.0\db_1\jdk\bin\java.exe
PRC - [2007/01/12 10:51:28 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2006/11/14 07:25:34 | 000,006,656 | ---- | M] (Oracle Corporation) -- C:\oracle\product\10.2.0\db_1\bin\emagent.exe
PRC - [2006/11/14 07:22:54 | 000,024,064 | ---- | M] (Oracle Corporation) -- C:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe
PRC - [2006/11/03 17:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 17:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/10/12 01:35:06 | 000,053,248 | ---- | M] (Oracle) -- C:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exe
PRC - [2006/10/10 06:03:22 | 000,208,896 | ---- | M] () -- C:\oracle\product\10.2.0\db_1\bin\TNSLSNR.EXE
PRC - [2004/11/15 10:35:30 | 000,016,384 | ---- | M] () -- C:\oracle\product\10.2.0\db_1\perl\5.8.3\bin\MSWin32-x86-multi-thread\perl.exe


========== Modules (SafeList) ==========

MOD - [2011/03/25 13:56:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\dgsmith\Desktop\OTL.exe
MOD - [2011/01/22 14:05:59 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2011/01/22 14:05:59 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
MOD - [2010/12/03 23:58:45 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\asoehook.dll
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/30 06:49:38 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\CollabNet\svn\bin\httpd.exe -- (CollabNetSubversionServer)
SRV - [2010/11/23 19:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/04/04 10:38:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Windows\System32\java.exe -- (CSVNConsole)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/26 22:57:34 | 060,059,648 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE -- (OracleServiceORCL)
SRV - [2007/07/20 18:11:12 | 000,390,424 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc)
SRV - [2007/02/22 18:39:44 | 002,808,664 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2006/11/16 17:41:46 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oracle\product\10.2.0\db_1\Bin\extjob.exe -- (OracleJobSchedulerORCL)
SRV - [2006/11/14 07:22:54 | 000,024,064 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe -- (OracleDBConsoleorcl)
SRV - [2006/10/12 01:35:06 | 000,053,248 | ---- | M] (Oracle) [Auto | Running] -- C:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exe -- (OracleOraDb10g_home1iSQL*Plus)
SRV - [2006/10/10 06:03:22 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe -- (OracleOraDb10g_home1TNSListener)


========== Driver Services (SafeList) ==========

DRV - [2011/03/16 21:19:37 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110325.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/16 21:19:37 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110325.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/02/25 14:59:12 | 000,800,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/12/12 16:36:47 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/12/12 16:36:47 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/12/12 16:32:26 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/11/30 22:23:59 | 000,330,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/11/22 21:08:31 | 000,509,560 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/22 21:08:31 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/17 19:59:55 | 000,652,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/15 18:45:33 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010/11/08 17:50:30 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110324.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/10/20 19:28:36 | 000,340,016 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS -- (SymDS)
DRV - [2010/07/27 01:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)
DRV - [2010/07/27 01:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/04/19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2008/10/27 22:34:26 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/11/20 17:58:02] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2008/02/22 05:46:00 | 007,598,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/18 22:55:32 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/01/28 22:23:34 | 000,061,312 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
DRV - [2007/01/12 10:52:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/20 12:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/20 12:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/20 12:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/11 16:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 00:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca...=ca&ibd=4070823

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.1
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/01/06 18:25:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/01/06 13:56:43 | 000,000,000 | ---D | M]

[2009/11/19 23:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dgsmith\AppData\Roaming\mozilla\Extensions
[2011/03/23 12:26:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dgsmith\AppData\Roaming\mozilla\Firefox\Profiles\uaj36veu.default\extensions
[2010/04/27 14:19:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\dgsmith\AppData\Roaming\mozilla\Firefox\Profiles\uaj36veu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/25 23:44:51 | 000,000,000 | ---D | M] (Google Analytics Opt-out Browser Add-on) -- C:\Users\dgsmith\AppData\Roaming\mozilla\Firefox\Profiles\uaj36veu.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}
[2011/03/24 13:12:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/01 11:58:25 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/01/06 13:56:43 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN
[2011/01/06 18:25:29 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2010/06/10 13:05:21 | 000,061,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll

O1 HOSTS File: ([2007/10/11 20:35:13 | 000,000,763 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\Windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dsct.local ([xps-m1710] http in Local intranet)
O15 - HKCU\..Trusted Domains: gov.bc.ca ([spring] https in Trusted sites)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.91.107.11 209.121.225.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DSCT.local
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2de0ffe5-3122-11dd-9f75-001c23066d76}\Shell\AutoRun\command - "" = .\MigWiz\migsetup.exe
O33 - MountPoints2\{6f29b0ba-8950-11dc-848f-001c23066d76}\Shell - "" = AutoRun
O33 - MountPoints2\{6f29b0ba-8950-11dc-848f-001c23066d76}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autoRcd.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/25 13:56:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\dgsmith\Desktop\OTL.exe
[2011/03/25 05:45:54 | 012,502,472 | ---- | C] (Microsoft Corporation) -- C:\Users\dgsmith\Desktop\windows-kb890830-v3.17.exe
[2011/03/24 21:45:00 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\dgsmith\Desktop\spybotsd162.exe
[2011/03/24 21:16:43 | 000,000,000 | ---D | C] -- C:\Users\dgsmith\Desktop\autoruns
[2011/03/24 19:55:36 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/03/24 19:55:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/03/24 19:55:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/03/24 19:55:35 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/03/24 19:55:35 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/03/24 19:55:35 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/03/24 19:55:35 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/03/24 19:55:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/03/24 19:55:33 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/03/24 19:55:33 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/03/24 19:55:33 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/03/24 19:55:33 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/03/24 19:55:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/03/24 19:55:32 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/03/24 19:55:32 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/03/24 19:55:32 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/03/24 19:55:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/03/24 19:55:32 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/03/24 19:55:32 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/03/24 19:55:32 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/03/24 19:55:32 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/03/24 19:55:32 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/03/24 19:55:32 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/03/24 19:55:32 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/03/24 19:55:31 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/03/24 19:55:31 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/03/24 19:55:31 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/03/24 19:55:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/03/24 19:55:31 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/03/24 19:55:31 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/03/24 19:55:30 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/03/24 19:55:30 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/03/24 19:55:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/03/24 19:55:30 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/03/24 19:55:30 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/03/24 19:55:30 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/03/24 19:55:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/03/24 19:55:30 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/03/24 19:55:30 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/03/24 19:50:00 | 018,005,296 | ---- | C] (Microsoft Corporation) -- C:\Users\dgsmith\Desktop\IE9-WindowsVista-x86-enu.exe
[2011/03/24 06:13:20 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/03/23 17:31:44 | 000,000,000 | ---D | C] -- C:\Users\dgsmith\Desktop\FILING
[2011/03/22 14:58:33 | 000,000,000 | ---D | C] -- C:\umi
[2011/03/20 12:42:00 | 000,000,000 | ---D | C] -- C:\Users\dgsmith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EditPlus 3
[2011/03/20 12:42:00 | 000,000,000 | ---D | C] -- C:\Users\dgsmith\AppData\Roaming\EditPlus 3
[2011/03/20 12:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\EditPlus 3
[2011/03/16 16:35:47 | 000,000,000 | ---D | C] -- C:\Users\dgsmith\Desktop\CSII Concepts
[2011/03/12 20:54:20 | 000,000,000 | ---D | C] -- C:\Users\dgsmith\.IntelliJIdea10
[2011/03/11 12:41:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/11 12:15:12 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/11 12:15:12 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/11 12:15:11 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/11 12:15:11 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/02 20:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/03/01 13:37:50 | 000,000,000 | ---D | C] -- C:\Users\dgsmith\Desktop\REVIEWS
[2011/02/26 09:31:51 | 000,000,000 | R--D | C] -- C:\Users\dgsmith\Desktop\TWSMon

========== Files - Modified Within 30 Days ==========

[2011/03/25 13:56:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\dgsmith\Desktop\OTL.exe
[2011/03/25 13:53:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/25 12:49:25 | 000,103,430 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/03/25 12:30:21 | 000,654,114 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/25 12:30:21 | 000,122,656 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/25 12:24:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/25 12:22:39 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/25 12:22:39 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/25 12:22:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/25 05:45:58 | 012,502,472 | ---- | M] (Microsoft Corporation) -- C:\Users\dgsmith\Desktop\windows-kb890830-v3.17.exe
[2011/03/25 05:39:41 | 000,103,430 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/03/24 22:37:05 | 004,301,769 | ---- | M] () -- C:\Users\dgsmith\Desktop\ComboFix.exe
[2011/03/24 22:22:19 | 482,918,725 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/24 21:49:10 | 000,001,081 | ---- | M] () -- C:\Users\dgsmith\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/24 21:49:09 | 000,001,057 | ---- | M] () -- C:\Users\dgsmith\Desktop\Spybot - Search & Destroy.lnk
[2011/03/24 21:47:24 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\dgsmith\Desktop\spybotsd162.exe
[2011/03/24 20:04:42 | 000,000,945 | ---- | M] () -- C:\Users\dgsmith\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/24 19:59:07 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/03/24 19:55:48 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/03/24 19:55:48 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/03/24 19:55:36 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/03/24 19:55:36 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/03/24 19:55:35 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/03/24 19:55:35 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/03/24 19:55:35 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/03/24 19:55:35 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/03/24 19:55:35 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/03/24 19:55:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/03/24 19:55:33 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/03/24 19:55:33 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/03/24 19:55:33 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/03/24 19:55:33 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/03/24 19:55:32 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/03/24 19:55:32 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/03/24 19:55:32 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/03/24 19:55:32 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/03/24 19:55:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/03/24 19:55:32 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/03/24 19:55:32 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/03/24 19:55:32 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/03/24 19:55:32 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/03/24 19:55:32 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/03/24 19:55:32 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/03/24 19:55:32 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/03/24 19:55:32 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/03/24 19:55:31 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/03/24 19:55:31 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/03/24 19:55:31 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/03/24 19:55:31 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/03/24 19:55:31 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/03/24 19:55:31 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/03/24 19:55:30 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/03/24 19:55:30 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/03/24 19:55:30 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/03/24 19:55:30 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/03/24 19:55:30 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/03/24 19:55:30 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/03/24 19:55:30 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/03/24 19:55:30 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/03/24 19:55:30 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/03/24 19:50:07 | 018,005,296 | ---- | M] (Microsoft Corporation) -- C:\Users\dgsmith\Desktop\IE9-WindowsVista-x86-enu.exe
[2011/03/24 09:10:07 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2011_3_24_9_10_7.dmp
[2011/03/24 06:17:31 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2011_3_24_6_17_31.dmp
[2011/03/22 15:04:16 | 060,893,997 | ---- | M] () -- C:\umi.zip
[2011/03/20 12:42:03 | 000,000,820 | ---- | M] () -- C:\Users\dgsmith\Application Data\Microsoft\Internet Explorer\Quick Launch\EditPlus 3.lnk
[2011/03/18 10:14:45 | 000,114,009 | ---- | M] () -- C:\Users\dgsmith\Desktop\Kenmore Air Flight Confirmation2.pdf
[2011/03/17 17:30:47 | 000,000,110 | ---- | M] () -- C:\Users\dgsmith\Desktop\EMC's anti-hacking division hacked - Yahoo! Finance.URL
[2011/03/15 17:32:18 | 000,001,772 | -H-- | M] () -- C:\Users\dgsmith\Documents\Default.rdp
[2011/03/12 10:06:11 | 000,001,061 | ---- | M] () -- C:\Users\dgsmith\Desktop\activemq.bat.lnk
[2011/03/11 13:10:11 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2011_3_11_12_10_11.dmp
[2011/03/08 16:40:31 | 000,001,423 | ---- | M] () -- C:\Users\dgsmith\Desktop\20110225.EEIP Consolidated Infrastructure and Network Plan.mpp - Shortcut.lnk
[2011/03/02 20:18:52 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs

========== Files Created - No Company Name ==========

[2011/03/24 22:36:56 | 004,301,769 | ---- | C] () -- C:\Users\dgsmith\Desktop\ComboFix.exe
[2011/03/24 21:49:09 | 000,001,081 | ---- | C] () -- C:\Users\dgsmith\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/24 21:49:09 | 000,001,057 | ---- | C] () -- C:\Users\dgsmith\Desktop\Spybot - Search & Destroy.lnk
[2011/03/24 19:55:32 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/03/24 09:10:07 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2011_3_24_9_10_7.dmp
[2011/03/24 06:17:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2011_3_24_6_17_31.dmp
[2011/03/24 06:13:07 | 482,918,725 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/03/22 15:04:16 | 060,893,997 | ---- | C] () -- C:\umi.zip
[2011/03/20 12:42:03 | 000,000,832 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EditPlus 3.lnk
[2011/03/20 12:42:03 | 000,000,820 | ---- | C] () -- C:\Users\dgsmith\Application Data\Microsoft\Internet Explorer\Quick Launch\EditPlus 3.lnk
[2011/03/18 10:14:45 | 000,114,009 | ---- | C] () -- C:\Users\dgsmith\Desktop\Kenmore Air Flight Confirmation2.pdf
[2011/03/17 17:30:47 | 000,000,110 | ---- | C] () -- C:\Users\dgsmith\Desktop\EMC's anti-hacking division hacked - Yahoo! Finance.URL
[2011/03/11 13:10:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2011_3_11_12_10_11.dmp
[2011/03/08 16:40:16 | 000,001,423 | ---- | C] () -- C:\Users\dgsmith\Desktop\20110225.EEIP Consolidated Infrastructure and Network Plan.mpp - Shortcut.lnk
[2011/02/28 18:27:17 | 000,001,061 | ---- | C] () -- C:\Users\dgsmith\Desktop\activemq.bat.lnk
[2010/09/08 21:09:47 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/07/27 01:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/07/27 01:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/07/27 01:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/07/27 00:56:04 | 000,090,411 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/03/27 06:45:19 | 000,026,624 | ---- | C] () -- C:\Windows\GetIe.dll
[2010/03/15 15:01:50 | 000,001,241 | ---- | C] () -- C:\Windows\LMAAH2DD.ini
[2009/11/20 19:01:38 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2009/11/19 23:36:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/10/14 10:31:42 | 000,051,304 | ---- | C] () -- C:\Windows\System32\drivers\atnt40k.sys
[2009/09/13 17:49:30 | 000,253,952 | ---- | C] () -- C:\Windows\ddedll.dll
[2009/05/30 14:40:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/30 14:40:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/30 14:39:16 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/05/13 16:33:03 | 000,004,096 | -H-- | C] () -- C:\Users\dgsmith\AppData\Local\keyfile3.drm
[2009/05/02 14:04:50 | 000,000,671 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2008/10/19 14:38:28 | 000,000,028 | ---- | C] () -- C:\Windows\UML.INI
[2008/07/23 06:43:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/17 10:29:46 | 000,000,600 | ---- | C] () -- C:\Users\dgsmith\AppData\Local\PUTTY.RND
[2008/05/29 15:34:18 | 000,000,079 | ---- | C] () -- C:\Windows\ricdb.ini
[2008/05/06 21:51:26 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/04/12 09:57:28 | 000,103,430 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/04/12 09:57:28 | 000,103,430 | ---- | C] () -- C:\ProgramData\nvModes.001
[2007/11/19 18:28:06 | 000,025,773 | ---- | C] () -- C:\Users\dgsmith\AppData\Roaming\UserTile.png
[2007/11/08 07:54:42 | 000,000,680 | ---- | C] () -- C:\Users\dgsmith\AppData\Local\d3d9caps.dat
[2007/10/23 16:32:17 | 000,195,184 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2007/09/18 09:16:43 | 000,008,521 | ---- | C] () -- C:\Windows\lmpcl2a.ini
[2007/09/13 21:54:12 | 000,000,405 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007/09/13 21:53:29 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
[2007/09/10 19:27:02 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/09/10 19:26:58 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2007/09/09 21:50:42 | 000,001,969 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/09/09 11:41:17 | 000,076,370 | ---- | C] () -- C:\Users\dgsmith\AppData\Roaming\nvModes.001
[2007/09/09 11:28:16 | 000,076,370 | ---- | C] () -- C:\Users\dgsmith\AppData\Roaming\nvModes.dat
[2007/09/09 07:13:41 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/09/08 09:23:08 | 000,042,496 | ---- | C] () -- C:\Users\dgsmith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/22 23:03:24 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/08/22 23:03:17 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/08/22 15:09:03 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/09 13:01:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 12:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 05:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:46:27 | 000,426,400 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,654,114 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,122,656 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 21:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 21:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\dgsmith\Documents\Visual Studio 2005:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\dgsmith\Documents\OneNote Notebooks:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\dgsmith\Documents\My Shapes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\dgsmith\Documents\dev:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\dgsmith\Documents\Dev Resources:Roxio EMC Stream

< End of report >
  • 0

Advertisements

#2
deegeesmith
Posted 28 March 2011 - 09:46 PM

deegeesmith

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Update: I think I've resolved this. I ran throught the Browser redirect fix tutorial and TDSSKiller reported the following:

2011/03/28 15:14:07.0950 2012 Detected object count: 1
2011/03/28 15:14:17.0232 2012 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/03/28 15:14:17.0232 2012 \HardDisk0 - ok
2011/03/28 15:14:17.0232 2012 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/03/28 15:14:48.0854 1888 Deinitialize success

I also removed c:\windows\system32\drivers\lvuvc.hs as it looked suspicious from one of the OTL scans. It was a zero length file, so I assume it was some kind of infection remnant.

I think the machine is clean, but would appreciate it if someone could review a scan log and help confirm.

thks.
  • 0

#3
Salagubang
Posted 04 April 2011 - 12:58 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi deegeesmith,

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

+++++++++++++++++++++++++++++++++

Are you experiencing any issues?

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Standard Output at the top
  • Under the Extra Registry sectionm ensure that Safelist is selected
  • Select All Users
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the
    Quick Scan
    button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#4
deegeesmith
Posted 05 April 2011 - 02:12 PM

deegeesmith

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OK - got this. Can you give me a day - things are really busy here. I'll do this tonight and post.

thanks.
  • 0

#5
Salagubang
Posted 05 April 2011 - 07:34 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts

OK - got this. Can you give me a day - things are really busy here. I'll do this tonight and post.


:D Real life comes first.
  • 0

#6
deegeesmith
Posted 05 April 2011 - 09:55 PM

deegeesmith

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I am not having any obvious problems with my notebook right now. All the scans I've run seem clean, there's no browser re-directs and no intrusion detection of attempts to load toolkits (which was occurring 10 days ago)

Here's the Anti-Malware log

*****************
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6282

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

4/5/2011 8:36:35 PM
mbam-log-2011-04-05 (20-36-35).txt

Scan type: Quick scan
Objects scanned: 187780
Time elapsed: 8 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by deegeesmith, 05 April 2011 - 09:59 PM.

  • 0

#7
Salagubang
Posted 05 April 2011 - 10:03 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi deegeesmith,

The computer is clean. :D

Lets wrap up.

We need to remove all the tools that you have used.
This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Remove Other Tools
  • Download OTC to your desktop and run it
  • Click CleanUp! to begin the cleanup process and remove our tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

You may manually delete any remaining clutter from your desktop.

Lets Re-hide system files and folders.
Opening Windows Explorer (to get there right-click your Start button and go to "Explore"), please do the following:
  • Go to Tools (drop-down menu at the top of the window)
  • Go down and click Folder Options
  • Click on the View tab
  • Find the Hidden Files and Folders section of the box and check "Do not show hidden files and folders"
  • Again under Hidden Files and Folders, find "Hide protected operating system files (Recommended)" and check it (if it's already checked)
  • Click Apply, and then Ok at the bottom.
  • Close the window

++++++++++++++++++++++++++++++++++++

Maintaning your computer

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete CLEAN
THEN
  • Download Flush Flash from Here and follow the easy to use instructions on the same page
NEXT

Defrag the harddrive

++++++++++++++++++++++++++++++++++

Other things to keep in mind

Windows, Java, and Adobe products should all be kept up-to-date on a regular basis so the latest security fixes are in place on your computer. Please refer to the following links on how to manage these products.

Here are a few other applications you might consider. Keeping your temporary file area clean, your Windows registry backed up, and backing up your important data are all good techniques.
  • Flush Flash - by Bobbi Flekman - cleans Flash Player cookies
  • ERUNT (Emergency Recovery Utility NT) - a registry backup utility
  • Cobian Backup - a very good backup utility - read the tutorial here
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an addon available for Chrome and Opera.
Please remember that just having these programs is not enough. You must use them. Running a full spyware scan weekly, a full virus scan monthly, and checking for updates and cleaning your temporary files periodically is very important in keeping your computer in tip-top shape.

Finally, please take the time to read the following articles. Applying this information will help prevent future infections:

How to prevent malware by miekiemoes
Preventing Malware and Safe Computing by Rorschach112

This article will help you understand how you may have gotten infected:
How did I get infected in the first place?

Remember, you have to be smarter than the bad guys! Be safe out there! Posted Image
  • 0

#8
deegeesmith
Posted 05 April 2011 - 10:08 PM

deegeesmith

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here's the OTL log. There was no extras log produced ?? Did I make a mistake?

I had the Extra Registry Use Safelist button on but it turned off as soon as I clicked Quick Scan

****************

OTL logfile created on: 4/5/2011 8:50:56 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\dgsmith\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
7.00 Gb Paging File | 4.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.99 Gb Total Space | 34.42 Gb Free Space | 25.13% Space Free | Partition Type: NTFS
Drive F: | 2794.51 Gb Total Space | 2465.88 Gb Free Space | 88.24% Space Free | Partition Type: NTFS

Computer Name: XPS-M1710 | User Name: dgsmith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/05 20:40:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\dgsmith\Desktop\OTL.exe
PRC - [2011/04/02 11:51:39 | 000,024,636 | ---- | M] (Apache Software Foundation) -- C:\Program Files\CollabNet\svn\bin\httpd.exe
PRC - [2011/01/25 00:55:56 | 001,948,736 | ---- | M] (ES-Computing) -- C:\Program Files\EditPlus 3\editplus.exe
PRC - [2010/11/25 22:48:46 | 000,619,288 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/11/23 19:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/04/04 10:38:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
PRC - [2010/04/04 10:38:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2010/03/03 19:39:40 | 002,598,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProTray.exe
PRC - [2010/03/03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2010/02/11 02:34:14 | 001,964,528 | ---- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/27 22:19:26 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/01/19 00:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2007/09/26 22:57:34 | 060,059,648 | ---- | M] (Oracle Corporation) -- c:\oracle\product\10.2.0\db_1\bin\oracle.exe
PRC - [2007/07/20 18:13:26 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/07/20 18:11:12 | 000,390,424 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/03/29 17:37:00 | 000,045,161 | ---- | M] () -- C:\oracle\product\10.2.0\db_1\jdk\bin\java.exe
PRC - [2007/01/12 10:51:28 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2006/11/14 07:25:34 | 000,006,656 | ---- | M] (Oracle Corporation) -- C:\oracle\product\10.2.0\db_1\bin\emagent.exe
PRC - [2006/11/14 07:22:54 | 000,024,064 | ---- | M] (Oracle Corporation) -- C:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe
PRC - [2006/11/03 17:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 17:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/10/12 01:35:06 | 000,053,248 | ---- | M] (Oracle) -- C:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exe
PRC - [2006/10/10 06:03:22 | 000,208,896 | ---- | M] () -- C:\oracle\product\10.2.0\db_1\bin\TNSLSNR.EXE
PRC - [2004/11/15 10:35:30 | 000,016,384 | ---- | M] () -- C:\oracle\product\10.2.0\db_1\perl\5.8.3\bin\MSWin32-x86-multi-thread\perl.exe


========== Modules (SafeList) ==========

MOD - [2011/04/05 20:40:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\dgsmith\Desktop\OTL.exe
MOD - [2011/01/22 14:05:59 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2011/01/22 14:05:59 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
MOD - [2010/12/03 23:58:45 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\asoehook.dll
MOD - [2010/11/25 22:48:44 | 000,815,384 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TortoiseSVN.dll
MOD - [2010/11/25 22:48:44 | 000,048,920 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
MOD - [2010/11/25 22:48:30 | 000,128,280 | ---- | M] (Apache Software Foundation) -- C:\Program Files\TortoiseSVN\bin\libapr_tsvn.dll
MOD - [2010/11/25 22:48:28 | 000,186,136 | ---- | M] (Apache Software Foundation) -- C:\Program Files\TortoiseSVN\bin\libaprutil_tsvn.dll
MOD - [2010/11/25 22:48:28 | 000,062,744 | ---- | M] (Free Software Foundation) -- C:\Program Files\TortoiseSVN\bin\intl3_tsvn.dll
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/05/04 12:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2010/03/21 09:55:16 | 000,087,304 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
MOD - [2009/07/30 07:56:52 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009/07/30 07:45:09 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
MOD - [2008/01/19 00:34:07 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2007/07/20 18:13:32 | 000,103,704 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2006/11/03 17:46:24 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/11/02 02:46:13 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shfolder.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/02 11:51:39 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\CollabNet\svn\bin\httpd.exe -- (CollabNetSubversionServer)
SRV - [2010/11/23 19:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/04/04 10:38:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Windows\System32\java.exe -- (CSVNConsole)
SRV - [2010/03/03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2010/02/12 07:09:06 | 001,574,408 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2010/02/11 02:34:14 | 001,964,528 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/26 22:57:34 | 060,059,648 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE -- (OracleServiceORCL)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/07/20 18:11:12 | 000,390,424 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc)
SRV - [2007/02/22 18:39:44 | 002,808,664 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2006/11/16 17:41:46 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oracle\product\10.2.0\db_1\Bin\extjob.exe -- (OracleJobSchedulerORCL)
SRV - [2006/11/14 07:22:54 | 000,024,064 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe -- (OracleDBConsoleorcl)
SRV - [2006/10/12 01:35:06 | 000,053,248 | ---- | M] (Oracle) [Auto | Running] -- C:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exe -- (OracleOraDb10g_home1iSQL*Plus)
SRV - [2006/10/10 06:03:22 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe -- (OracleOraDb10g_home1TNSListener)


========== Driver Services (SafeList) ==========

DRV - [2011/03/31 08:03:07 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110404.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 08:03:06 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110404.033\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/16 21:19:37 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/03/14 11:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110401.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/02/25 14:59:12 | 000,800,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/12/12 16:36:47 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/12/12 16:32:26 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/11/30 22:23:59 | 000,330,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/11/22 21:08:31 | 000,509,560 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/22 21:08:31 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/17 19:59:55 | 000,652,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/15 18:45:33 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010/10/20 19:28:36 | 000,340,016 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS -- (SymDS)
DRV - [2010/07/27 01:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)
DRV - [2010/07/27 01:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/04/19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/03/03 19:59:22 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/02/12 07:10:12 | 000,057,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GenericMount.sys -- (GenericMount)
DRV - [2010/02/11 02:34:46 | 000,138,592 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\symsnap.sys -- (symsnap)
DRV - [2009/09/21 20:40:14 | 000,015,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2008/10/27 22:34:26 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/11/20 17:58:02] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2008/02/22 05:46:00 | 007,598,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/18 22:55:32 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/01/28 22:23:34 | 000,061,312 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
DRV - [2007/01/12 10:52:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/20 12:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/20 12:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/20 12:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/11 16:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 00:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1482476501-746137067-854245398-1112\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-1482476501-746137067-854245398-1112\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-746137067-854245398-1112\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.1
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/01/06 18:25:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/01/06 13:56:43 | 000,000,000 | ---D | M]

[2009/11/19 23:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dgsmith\AppData\Roaming\mozilla\Extensions
[2011/03/23 12:26:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dgsmith\AppData\Roaming\mozilla\Firefox\Profiles\uaj36veu.default\extensions
[2010/04/27 14:19:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\dgsmith\AppData\Roaming\mozilla\Firefox\Profiles\uaj36veu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/25 23:44:51 | 000,000,000 | ---D | M] (Google Analytics Opt-out Browser Add-on) -- C:\Users\dgsmith\AppData\Roaming\mozilla\Firefox\Profiles\uaj36veu.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}
[2011/03/24 13:12:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/01 11:58:25 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/01/06 13:56:43 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN
[2011/01/06 18:25:29 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2010/06/10 13:05:21 | 000,061,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll

O1 HOSTS File: ([2011/03/28 17:10:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1482476501-746137067-854245398-1112\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Norton Ghost 15.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\Windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1482476501-746137067-854245398-1112..\RunOnce: [JavaInstallRetry] C:\Users\dgsmith\AppData\LocalLow\Sun\Java\JRERunOnce.exe (Sun Microsystems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1482476501-746137067-854245398-1112\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1482476501-746137067-854245398-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-1482476501-746137067-854245398-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1482476501-746137067-854245398-1112\..Trusted Domains: dsct.local ([xps-m1710] http in Local intranet)
O15 - HKU\S-1-5-21-1482476501-746137067-854245398-1112\..Trusted Domains: gov.bc.ca ([spring] https in Trusted sites)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DSCT.local
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/10 18:54:52 | 000,000,170 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)

MsConfig - State: "services" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {66DA9ADD-B1C4-4891-84D6-706E216B411B} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB947738)
ActiveX: {6803DF8A-43CE-4E52-B455-0B9B09D6E2D1} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971023)
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94E2AAC1-CAE5-4F73-B0D1-C471BA1F8E2A} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)
ActiveX: {9634059F-E8BC-7C7A-32A8-E7CB49590D73} - Internet Explorer
ActiveX: {964C8238-245C-4475-BB6E-D19D2C1220F2} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB973673)
ActiveX: {9AD2FB23-AC50-435C-8ABC-8119D29CF0C1} - Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB932232)
ActiveX: {A2606C39-2190-6572-EDC7-81B5635ACE66} - Browser Customizations
ActiveX: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
ActiveX: {B5289DCA-34AD-23B9-B0A4-E3FC6C03C87F} - Microsoft Windows Media Player 11.0
ActiveX: {BECB938C-6BC2-48C6-A0A6-4B61E85F584C} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971090)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} - Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

========== Files/Folders - Created Within 30 Days ==========

[2011/04/05 20:41:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/05 20:40:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\dgsmith\Desktop\OTL.exe
[2011/04/05 20:24:27 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\dgsmith\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/04 10:54:53 | 000,000,000 | ---D | C] -- C:\Users\dgsmith\Desktop\Personal Filing
[2011/04/03 17:42:08 | 000,000,000 | ---D | C] -- C:\Users\dgsmith\AppData\Local\Symantec_Corporation
[2011/04/03 17:21:17 | 000,138,592 | ---- | C] (StorageCraft) -- C:\Windows\System32\drivers\symsnap.sys
[2011/04/03 17:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Ghost
[2011/04/03 17:20:49 | 000,015,096 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\vproeventmonitor.sys
[2011/04/03 17:19:41 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Ghost
[2011/04/03 17:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
[2011/04/02 09:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/03/30 20:52:55 | 000,000,000 | ---D | C] -- C:\Users\dgsmith\Desktop\bugfix
[2011/03/28 17:18:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/28 17:17:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/28 17:02:37 | 000,000,000 | ---D | C] -- C:\Users\dgsmith\AppData\Local\temp
[2011/03/28 16:48:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/28 15:46:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/28 15:46:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/28 15:46:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/28 15:29:55 | 000,000,000 | ---D | C] -- C:\Users\dgsmith\AppData\Roaming\Malwarebytes
[2011/03/28 15:29:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/28 15:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/28 15:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/28 15:29:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/28 15:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/28 14:54:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/28 14:45:59 | 000,000,000 | ---D | C] -- C:\Users\dgsmith\Desktop\work
[2011/03/24 06:13:20 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/03/20 12:42:00 | 000,000,000 | ---D | C] -- C:\Users\dgsmith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EditPlus 3
[2011/03/20 12:42:00 | 000,000,000 | ---D | C] -- C:\Users\dgsmith\AppData\Roaming\EditPlus 3
[2011/03/20 12:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\EditPlus 3
[2011/03/12 20:54:20 | 000,000,000 | ---D | C] -- C:\Users\dgsmith\.IntelliJIdea10

========== Files - Modified Within 30 Days ==========

[2011/04/05 20:40:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\dgsmith\Desktop\OTL.exe
[2011/04/05 20:25:41 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 20:24:27 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\dgsmith\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/05 19:53:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/05 19:50:15 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/05 19:50:15 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/05 18:47:24 | 000,133,190 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/05 18:47:24 | 000,133,190 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/04/05 18:46:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/05 15:53:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/04 13:04:27 | 000,000,964 | -H-- | M] () -- C:\Users\dgsmith\Documents\SWWATER.INI
[2011/04/03 20:51:49 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/04/03 18:23:48 | 000,654,114 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/03 18:23:48 | 000,122,656 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/03 17:44:01 | 002,570,780 | ---- | M] () -- C:\Users\dgsmith\Desktop\ngh_15_user_guide.pdf
[2011/04/03 17:20:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2011/03/31 22:17:06 | 000,001,772 | -H-- | M] () -- C:\Users\dgsmith\Documents\Default.rdp
[2011/03/30 17:01:14 | 004,279,629 | ---- | M] () -- C:\Users\dgsmith\Desktop\relativity.pdf
[2011/03/28 21:45:01 | 000,000,341 | ---- | M] () -- C:\Users\dgsmith\Desktop\Khan Academy.website
[2011/03/28 17:10:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/24 21:49:10 | 000,001,081 | ---- | M] () -- C:\Users\dgsmith\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/24 20:04:42 | 000,000,945 | ---- | M] () -- C:\Users\dgsmith\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/24 19:55:48 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/03/24 19:55:48 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/03/24 19:55:32 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/03/20 12:42:03 | 000,000,820 | ---- | M] () -- C:\Users\dgsmith\Application Data\Microsoft\Internet Explorer\Quick Launch\EditPlus 3.lnk
[2011/03/12 10:06:11 | 000,001,061 | ---- | M] () -- C:\Users\dgsmith\Desktop\activemq.bat.lnk

========== Files Created - No Company Name ==========

[2011/04/05 20:25:41 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/03 17:44:01 | 002,570,780 | ---- | C] () -- C:\Users\dgsmith\Desktop\ngh_15_user_guide.pdf
[2011/04/03 17:20:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2011/03/30 17:01:14 | 004,279,629 | ---- | C] () -- C:\Users\dgsmith\Desktop\relativity.pdf
[2011/03/28 21:45:01 | 000,000,341 | ---- | C] () -- C:\Users\dgsmith\Desktop\Khan Academy.website
[2011/03/28 15:46:19 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/28 15:46:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/28 15:46:19 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/28 15:46:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/28 15:46:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/24 21:49:09 | 000,001,081 | ---- | C] () -- C:\Users\dgsmith\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/24 19:55:32 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/03/20 12:42:03 | 000,000,832 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EditPlus 3.lnk
[2011/03/20 12:42:03 | 000,000,820 | ---- | C] () -- C:\Users\dgsmith\Application Data\Microsoft\Internet Explorer\Quick Launch\EditPlus 3.lnk
[2010/09/08 21:09:47 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/07/27 01:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/07/27 01:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/07/27 01:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/07/27 00:56:04 | 000,090,411 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/03/27 06:45:19 | 000,026,624 | ---- | C] () -- C:\Windows\GetIe.dll
[2010/03/15 15:01:50 | 000,001,241 | ---- | C] () -- C:\Windows\LMAAH2DD.ini
[2009/11/20 19:01:38 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2009/11/19 23:36:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/10/14 10:31:42 | 000,051,304 | ---- | C] () -- C:\Windows\System32\drivers\atnt40k.sys
[2009/09/13 17:49:30 | 000,253,952 | ---- | C] () -- C:\Windows\ddedll.dll
[2009/05/30 14:40:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/30 14:40:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/30 14:39:16 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/05/13 16:33:03 | 000,004,096 | -H-- | C] () -- C:\Users\dgsmith\AppData\Local\keyfile3.drm
[2009/05/02 14:04:50 | 000,000,671 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2008/10/19 14:38:28 | 000,000,028 | ---- | C] () -- C:\Windows\UML.INI
[2008/07/23 06:43:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/17 10:29:46 | 000,000,600 | ---- | C] () -- C:\Users\dgsmith\AppData\Local\PUTTY.RND
[2008/05/29 15:34:18 | 000,000,079 | ---- | C] () -- C:\Windows\ricdb.ini
[2008/05/06 21:51:26 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/04/12 09:57:28 | 000,133,190 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/04/12 09:57:28 | 000,133,190 | ---- | C] () -- C:\ProgramData\nvModes.001
[2007/11/19 18:28:06 | 000,025,773 | ---- | C] () -- C:\Users\dgsmith\AppData\Roaming\UserTile.png
[2007/11/08 07:54:42 | 000,000,680 | ---- | C] () -- C:\Users\dgsmith\AppData\Local\d3d9caps.dat
[2007/10/23 16:32:17 | 000,195,184 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2007/09/18 09:16:43 | 000,008,521 | ---- | C] () -- C:\Windows\lmpcl2a.ini
[2007/09/13 21:54:12 | 000,000,405 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007/09/13 21:53:29 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
[2007/09/10 19:27:02 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/09/10 19:26:58 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2007/09/09 21:50:42 | 000,001,969 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/09/09 11:41:17 | 000,076,370 | ---- | C] () -- C:\Users\dgsmith\AppData\Roaming\nvModes.001
[2007/09/09 11:28:16 | 000,076,370 | ---- | C] () -- C:\Users\dgsmith\AppData\Roaming\nvModes.dat
[2007/09/09 07:13:41 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/09/08 09:23:08 | 000,042,496 | ---- | C] () -- C:\Users\dgsmith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/22 23:03:24 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/08/22 23:03:17 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/08/22 15:09:03 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/09 13:01:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 12:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 05:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:46:27 | 000,426,400 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,654,114 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,122,656 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 21:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 21:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/11/10 20:47:56 | 000,000,000 | ---D | M] -- C:\Users\dgsmith\AppData\Roaming\.visualvm
[2011/01/22 12:11:36 | 000,000,000 | ---D | M] -- C:\Users\dgsmith\AppData\Roaming\com.oxygenxml
[2007/09/23 18:20:48 | 000,000,000 | ---D | M] -- C:\Users\dgsmith\AppData\Roaming\EditPlus 2
[2011/04/05 20:44:38 | 000,000,000 | ---D | M] -- C:\Users\dgsmith\AppData\Roaming\EditPlus 3
[2010/08/26 17:32:46 | 000,000,000 | ---D | M] -- C:\Users\dgsmith\AppData\Roaming\JGoodies
[2010/09/13 16:52:18 | 000,000,000 | ---D | M] -- C:\Users\dgsmith\AppData\Roaming\Leadertech
[2009/08/30 16:44:53 | 000,000,000 | ---D | M] -- C:\Users\dgsmith\AppData\Roaming\Neuroph project
[2007/11/19 18:28:06 | 000,000,000 | ---D | M] -- C:\Users\dgsmith\AppData\Roaming\PeerNetworking
[2010/05/14 16:37:25 | 000,000,000 | ---D | M] -- C:\Users\dgsmith\AppData\Roaming\Sparx Systems
[2010/04/08 20:45:27 | 000,000,000 | ---D | M] -- C:\Users\dgsmith\AppData\Roaming\SQL Developer
[2008/02/26 13:50:15 | 000,000,000 | ---D | M] -- C:\Users\dgsmith\AppData\Roaming\Subversion
[2010/06/10 14:25:18 | 000,000,000 | ---D | M] -- C:\Users\dgsmith\AppData\Roaming\webex
[2011/04/03 20:51:49 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\dgsmith\Documents\Visual Studio 2005:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\dgsmith\Documents\OneNote Notebooks:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\dgsmith\Documents\My Shapes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\dgsmith\Documents\dev:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\dgsmith\Documents\Dev Resources:Roxio EMC Stream

< End of report >
  • 0

#9
Salagubang
Posted 05 April 2011 - 10:22 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi deegeesmith,

Additional instruction to remove ComboFix
  • Click the Start button
  • Click Run...
  • Type Combofix /Uninstall in the run dialog box and click OK
Posted Image
  • 0

#10
deegeesmith
Posted 05 April 2011 - 10:41 PM

deegeesmith

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks very much for your help !! :D
  • 0

#11
Salagubang
Posted 05 April 2011 - 10:49 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
You're welcome. :D
  • 0

#12
Salagubang
Posted 20 April 2011 - 04:06 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP