Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Security Center and Other Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Security Center and Other Malware

Unread postby ClintonMagus » May 2nd, 2010, 8:34 pm

Don't know what I did to get the bogus Security Center bug, but I have it/had it. I have run MalwareBites Anti-Malware, per the instructions, and it found about a dozen bogus files and quarantined them. Before I try lots of things from the web, I thought I would come here.

Symptoms:

1. Both Firefox and Internet Explorer are attempting to open seemingly random websites that are being blocked by Anti-Malware. Repeatedly blocked IPs: 94.228.209.200; 91.212.226.67; 91.212.226.59
2. Media Player cannot find MP3 codec, and tries to download it from another site that is also blocked by Anti-Malware. I eventually uninstalled Media Player.
3. Although Anti-Malware showed that it was removing the bogus files, they have shown up later in another Anti-Malware scan. Bogus Security Center no longer shows up, but the other problems remain.
4. An Acrobat folder has popped up when Windows opens, but it doesn't seem to be there now.

New Information:

5. Now Firefox and Internet Explorer both give error messages upon exit.
6. System is EXTREMELY slow!

Thank you in advance for your help...

Logfiles:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:28 PM, on 5/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Video Download Toolbar Helper - {83BD144C-5E53-4E12-8E99-5A7F1BBF3EA0} - C:\Program Files\Video Download Toolbar\v3.3.0.2\Video_Download_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Video Download Toolbar IE Browser Helper Object - {B29002A0-87A1-4DC4-AC55-5982034EB61E} - C:\PROGRA~1\VIDEOD~1\V330~1.2\RESOUR~1\VIDEOD~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Video Download Toolbar - {E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - C:\Program Files\Video Download Toolbar\v3.3.0.2\Video_Download_Toolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://tradepressevents.webex.com/clie ... eatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: video/x-flv - {08C72DD4-19AD-49f1-83DA-8542B4D302C5} - (no file)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca532b7a6ea090) (gupdate1ca532b7a6ea090) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SMServer - SMServer - C:\WINDOWS\system32\snmvtsvc.exe

--
End of file - 13083 bytes

-----------------------------------------------------
Uninstall Liat:

32 Bit HP CIO Components Installer
ABest Video to WMV SWF FLV Converter 3.92
Acrobat.com
Acrobat.com
Adobe Acrobat 8.1.3 Professional
Adobe AIR
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe PageMaker 7.0
Adobe Photoshop 7.0.1
Adobe Reader 9.3.2
Adobe Shockwave Player 11
Advertising Center
AllMusicConverter 3.8.1
American Airlines TravelDesk
AMP Font Viewer
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Any Audio Converter 1.1.0
AoA DVD Ripper
Apex Video Converter Super 6.55
Apple Application Support
Apple Mobile Device Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression for Kodak
ArcSoft MediaImpression for Kodak
Ask Toolbar
AttributeMagic Pro 3.0 beta 5
Auction Sentry
Audacity 1.2.4
AviSynth 2.5
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Bonjour
Browser Defender 2.0.6.15
CCleaner
Choice Guard
CloneDVD2
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 3.8.0.193c
CorelDRAW 10
CorelDRAW 10
CorelDRAW Graphics Suite 12
CorelDRAW Graphics Suite 12 Setup Files
CreataCard Plus 3
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
Cucusoft DVD to iPod + iPod Video Converter Suite 8.2.8.2
CuteFTP 8 Home
CutePDF Writer 2.7
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DolbyFiles
Dolet Light for Finale 2005
Dolet Light for Finale 2006
Duplicate Email Remover
Duplicate Finder
Express Burn
EZ Photo Creations
Fast MP4 3GP AVI MPG WMV RM MOV FLV Converter 4.2
Fax Machine 4.32
Finale 2005
Finale 2006
Finale Performance Assessment
FixTunes (remove only)
FLV to WMV Convert 2.7
FLVPlayer4Free Free FLV Player 3.0.0.0
Font Viewer 2.0
Free RAR Extract Frog
Free&Easy Font Viewer 2.0
FreeRIP v3.091
Garmin Communicator Plugin
Garmin USB Drivers
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Update Helper
High-Logic FontCreator 6.0
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Product Assistant
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPSSupply
iGadget 4.7.0.0
iPhone Configuration Utility
iPod Access for Windows v4.2.2
iTunes
iTunes
J2SE Runtime Environment 5.0 Update 15
Java(TM) 6 Update 15
Junk Mail filter update
K-Lite Codec Pack 4.0.0 (Standard)
Label Design Studio 3.1
LightScribe System Software
LightScribe System Software 1.17.90.1
LightScribe Template Designs - Holiday Pack 1
LightScribe Template Designs - Seasonal Pack 1
LightScribe Template Labeler
LiveReg (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LiveUpload to Facebook
Lost City of Gold (remove only)
Magic M4A to MP3 Converter 3.1
Magic Show Builder
Malwarebytes' Anti-Malware
Menu Templates - Starter Kit
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MobileMe Control Panel
Movie Templates - Starter Kit
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Native Instruments Finale GPO
NCH Toolbox
Nero 9
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
NetObjects Fusion 9.0
Norton AntiVirus
Norton Security Scan
NVIDIA Drivers
Paint Shop Pro 7
Photocopier Pro Version 3.08
PixiePack Codec Pack
QuickTime
RealPlayer
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
RealUpgrade 1.0
ScanSoft OmniPage Pro 14.0
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Segoe UI
Shipping Assistant 3.6
Sibelius Scorch (Firefox, Opera, Netscape only)
Skype™ 4.2
SmartMusic Content (shared music files)
SmartMusic Studio 8
Sound Blaster Live!
SoundTrax
Spybot - Search & Destroy
Spyware Doctor 7.0
SwiftDisc Burning Wizard Premium 2.20
System Requirements Lab
TransType Pro
TransType SE
Treasure Pyramid (remove only)
Tunebite
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wmsiper
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wmsiper
TurboTax 2009 wrapper
TurboTax Deluxe 2007
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.4053
Video Download Toolbar
VST Bridge 1.1
WavePad Sound Editor
WebEx
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows XP Service Pack 3
Xvid 1.1.3 final uninstall
XviD MPEG-4 Codec
ClintonMagus
Active Member
 
Posts: 12
Joined: May 2nd, 2010, 8:21 pm
Advertisement
Register to Remove

Re: Security Center and Other Malware

Unread postby MWR 3 day Mod » May 6th, 2010, 12:48 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Security Center and Other Malware

Unread postby deltalima » May 6th, 2010, 10:29 am

Hi ClintonMagus,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Security Center and Other Malware

Unread postby ClintonMagus » May 7th, 2010, 7:28 am

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-07 06:24:51
Windows 5.1.2600 Service Pack 3
Running: yj4mz0op.exe; Driver: C:\DOCUME~1\AMOSMC~1\LOCALS~1\Temp\pwloyfog.sys


---- System - GMER 1.0.15 ----

SSDT 86B88570 ZwAlertResumeThread
SSDT 86C07EF8 ZwAlertThread
SSDT 84D9CDD8 ZwAllocateVirtualMemory
SSDT 86B82498 ZwAssignProcessToJobObject
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF73DC112]
SSDT 84D9C4F0 ZwCreateMutant
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF73BB2D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF73BB4C8]
SSDT 84D70EB0 ZwCreateSymbolicLinkObject
SSDT 84D9E1D0 ZwCreateThread
SSDT 86C1C6D8 ZwDebugActiveProcess
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF73DC900]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF73DCBB4]
SSDT 84D9CF30 ZwDuplicateObject
SSDT 84D9CC38 ZwFreeVirtualMemory
SSDT 86BA20C0 ZwImpersonateAnonymousToken
SSDT 86BD2118 ZwImpersonateThread
SSDT 86BEE498 ZwLoadDriver
SSDT 84D9CB58 ZwMapViewOfSection
SSDT 86B80648 ZwOpenEvent
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF73DAE12]
SSDT 84D871E0 ZwOpenProcess
SSDT 86C52EF8 ZwOpenProcessToken
SSDT 86B95828 ZwOpenSection
SSDT 84D9CFC0 ZwOpenThread
SSDT 84D70F80 ZwProtectVirtualMemory
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF73DD020]
SSDT 86CB8890 ZwResumeThread
SSDT 86C58A70 ZwSetContextThread
SSDT 84D9CA00 ZwSetInformationProcess
SSDT 86B7CCF0 ZwSetSystemInformation
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF73DC3D2]
SSDT 86B8A3D8 ZwSuspendProcess
SSDT 86C9D5A8 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF3ACD900]
SSDT 86C7FE90 ZwTerminateThread
SSDT 86C68A70 ZwUnmapViewOfSection
SSDT 84D9CD08 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 98 804E26F4 1 Byte [98]
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6400360, 0x37388D, 0xE8000020]
init C:\WINDOWS\System32\Drivers\ArcRec.SYS entry point in "init" section [0xF7ABD138]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 02F7000A
.text C:\WINDOWS\system32\svchost.exe[1252] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 02F6000A
.text C:\WINDOWS\Explorer.EXE[1376] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[1376] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A
.text C:\WINDOWS\Explorer.EXE[1376] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

=============================================================


OTL logfile created on: 5/6/2010 2:04:34 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\(***edited to replace name***)\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 417.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 359.11 Gb Free Space | 77.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 74.52 Gb Total Space | 6.92 Gb Free Space | 9.29% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 7.70 Gb Free Space | 1.65% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: (***edited to replace name***)SERVER
Current User Name: (***edited to replace name***)
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\(***edited to replace name***)\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\iPod Access for Windows\iPAHelper.exe ()
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\(***edited to replace name***)\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe (Symantec Corporation)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SMServer) -- C:\WINDOWS\System32\snmvtsvc.exe (SMServer)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (iPAHelper.exe) -- C:\Program Files\iPod Access for Windows\iPAHelper.exe ()


========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\Ironx86.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\ccHPx86.sys (Symantec Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100331.034\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100331.034\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMEFA.SYS (Symantec Corporation)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NAV\1105000.07F\SRTSP.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NAV\1105000.07F\SYMTDI.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100326.001\IDSXpx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMDS.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (MusCVideo) -- C:\WINDOWS\system32\drivers\MusCVideo.sys (Windows (R) 2000 DDK provider)
DRV - (MusCAudio) -- C:\WINDOWS\system32\drivers\MusCAudio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ArcCD) -- C:\WINDOWS\system32\drivers\ArcCD.sys (ArcSoft Inc.)
DRV - (ArcUdfs) -- C:\WINDOWS\system32\drivers\ArcUdfs.sys (ArcSoft Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\CTAC32K.SYS (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PFMODNT.SYS (Creative Technology Ltd.)
DRV - (ASPI32) -- C:\WINDOWS\system32\drivers\Aspi32.sys (Adaptec)
DRV - (HCF_MSFT) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys (Conexant)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1220945662-1202660629-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1220945662-1202660629-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1220945662-1202660629-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3


FF - HKLM\software\mozilla\Firefox\Extensions\\tunebite-firefox-surf-and-catch-extension@audials.com: C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ [2009/05/24 12:05:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\IPSFFPlgn\ [2010/02/12 12:52:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/28 09:50:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/05 20:35:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/05 20:35:41 | 000,000,000 | ---D | M]

[2008/10/15 20:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Mozilla\Extensions
[2010/05/05 20:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Mozilla\Firefox\Profiles\qw7fmekr.default\extensions
[2010/01/21 17:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Mozilla\Firefox\Profiles\qw7fmekr.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2009/07/01 16:00:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Mozilla\Firefox\Profiles\qw7fmekr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/29 19:02:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Mozilla\Firefox\Profiles\qw7fmekr.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/05/05 20:35:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/02 18:47:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/02 18:47:27 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}-trash
[2009/11/24 14:14:50 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/11/28 13:10:18 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll

O1 HOSTS File: ([2010/04/24 06:32:04 | 000,290,117 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 http://www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 http://www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 http://www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 9993 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-1220945662-1202660629-682003330-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1220945662-1202660629-682003330-1003\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1220945662-1202660629-682003330-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1220945662-1202660629-682003330-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-1202660629-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll ()
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1220945662-1202660629-682003330-1003\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-1220945662-1202660629-682003330-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1220945662-1202660629-682003330-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDow ... eqlab3.cab (System Requirements Lab Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab (DLM Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://tradepressevents.webex.com/clie ... eatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\video/x-flv {08C72DD4-19AD-49f1-83DA-8542B4D302C5} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 18:57:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{197e51ff-4668-11df-bc44-000feaff05f4}\Shell\AutoRun\command - "" = H:\Setup.exe -- File not found
O33 - MountPoints2\{197e51ff-4668-11df-bc44-000feaff05f4}\Shell\Install\command - "" = H:\Setup.exe -- File not found
O33 - MountPoints2\{95eced93-4bcc-11de-bbe1-000feaff05f4}\Shell - "" = AutoRun
O33 - MountPoints2\{95eced93-4bcc-11de-bbe1-000feaff05f4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{95eced93-4bcc-11de-bbe1-000feaff05f4}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{95eced94-4bcc-11de-bbe1-000feaff05f4}\Shell\AutoRun\command - "" = J:\Amy.pps -- File not found
O33 - MountPoints2\{d39e6bae-055e-11df-bc31-000feaff05f4}\Shell\AutoRun\command - "" = J:\MI.exe -- File not found
O33 - MountPoints2\{d39e6bb6-055e-11df-bc31-000feaff05f4}\Shell - "" = AutoRun
O33 - MountPoints2\{d39e6bb6-055e-11df-bc31-000feaff05f4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d39e6bb6-055e-11df-bc31-000feaff05f4}\Shell\AutoRun\command - "" = I:\MI.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/06 14:02:34 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\(***edited to replace name***)\Desktop\OTL.exe
[2010/05/05 21:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/05 21:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\SUPERAntiSpyware.com
[2010/05/05 21:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/02 18:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/30 21:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/04/30 21:25:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\(***edited to replace name***)\Recent
[2010/04/30 21:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/29 21:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/29 21:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/29 21:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\My Documents\tuning sine wavs
[2010/04/29 18:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Updater5
[2010/04/29 18:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/04/29 18:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/04/28 09:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/28 09:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/04/28 09:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/24 06:46:50 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\(***edited to replace name***)\Desktop\mbam-setup.exe
[2010/04/23 20:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\Desktop\SmitfraudFix
[2010/04/17 23:24:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2010/04/17 23:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/04/17 23:24:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207030.022
[2010/04/17 20:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/04/17 20:08:12 | 000,134,912 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\drivers\ArcUdfs.sys
[2010/04/17 20:08:12 | 000,036,224 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\drivers\ArcCD.sys
[2010/04/17 20:08:12 | 000,007,680 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\drivers\ArcRec.sys
[2010/04/14 10:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\Desktop\2006 December
[2010/04/08 22:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/08 13:20:02 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2010/04/08 13:20:02 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2010/04/07 09:25:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/04/07 09:25:10 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2008/07/21 21:32:24 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/06 14:26:57 | 000,000,492 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for (***edited to replace name***).job
[2010/05/06 14:02:59 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\yj4mz0op.exe
[2010/05/06 14:02:35 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\(***edited to replace name***)\Desktop\OTL.exe
[2010/05/06 13:55:35 | 000,059,867 | ---- | M] () -- C:\WINDOWS\System32\CTHELPER.RPT
[2010/05/06 13:55:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/06 13:54:22 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/06 13:54:09 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1202660629-682003330-1003.job
[2010/05/06 13:54:08 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/06 13:53:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/06 13:53:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/06 13:42:15 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\NTUSER.DAT
[2010/05/06 13:42:15 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\(***edited to replace name***)\ntuser.ini
[2010/05/05 21:55:17 | 000,024,144 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000002-100A1102}.rfx
[2010/05/05 21:55:17 | 000,024,144 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000002-100A1102}.rfx
[2010/05/05 21:55:17 | 000,016,376 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000002-100A1102}.rfx
[2010/05/05 21:55:17 | 000,016,376 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000001-00001102-00000002-100A1102}.rfx
[2010/05/05 21:55:17 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/05/05 21:55:17 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/05/05 21:55:17 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000002-100A1102}.dat
[2010/05/05 21:55:17 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000002-100A1102}.dat
[2010/05/05 21:48:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/05 21:44:44 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/05 21:32:45 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/05/05 21:16:57 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\Microsoft Office Access 2003.lnk
[2010/05/05 20:35:52 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/05 16:06:33 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\Microsoft Office Excel 2003.lnk
[2010/05/05 15:00:34 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\(***edited to replace name***)Successful Vaults.xls
[2010/05/05 13:49:59 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\InchCalc.xla
[2010/05/05 13:49:17 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\InchCalc.xls
[2010/05/04 21:30:22 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1202660629-682003330-1003.job
[2010/05/04 21:27:43 | 000,512,642 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/04 21:27:43 | 000,435,592 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/04 21:27:43 | 000,068,504 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/04 21:27:14 | 000,004,507 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/03 18:28:48 | 000,232,968 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/02 18:22:54 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\HijackThis.lnk
[2010/04/30 21:24:45 | 000,192,724 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\cc_20100430_212433.reg
[2010/04/30 21:22:12 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\CCleaner.lnk
[2010/04/30 07:49:34 | 000,001,010 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/29 21:35:49 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/29 21:35:49 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/29 20:02:22 | 000,015,493 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bylaws.pdf
[2010/04/29 19:59:28 | 000,009,021 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\AGPVC_Bylaws_Waiver_Appl_rev031410.doc
[2010/04/29 18:49:58 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 8 Professional.lnk
[2010/04/29 18:17:46 | 000,700,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/29 17:46:29 | 000,024,818 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\AGPVC_Bylaws_Waiver_Appl_rev031410.pdf
[2010/04/29 15:45:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/28 10:40:08 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/28 09:50:24 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/04/28 09:49:32 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/04/28 09:47:57 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/04/28 09:47:57 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/04/28 09:46:04 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/04/28 09:42:13 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/04/25 20:27:35 | 000,082,944 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\G-Force Vault Club Membership Packet.doc
[2010/04/25 20:27:04 | 000,083,780 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Tax Exempt.PDF
[2010/04/25 08:38:10 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Anti Gravity Pole Vault Club Bylaws.doc
[2010/04/25 08:36:26 | 001,529,292 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\PPVC_ABOUT_Membership.pdf
[2010/04/25 08:34:38 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\BYLAWS - Falmouth Track Club.doc
[2010/04/25 08:33:23 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\CTC Bylaws.doc
[2010/04/25 08:33:09 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\BYLAWS - Wisconsin Track Club.doc
[2010/04/25 08:32:45 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bylaws of the New Orleans Track Club.doc
[2010/04/25 08:32:36 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Squannacook Club Charter.doc
[2010/04/24 22:18:12 | 000,002,880 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/04/24 22:17:57 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\CorelDRAW 12.lnk
[2010/04/24 16:27:15 | 000,054,706 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea.jpg
[2010/04/24 13:46:40 | 000,371,492 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\download folder 144.jpg
[2010/04/24 13:46:25 | 000,023,440 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\download folder 145.jpg
[2010/04/24 13:45:33 | 000,385,991 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\download folder 143.jpg
[2010/04/24 09:13:00 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\Microsoft Office Word 2003.lnk
[2010/04/24 09:11:21 | 000,040,648 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Piano.jpg
[2010/04/24 09:10:29 | 000,025,540 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Formal.jpg
[2010/04/24 09:08:55 | 000,025,999 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Casual1.jpg
[2010/04/24 09:05:58 | 000,056,202 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Tree.jpg
[2010/04/24 09:03:54 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\Paint Shop Pro 7.lnk
[2010/04/24 08:57:49 | 000,001,316 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/04/24 06:47:34 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/24 06:39:38 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\(***edited to replace name***)\Desktop\mbam-setup.exe
[2010/04/24 06:32:19 | 000,005,108 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/04/23 22:04:37 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/23 22:04:37 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/04/23 20:52:56 | 001,826,200 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\SmitfraudFix.zip
[2010/04/21 14:42:20 | 000,195,012 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\cat56-718.pdf
[2010/04/21 14:34:43 | 000,138,447 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\IMG_0876.jpg
[2010/04/20 17:29:03 | 000,729,176 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\IMG_0875.jpg
[2010/04/20 17:22:14 | 000,841,596 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\IMG_0874.jpg
[2010/04/20 10:08:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\FaxMan
[2010/04/17 23:24:15 | 000,000,979 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2010/04/17 23:24:12 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010/04/17 20:29:45 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\DivX Movies.lnk
[2010/04/17 20:29:05 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/04/17 20:28:36 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/04/17 20:09:24 | 000,001,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Impression for Kodak.lnk
[2010/04/17 13:19:45 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\mswk15.doc
[2010/04/17 08:23:12 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Pole and Flex.xls
[2010/04/15 21:49:44 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/15 09:39:35 | 000,065,475 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\UHC Insurance Card Copy.jpg
[2010/04/14 21:05:21 | 000,205,824 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/14 10:06:56 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/14 10:05:00 | 000,000,157 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Application Data\default.rss
[2010/04/13 20:54:48 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\TurboTax 2009.lnk
[2010/04/13 18:27:38 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/13 17:54:19 | 000,004,422 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\2009 United Healthcare.csv
[2010/04/12 13:44:24 | 040,673,792 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\2010 Graduates.pps
[2010/04/12 13:44:06 | 040,729,600 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\2010 Graduates.ppt
[2010/04/12 13:02:06 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\Microsoft Office PowerPoint 2003.lnk
[2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/04/08 13:20:02 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2010/04/08 13:20:02 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2010/04/07 09:25:14 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/06 14:02:56 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\yj4mz0op.exe
[2010/05/05 21:44:44 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/05 21:32:45 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/05/05 20:35:52 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/05 13:49:58 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\InchCalc.xla
[2010/05/05 13:49:17 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\InchCalc.xls
[2010/05/04 21:26:32 | 000,004,507 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/02 18:22:54 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\HijackThis.lnk
[2010/04/30 21:24:36 | 000,192,724 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\cc_20100430_212433.reg
[2010/04/30 21:22:12 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\CCleaner.lnk
[2010/04/29 21:35:49 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/29 21:35:49 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/29 20:02:22 | 000,015,493 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bylaws.pdf
[2010/04/29 19:59:24 | 000,009,021 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\AGPVC_Bylaws_Waiver_Appl_rev031410.doc
[2010/04/29 18:03:33 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 8 Professional.lnk
[2010/04/29 17:46:19 | 000,024,818 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\AGPVC_Bylaws_Waiver_Appl_rev031410.pdf
[2010/04/28 09:50:30 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1202660629-682003330-1003.job
[2010/04/28 09:50:29 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1202660629-682003330-1003.job
[2010/04/28 09:50:24 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/04/28 09:46:02 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/04/25 20:27:03 | 000,083,780 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Tax Exempt.PDF
[2010/04/25 20:18:00 | 000,082,944 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\G-Force Vault Club Membership Packet.doc
[2010/04/25 08:38:10 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Anti Gravity Pole Vault Club Bylaws.doc
[2010/04/25 08:36:23 | 001,529,292 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\PPVC_ABOUT_Membership.pdf
[2010/04/25 08:34:38 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\BYLAWS - Falmouth Track Club.doc
[2010/04/25 08:33:23 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\CTC Bylaws.doc
[2010/04/25 08:33:08 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\BYLAWS - Wisconsin Track Club.doc
[2010/04/25 08:32:45 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bylaws of the New Orleans Track Club.doc
[2010/04/25 08:32:35 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Squannacook Club Charter.doc
[2010/04/24 16:24:59 | 000,054,706 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea.jpg
[2010/04/24 13:44:00 | 000,385,991 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\download folder 143.jpg
[2010/04/24 13:44:00 | 000,371,492 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\download folder 144.jpg
[2010/04/24 13:44:00 | 000,023,440 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\download folder 145.jpg
[2010/04/24 09:10:29 | 000,025,540 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Formal.jpg
[2010/04/24 09:08:55 | 000,025,999 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Casual1.jpg
[2010/04/24 09:07:12 | 000,040,648 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Piano.jpg
[2010/04/24 09:05:58 | 000,056,202 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Tree.jpg
[2010/04/23 21:51:18 | 000,005,108 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/04/23 20:58:24 | 001,826,200 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\SmitfraudFix.zip
[2010/04/21 14:42:20 | 000,195,012 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\cat56-718.pdf
[2010/04/21 14:30:55 | 000,138,447 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\IMG_0876.jpg
[2010/04/20 17:29:03 | 000,729,176 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\IMG_0875.jpg
[2010/04/20 17:22:14 | 000,841,596 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\IMG_0874.jpg
[2010/04/17 23:24:18 | 000,000,492 | -H-- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for (***edited to replace name***).job
[2010/04/17 23:24:15 | 000,000,979 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2010/04/17 23:24:12 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010/04/17 20:29:05 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/04/17 20:28:35 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/04/17 13:19:44 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\mswk15.doc
[2010/04/15 09:39:35 | 000,065,475 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\UHC Insurance Card Copy.jpg
[2010/04/14 10:05:00 | 000,000,157 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\Application Data\default.rss
[2010/04/14 10:01:44 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/13 17:54:19 | 000,004,422 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\2009 United Healthcare.csv
[2010/04/12 13:44:23 | 040,673,792 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\2010 Graduates.pps
[2010/04/12 13:37:57 | 040,729,600 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\2010 Graduates.ppt
[2010/04/09 10:33:28 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Pole and Flex.xls
[2010/04/07 09:25:14 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/03/07 08:30:59 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/31 10:55:08 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/07/14 08:24:28 | 000,000,056 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2009/04/08 12:56:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acmmzxr.dll
[2009/04/01 09:29:54 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/02/27 22:40:01 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/02/07 15:01:58 | 000,000,432 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/10 13:25:03 | 000,000,013 | ---- | C] () -- C:\WINDOWS\acmmzx.dll
[2008/11/10 13:31:49 | 000,004,296 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_Zune.ini
[2008/11/10 13:31:49 | 000,002,175 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_iPhone.ini
[2008/11/10 13:31:49 | 000,001,739 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_AppleTV.ini
[2008/11/10 13:31:49 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\BEST_Add_mfra.ini
[2008/11/10 13:31:48 | 000,015,266 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_3GP.ini
[2008/11/10 13:31:48 | 000,006,503 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_PSP.ini
[2008/11/10 13:31:48 | 000,003,057 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_iPod.ini
[2008/11/10 13:31:48 | 000,002,956 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_PMP.ini
[2008/11/10 13:31:48 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_PPC.ini
[2008/11/10 13:31:48 | 000,001,964 | ---- | C] () -- C:\WINDOWS\System32\BEST_QT_3GPP2_QVGA_AAC.ini
[2008/11/10 13:31:48 | 000,001,964 | ---- | C] () -- C:\WINDOWS\System32\BEST_QT_3GPP2_QCIF_AAC.ini
[2008/11/10 13:31:48 | 000,001,878 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_Xbox.ini
[2008/11/10 13:31:48 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\BEST_QT_3GPP_QVGA_AAC.ini
[2008/11/10 13:31:48 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\BEST_QT_3GPP_QCIF_AMR.ini
[2008/11/10 13:31:48 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\BEST_QT_3GPP_QCIF_AAC.ini
[2008/11/10 13:31:47 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\BEST_QT_3GPP_QVGA_AMR.ini
[2008/10/13 10:04:46 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/05 10:08:14 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/09/05 10:08:14 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/09/05 10:08:14 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/09/05 10:08:11 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2008/08/05 17:11:37 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008/07/29 20:43:17 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2008/07/29 20:37:16 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/07/29 20:37:01 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\coodest.dll
[2008/07/29 20:34:55 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2008/07/29 20:34:55 | 000,007,196 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AAC.ini
[2008/07/29 20:34:55 | 000,006,490 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PSP.ini
[2008/07/29 20:34:55 | 000,005,028 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP2_AAC.ini
[2008/07/29 20:34:55 | 000,004,296 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Zune.ini
[2008/07/29 20:34:55 | 000,003,045 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPod.ini
[2008/07/29 20:34:55 | 000,002,956 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PMP.ini
[2008/07/29 20:34:55 | 000,002,910 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AMR.ini
[2008/07/29 20:34:55 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PPC.ini
[2008/07/29 20:34:55 | 000,002,175 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPhone.ini
[2008/07/29 20:34:55 | 000,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QVGA_AAC.ini
[2008/07/29 20:34:55 | 000,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QCIF_AAC.ini
[2008/07/29 20:34:55 | 000,001,878 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Xbox.ini
[2008/07/29 20:34:55 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AMR.ini
[2008/07/29 20:34:55 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AAC.ini
[2008/07/29 20:34:55 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AMR.ini
[2008/07/29 20:34:55 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AAC.ini
[2008/07/29 20:34:55 | 000,001,739 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_AppleTV.ini
[2008/07/29 20:34:55 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\INI_Add_mfra.ini
[2008/07/29 20:34:49 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/07/29 20:29:29 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2008/07/29 20:29:21 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/29 20:29:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/28 15:15:44 | 000,001,771 | ---- | C] () -- C:\WINDOWS\atm.ini
[2008/07/24 16:59:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\PRNTPARM.DLL
[2008/07/24 16:58:29 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mdmparm.dll
[2008/07/24 16:58:29 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ClassXps.dll
[2008/07/24 13:24:56 | 000,002,880 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/07/22 18:47:15 | 000,000,058 | ---- | C] () -- C:\WINDOWS\CTACD.INI
[2008/07/22 16:06:27 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\nnr.dll
[2008/07/22 15:57:25 | 000,000,075 | ---- | C] () -- C:\WINDOWS\SETSCAN.INI
[2008/07/22 15:56:47 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2008/07/22 15:56:25 | 000,000,902 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/07/22 14:11:44 | 000,000,156 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/07/22 14:11:28 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/07/22 11:44:40 | 000,000,201 | ---- | C] () -- C:\WINDOWS\telephon.ini
[2008/07/22 11:44:37 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\sx7383.ini
[2008/07/22 11:44:36 | 000,202,240 | ---- | C] () -- C:\WINDOWS\System32\sp3.dll
[2008/07/22 11:44:36 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\sx20.ini
[2008/07/22 11:44:34 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\sx5363.ini
[2008/07/22 11:44:22 | 000,028,672 | ---- | C] () -- C:\WINDOWS\wutil.dll
[2008/07/21 21:33:55 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/07/21 21:33:15 | 000,035,972 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2008/07/21 21:33:15 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/07/21 21:32:42 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2008/07/21 21:32:42 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/07/21 21:31:21 | 000,000,307 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/07/21 20:49:08 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/07/21 20:11:22 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008/07/21 20:11:18 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/07/21 19:32:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/18 14:59:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/09/17 13:59:45 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\sfarkxt.dll
[2004/09/17 13:59:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\SFARKL.DLL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/10 10:10:05 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[1996/09/17 08:37:06 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\PIXTHK32.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E965A533
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B174FAE
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

==========================================================

OTL Extras logfile created on: 5/6/2010 2:04:34 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\(***edited to replace name***)\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 417.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 359.11 Gb Free Space | 77.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 74.52 Gb Total Space | 6.92 Gb Free Space | 9.29% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 7.70 Gb Free Space | 1.65% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: (***EDITED TO REPLACE NAME***)SERVER
Current User Name: (***edited to replace name***)
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1220945662-1202660629-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Print_Directory_Listing] -- printdir.bat "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Common Files\Symantec Shared\NPC\npcLUStb.exe" = C:\Program Files\Common Files\Symantec Shared\NPC\npcLUStb.exe:*:Enabled:LiveUpdate -- File not found
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0c9157d6-7079-4743-a760-bb556550819e}" = Nero 9
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B81F3FE-94DC-4725-9F7E-4FB000247864}" = Dolet Light for Finale 2006
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24BE72BA-DD13-4CD6-88BA-A4768E9C5668}" = ScanSoft OmniPage Pro 14.0
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0150150}" = J2SE Runtime Environment 5.0 Update 15
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3A59F6E0-EAA2-012B-AE20-000000000000}" = TurboTax 2009 wmsiper
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{44A7867C-E3F4-4F96-8948-FDE62D23AD29}" = TurboTax 2008 wmsiper
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{465DC07E-3390-401A-A190-6078D73AB4C6}" = CorelDRAW Graphics Suite 12
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4FB120F8-622C-4260-AB49-0F43A59CCF2A}" = iTunes
"{50020B66-4BA5-4E35-939E-98A0D648EE88}_is1" = Fast MP4 3GP AVI MPG WMV RM MOV FLV Converter 4.2
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.091
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{672D0014-71A9-45EF-B10E-DEF7426961A6}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{762EBEC5-7ADC-48DC-ADDE-882616730050}" = TransType Pro
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.8.0.193c
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7AA36634-4324-4EF4-8C0C-D8EF1FC2BEA4}" = Duplicate Email Remover
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{820889C1-8B3A-4B0F-8D79-37235DDE4B41}" = LiveUpload to Facebook
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{84B01A13-F78F-4281-9224-C96FB3530A2C}" = LightScribe Template Designs - Seasonal Pack 1
"{867570F9-57F8-4565-BBB2-7CE56732917A}" = SwiftDisc Burning Wizard Premium 2.20
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}" = HP Photosmart All-In-One Software 9.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9115E7DB-3B29-445A-802D-11E0AA945B7F}" = Sound Blaster Live!
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{949DBB22-2FB7-4de1-804C-23D495A988D8}" = CuteFTP 8 Home
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9EDE7573-F2B0-4FAC-8928-A7E9381BCB91}" = ArcSoft MediaImpression for Kodak
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A504FA88-6C29-4D6C-964B-E17FBF1DD856}" = NetObjects Fusion 9.0
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC072FB-1C53-4EBF-909D-538786684403}" = Magic Show Builder
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B54076AF-71F2-49DB-8337-3A3E3D8DDB2B}" = TransType SE
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD65CAC7-6D63-4D56-BED0-B610281256DF}" = CorelDRAW Graphics Suite 12 Setup Files
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CA72A82C-7DBC-4814-8CCB-E5BFAC59FAEF}" = ArcSoft MediaImpression for Kodak
"{CB16F6D9-EBC9-4BC6-B917-7AF53E99C067}" = LightScribe System Software 1.17.90.1
"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF736FF-8133-42F3-8E18-BDFE293B87FF}" = LightScribe Template Designs - Holiday Pack 1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DF29A0E2-DF76-4932-98A9-34B441F40486}" = Auction Sentry
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4349572-9023-46FC-A98B-1ECDCE7B9859}" = Tunebite
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6F272EF-6239-45A6-B9DC-D2C11CFF73C5}" = Dolet Light for Finale 2005
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8CA85FB-CA77-4CC1-891A-BEC474230465}" = EZ Photo Creations
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCBE0690-CBE1-4C60-87B0-4A70A6F5434E}" = LightScribe Template Labeler
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"ABest Video to WMV SWF FLV Converter_is1" = ABest Video to WMV SWF FLV Converter 3.92
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AllMusicConverter_is1" = AllMusicConverter 3.8.1
"American Airlines TravelDesk_is1" = American Airlines TravelDesk
"AMP Font Viewer" = AMP Font Viewer
"Any Audio Converter_is1" = Any Audio Converter 1.1.0
"AoA DVD Ripper_is1" = AoA DVD Ripper
"Apex Video Converter Super_is1" = Apex Video Converter Super 6.55
"AttributeMagic Pro" = AttributeMagic Pro 3.0 beta 5
"Audacity_is1" = Audacity 1.2.4
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CorelDRAW 10" = CorelDRAW 10
"CreataCard Plus 3" = CreataCard Plus 3
"Cucusoft DVD to iPod + iPod Video Converter Suite_is1" = Cucusoft DVD to iPod + iPod Video Converter Suite 8.2.8.2
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Duplicate Finder_is1" = Duplicate Finder
"ExpressBurn" = Express Burn
"Fax Machine_is1" = Fax Machine 4.32
"Finale 2005" = Finale 2005
"Finale 2006" = Finale 2006
"Finale Performance Assessment" = Finale Performance Assessment
"FixTunes" = FixTunes (remove only)
"FLV to WMV Convert_is1" = FLV to WMV Convert 2.7
"FLVPlayer4Free Free FLV Player_is1" = FLVPlayer4Free Free FLV Player 3.0.0.0
"Font Viewer_is1" = Font Viewer 2.0
"FontCreator6_is1" = High-Logic FontCreator 6.0
"Free RAR Extract Frog" = Free RAR Extract Frog
"Free&Easy Font Viewer_is1" = Free&Easy Font Viewer 2.0
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"iGadget_is1" = iGadget 4.7.0.0
"iPod Access for Windows_is1" = iPod Access for Windows v4.2.2
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Standard)
"Label Design Studio 3.1" = Label Design Studio 3.1
"LiveReg" = LiveReg (Symantec Corporation)
"Lost City of Gold" = Lost City of Gold (remove only)
"Magic M4A to MP3 Converter_is1" = Magic M4A to MP3 Converter 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Finale GPO" = Native Instruments Finale GPO
"NAV" = Norton AntiVirus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Photocopier Pro_is1" = Photocopier Pro Version 3.08
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RealPlayer 12.0" = RealPlayer
"SmartMusic Content" = SmartMusic Content (shared music files)
"SmartMusic Studio 8" = SmartMusic Studio 8
"Spyware Doctor" = Spyware Doctor 7.0
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"ToolBox" = NCH Toolbox
"Treasure Pyramid" = Treasure Pyramid (remove only)
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"VST Bridge_is1" = VST Bridge 1.1
"WavePad" = WavePad Sound Editor
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD" = XviD MPEG-4 Codec
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1220945662-1202660629-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
Last edited by ClintonMagus on May 10th, 2010, 3:25 pm, edited 1 time in total.
ClintonMagus
Active Member
 
Posts: 12
Joined: May 2nd, 2010, 8:21 pm

Re: Security Center and Other Malware

Unread postby deltalima » May 7th, 2010, 8:05 am

Hi ClintonMagus,

TDSSKiller
  • Download the file TDSSKiller.zip and save it on your desktop
  • Extract the file tdskiller.zip, it will create a folder named tdsskiller on your desktop
  • Next double-click the tdsskiller Folder on your desktop.
  • Next right-click on tdsskiller.exe and click Copy then Paste it directly on to your Desktop.
  • Highlight and copy the text in the codebox below.
    Code: Select all
    "%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
  • Click Start, click Run... and paste the text above into the Open: line and click OK.
  • Wait for the scan and disinfection process to be over.
  • Open tdskiller.txt on your desktop and post the contents in your next reply

CKScanner

  • Please download CKScanner from here to your Desktop.
Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Custom OTL scan
  • Double click on OTL.exe to run it.
  • Under the Custom Scan box paste this in
    Code: Select all
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • Please post the contents of OTL.txt in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Security Center and Other Malware

Unread postby ClintonMagus » May 9th, 2010, 10:32 pm

19:59:22:562 3820 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
19:59:22:562 3820 ================================================================================
19:59:22:562 3820 SystemInfo:

19:59:22:562 3820 OS Version: 5.1.2600 ServicePack: 3.0
19:59:22:562 3820 Product type: Workstation
19:59:22:562 3820 ComputerName: (***Edited to replace name***)
19:59:22:562 3820 UserName: (***Edited to replace name***)
19:59:22:562 3820 Windows directory: C:\WINDOWS
19:59:22:562 3820 Processor architecture: Intel x86
19:59:22:562 3820 Number of processors: 1
19:59:22:562 3820 Page size: 0x1000
19:59:22:562 3820 Boot type: Normal boot
19:59:22:562 3820 ================================================================================
19:59:22:578 3820 UnloadDriverW: NtUnloadDriver error 1
19:59:22:578 3820 ForceUnloadDriverW: UnloadDriverW(klmd21) error 1
19:59:22:656 3820 LoadDriverW: Driver already loaded
19:59:22:656 3820 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
19:59:22:656 3820 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:59:22:656 3820 wfopen_ex: Trying to KLMD file open
19:59:22:656 3820 wfopen_ex: File opened ok (Flags 2)
19:59:22:656 3820 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
19:59:22:656 3820 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:59:22:656 3820 wfopen_ex: Trying to KLMD file open
19:59:22:656 3820 wfopen_ex: File opened ok (Flags 2)
19:59:22:656 3820 Initialize success
19:59:22:656 3820
19:59:22:656 3820 Scanning Services ...
19:59:22:937 3820 Raw services enum returned 404 services
19:59:22:968 3820
19:59:22:968 3820 Scanning Kernel memory ...
19:59:22:968 3820 Devices to scan: 6
19:59:22:968 3820
19:59:22:968 3820 Driver Name: Disk
19:59:22:968 3820 IRP_MJ_CREATE : F7594BB0
19:59:22:968 3820 IRP_MJ_CREATE_NAMED_PIPE : 804FA87E
19:59:22:968 3820 IRP_MJ_CLOSE : F7594BB0
19:59:22:968 3820 IRP_MJ_READ : F758ED1F
19:59:22:968 3820 IRP_MJ_WRITE : F758ED1F
19:59:22:968 3820 IRP_MJ_QUERY_INFORMATION : 804FA87E
19:59:22:968 3820 IRP_MJ_SET_INFORMATION : 804FA87E
19:59:22:968 3820 IRP_MJ_QUERY_EA : 804FA87E
19:59:22:968 3820 IRP_MJ_SET_EA : 804FA87E
19:59:22:968 3820 IRP_MJ_FLUSH_BUFFERS : F758F2E2
19:59:22:968 3820 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E
19:59:22:968 3820 IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E
19:59:22:968 3820 IRP_MJ_DIRECTORY_CONTROL : 804FA87E
19:59:22:968 3820 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E
19:59:22:968 3820 IRP_MJ_DEVICE_CONTROL : F758F3BB
19:59:22:968 3820 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7592F28
19:59:22:968 3820 IRP_MJ_SHUTDOWN : F758F2E2
19:59:22:968 3820 IRP_MJ_LOCK_CONTROL : 804FA87E
19:59:22:968 3820 IRP_MJ_CLEANUP : 804FA87E
19:59:22:968 3820 IRP_MJ_CREATE_MAILSLOT : 804FA87E
19:59:22:968 3820 IRP_MJ_QUERY_SECURITY : 804FA87E
19:59:22:968 3820 IRP_MJ_SET_SECURITY : 804FA87E
19:59:22:968 3820 IRP_MJ_POWER : F7590C82
19:59:22:968 3820 IRP_MJ_SYSTEM_CONTROL : F759599E
19:59:22:968 3820 IRP_MJ_DEVICE_CHANGE : 804FA87E
19:59:22:968 3820 IRP_MJ_QUERY_QUOTA : 804FA87E
19:59:22:968 3820 IRP_MJ_SET_QUOTA : 804FA87E
19:59:22:984 3820 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
19:59:22:984 3820
19:59:22:984 3820 Driver Name: Disk
19:59:22:984 3820 IRP_MJ_CREATE : F7594BB0
19:59:22:984 3820 IRP_MJ_CREATE_NAMED_PIPE : 804FA87E
19:59:22:984 3820 IRP_MJ_CLOSE : F7594BB0
19:59:22:984 3820 IRP_MJ_READ : F758ED1F
19:59:22:984 3820 IRP_MJ_WRITE : F758ED1F
19:59:22:984 3820 IRP_MJ_QUERY_INFORMATION : 804FA87E
19:59:22:984 3820 IRP_MJ_SET_INFORMATION : 804FA87E
19:59:22:984 3820 IRP_MJ_QUERY_EA : 804FA87E
19:59:22:984 3820 IRP_MJ_SET_EA : 804FA87E
19:59:22:984 3820 IRP_MJ_FLUSH_BUFFERS : F758F2E2
19:59:22:984 3820 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E
19:59:22:984 3820 IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E
19:59:22:984 3820 IRP_MJ_DIRECTORY_CONTROL : 804FA87E
19:59:22:984 3820 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E
19:59:22:984 3820 IRP_MJ_DEVICE_CONTROL : F758F3BB
19:59:22:984 3820 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7592F28
19:59:22:984 3820 IRP_MJ_SHUTDOWN : F758F2E2
19:59:22:984 3820 IRP_MJ_LOCK_CONTROL : 804FA87E
19:59:22:984 3820 IRP_MJ_CLEANUP : 804FA87E
19:59:22:984 3820 IRP_MJ_CREATE_MAILSLOT : 804FA87E
19:59:22:984 3820 IRP_MJ_QUERY_SECURITY : 804FA87E
19:59:22:984 3820 IRP_MJ_SET_SECURITY : 804FA87E
19:59:22:984 3820 IRP_MJ_POWER : F7590C82
19:59:22:984 3820 IRP_MJ_SYSTEM_CONTROL : F759599E
19:59:22:984 3820 IRP_MJ_DEVICE_CHANGE : 804FA87E
19:59:22:984 3820 IRP_MJ_QUERY_QUOTA : 804FA87E
19:59:22:984 3820 IRP_MJ_SET_QUOTA : 804FA87E
19:59:23:000 3820 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
19:59:23:000 3820
19:59:23:000 3820 Driver Name: Disk
19:59:23:000 3820 IRP_MJ_CREATE : F7594BB0
19:59:23:000 3820 IRP_MJ_CREATE_NAMED_PIPE : 804FA87E
19:59:23:000 3820 IRP_MJ_CLOSE : F7594BB0
19:59:23:000 3820 IRP_MJ_READ : F758ED1F
19:59:23:000 3820 IRP_MJ_WRITE : F758ED1F
19:59:23:000 3820 IRP_MJ_QUERY_INFORMATION : 804FA87E
19:59:23:000 3820 IRP_MJ_SET_INFORMATION : 804FA87E
19:59:23:000 3820 IRP_MJ_QUERY_EA : 804FA87E
19:59:23:000 3820 IRP_MJ_SET_EA : 804FA87E
19:59:23:000 3820 IRP_MJ_FLUSH_BUFFERS : F758F2E2
19:59:23:000 3820 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E
19:59:23:000 3820 IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E
19:59:23:000 3820 IRP_MJ_DIRECTORY_CONTROL : 804FA87E
19:59:23:000 3820 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E
19:59:23:000 3820 IRP_MJ_DEVICE_CONTROL : F758F3BB
19:59:23:000 3820 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7592F28
19:59:23:000 3820 IRP_MJ_SHUTDOWN : F758F2E2
19:59:23:000 3820 IRP_MJ_LOCK_CONTROL : 804FA87E
19:59:23:000 3820 IRP_MJ_CLEANUP : 804FA87E
19:59:23:000 3820 IRP_MJ_CREATE_MAILSLOT : 804FA87E
19:59:23:000 3820 IRP_MJ_QUERY_SECURITY : 804FA87E
19:59:23:000 3820 IRP_MJ_SET_SECURITY : 804FA87E
19:59:23:000 3820 IRP_MJ_POWER : F7590C82
19:59:23:000 3820 IRP_MJ_SYSTEM_CONTROL : F759599E
19:59:23:000 3820 IRP_MJ_DEVICE_CHANGE : 804FA87E
19:59:23:000 3820 IRP_MJ_QUERY_QUOTA : 804FA87E
19:59:23:000 3820 IRP_MJ_SET_QUOTA : 804FA87E
19:59:23:015 3820 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
19:59:23:015 3820
19:59:23:015 3820 Driver Name: atapi
19:59:23:015 3820 IRP_MJ_CREATE : F745B6F2
19:59:23:015 3820 IRP_MJ_CREATE_NAMED_PIPE : 804FA87E
19:59:23:015 3820 IRP_MJ_CLOSE : F745B6F2
19:59:23:015 3820 IRP_MJ_READ : 804FA87E
19:59:23:015 3820 IRP_MJ_WRITE : 804FA87E
19:59:23:015 3820 IRP_MJ_QUERY_INFORMATION : 804FA87E
19:59:23:015 3820 IRP_MJ_SET_INFORMATION : 804FA87E
19:59:23:015 3820 IRP_MJ_QUERY_EA : 804FA87E
19:59:23:015 3820 IRP_MJ_SET_EA : 804FA87E
19:59:23:015 3820 IRP_MJ_FLUSH_BUFFERS : 804FA87E
19:59:23:015 3820 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E
19:59:23:015 3820 IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E
19:59:23:015 3820 IRP_MJ_DIRECTORY_CONTROL : 804FA87E
19:59:23:015 3820 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E
19:59:23:015 3820 IRP_MJ_DEVICE_CONTROL : F745B712
19:59:23:015 3820 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7457852
19:59:23:015 3820 IRP_MJ_SHUTDOWN : 804FA87E
19:59:23:015 3820 IRP_MJ_LOCK_CONTROL : 804FA87E
19:59:23:015 3820 IRP_MJ_CLEANUP : 804FA87E
19:59:23:015 3820 IRP_MJ_CREATE_MAILSLOT : 804FA87E
19:59:23:015 3820 IRP_MJ_QUERY_SECURITY : 804FA87E
19:59:23:015 3820 IRP_MJ_SET_SECURITY : 804FA87E
19:59:23:015 3820 IRP_MJ_POWER : F745B73C
19:59:23:015 3820 IRP_MJ_SYSTEM_CONTROL : F7462336
19:59:23:015 3820 IRP_MJ_DEVICE_CHANGE : 804FA87E
19:59:23:015 3820 IRP_MJ_QUERY_QUOTA : 804FA87E
19:59:23:015 3820 IRP_MJ_SET_QUOTA : 804FA87E
19:59:23:015 3820 C:\WINDOWS\system32\drivers\tsk4F.tmp - Verdict: 3
19:59:23:015 3820
19:59:23:015 3820 Driver Name: atapi
19:59:23:015 3820 IRP_MJ_CREATE : 86499EE4
19:59:23:015 3820 IRP_MJ_CREATE_NAMED_PIPE : 86499EE4
19:59:23:015 3820 IRP_MJ_CLOSE : 86499EE4
19:59:23:015 3820 IRP_MJ_READ : 86499EE4
19:59:23:015 3820 IRP_MJ_WRITE : 86499EE4
19:59:23:015 3820 IRP_MJ_QUERY_INFORMATION : 86499EE4
19:59:23:015 3820 IRP_MJ_SET_INFORMATION : 86499EE4
19:59:23:015 3820 IRP_MJ_QUERY_EA : 86499EE4
19:59:23:015 3820 IRP_MJ_SET_EA : 86499EE4
19:59:23:015 3820 IRP_MJ_FLUSH_BUFFERS : 86499EE4
19:59:23:015 3820 IRP_MJ_QUERY_VOLUME_INFORMATION : 86499EE4
19:59:23:015 3820 IRP_MJ_SET_VOLUME_INFORMATION : 86499EE4
19:59:23:015 3820 IRP_MJ_DIRECTORY_CONTROL : 86499EE4
19:59:23:015 3820 IRP_MJ_FILE_SYSTEM_CONTROL : 86499EE4
19:59:23:015 3820 IRP_MJ_DEVICE_CONTROL : 86499EE4
19:59:23:015 3820 IRP_MJ_INTERNAL_DEVICE_CONTROL : 86499EE4
19:59:23:015 3820 IRP_MJ_SHUTDOWN : 86499EE4
19:59:23:015 3820 IRP_MJ_LOCK_CONTROL : 86499EE4
19:59:23:015 3820 IRP_MJ_CLEANUP : 86499EE4
19:59:23:015 3820 IRP_MJ_CREATE_MAILSLOT : 86499EE4
19:59:23:015 3820 IRP_MJ_QUERY_SECURITY : 86499EE4
19:59:23:015 3820 IRP_MJ_SET_SECURITY : 86499EE4
19:59:23:015 3820 IRP_MJ_POWER : 86499EE4
19:59:23:015 3820 IRP_MJ_SYSTEM_CONTROL : 86499EE4
19:59:23:015 3820 IRP_MJ_DEVICE_CHANGE : 86499EE4
19:59:23:015 3820 IRP_MJ_QUERY_QUOTA : 86499EE4
19:59:23:015 3820 IRP_MJ_SET_QUOTA : 86499EE4
19:59:23:015 3820 Driver "atapi" infected by TDSS rootkit!
19:59:23:015 3820 C:\WINDOWS\system32\drivers\tsk4F.tmp - Verdict: 3
19:59:23:015 3820
19:59:23:015 3820 Driver Name: atapi
19:59:23:015 3820 IRP_MJ_CREATE : F745B6F2
19:59:23:015 3820 IRP_MJ_CREATE_NAMED_PIPE : 804FA87E
19:59:23:015 3820 IRP_MJ_CLOSE : F745B6F2
19:59:23:015 3820 IRP_MJ_READ : 804FA87E
19:59:23:015 3820 IRP_MJ_WRITE : 804FA87E
19:59:23:015 3820 IRP_MJ_QUERY_INFORMATION : 804FA87E
19:59:23:015 3820 IRP_MJ_SET_INFORMATION : 804FA87E
19:59:23:015 3820 IRP_MJ_QUERY_EA : 804FA87E
19:59:23:015 3820 IRP_MJ_SET_EA : 804FA87E
19:59:23:015 3820 IRP_MJ_FLUSH_BUFFERS : 804FA87E
19:59:23:015 3820 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E
19:59:23:015 3820 IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E
19:59:23:015 3820 IRP_MJ_DIRECTORY_CONTROL : 804FA87E
19:59:23:015 3820 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E
19:59:23:015 3820 IRP_MJ_DEVICE_CONTROL : F745B712
19:59:23:015 3820 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7457852
19:59:23:015 3820 IRP_MJ_SHUTDOWN : 804FA87E
19:59:23:015 3820 IRP_MJ_LOCK_CONTROL : 804FA87E
19:59:23:015 3820 IRP_MJ_CLEANUP : 804FA87E
19:59:23:015 3820 IRP_MJ_CREATE_MAILSLOT : 804FA87E
19:59:23:015 3820 IRP_MJ_QUERY_SECURITY : 804FA87E
19:59:23:015 3820 IRP_MJ_SET_SECURITY : 804FA87E
19:59:23:015 3820 IRP_MJ_POWER : F745B73C
19:59:23:015 3820 IRP_MJ_SYSTEM_CONTROL : F7462336
19:59:23:015 3820 IRP_MJ_DEVICE_CHANGE : 804FA87E
19:59:23:015 3820 IRP_MJ_QUERY_QUOTA : 804FA87E
19:59:23:015 3820 IRP_MJ_SET_QUOTA : 804FA87E
19:59:23:015 3820 C:\WINDOWS\system32\drivers\tsk4F.tmp - Verdict: 3
19:59:23:015 3820
19:59:23:015 3820 Completed
19:59:23:015 3820
19:59:23:015 3820 Results:
19:59:23:015 3820 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
19:59:23:015 3820 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:59:23:015 3820 File objects infected / cured / cured on reboot: 0 / 0 / 0
19:59:23:015 3820
19:59:23:015 3820 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
19:59:23:015 3820 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
19:59:23:015 3820 UnloadDriverW: NtUnloadDriver error 1
19:59:23:062 3820 KLMD(ARK) unloaded successfully



CKScanner - Additional Security Risks - These are not necessarily bad
c:\data\finale\nutcracker1.mid
c:\data\finale\nutcracker2.mid
c:\data\finale\nutcracker3.mid
c:\data\finale\nutcracker4.mid
c:\data\finale\nutcracker5.mid
c:\data\finale\nutcracker6.mid
c:\data\finale\nutcracker7.mid
c:\data\finale\nutcracker8.mid
c:\data\igadget\christmas\mannheim steamroller\christmas extraordinaire\mannheim steamroller - faeries (from 'the nutcracker').m4a
c:\data\igadget\christmas\trans-siberian orchestra\christmas eve and other stories\trans-siberian orchestra - silent nutcracker (instrumental).m4a
c:\documents and settings\(***edited to replace name***)\favorites\kindermusik\christmas crackers and crackers for all occasions.url
c:\documents and settings\(***edited to replace name***)\favorites\kindermusik\christmas crackers.url
c:\documents and settings\(***edited to replace name***)\my documents\incomplete\dnve5auexuty3lbjf4532jhvypf67lzj\finale 2006\keygen.exe
c:\documents and settings\(***edited to replace name***)\my documents\marimba\bar_cracks.mp4
c:\documents and settings\(***edited to replace name***)\my documents\my music\itunes\itunes music\mannheim steamroller\christmas extraordinaire\04 faeries (from 'the nutcracker').m4a
c:\documents and settings\(***edited to replace name***)\my documents\my music\itunes\itunes music\trans-siberian orchestra\christmas eve and other stories\05 silent nutcracker (instrumental).m4a
c:\program files\corel\corel graphics 12\custom data\bumpmap\cracks.cpt
c:\program files\corel\corel graphics 12\custom data\canvas\cracks2c.pcx
c:\program files\corel\corel graphics 12\custom data\tiles\cracks2m.cpt
c:\program files\corel\graphics10\custom\bumpmap\cracks.cpt
c:\program files\corel\graphics10\custom\canvas\cracks2c.pcx
c:\program files\corel\graphics10\custom\tiles\cracks2m.cpt
c:\program files\corel\graphics10\photopnt\scripts\effects\086 bump map cracks.csc
scanner sequence 3.ZZ.11
----- EOF -----
ClintonMagus
Active Member
 
Posts: 12
Joined: May 2nd, 2010, 8:21 pm

Re: Security Center and Other Malware

Unread postby ClintonMagus » May 9th, 2010, 10:32 pm

OTL logfile created on: 5/9/2010 8:06:48 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\(***edited to replace name***)\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 498.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 359.05 Gb Free Space | 77.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 74.52 Gb Total Space | 6.92 Gb Free Space | 9.29% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 7.70 Gb Free Space | 1.65% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCCORMICKSERVER
Current User Name: (***edited to replace name***)
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Documents and Settings\(***edited to replace name***)\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\iPod Access for Windows\iPAHelper.exe ()
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\(***edited to replace name***)\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe (Symantec Corporation)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SMServer) -- C:\WINDOWS\System32\snmvtsvc.exe (SMServer)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (iPAHelper.exe) -- C:\Program Files\iPod Access for Windows\iPAHelper.exe ()


========== Driver Services (SafeList) ==========

DRV - (atapi) -- C:\WINDOWS\system32\drivers\tsk4F.tmp (Microsoft Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\Ironx86.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\ccHPx86.sys (Symantec Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100331.034\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100331.034\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMEFA.SYS (Symantec Corporation)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NAV\1105000.07F\SRTSP.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NAV\1105000.07F\SYMTDI.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100326.001\IDSXpx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMDS.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (MusCVideo) -- C:\WINDOWS\system32\drivers\MusCVideo.sys (Windows (R) 2000 DDK provider)
DRV - (MusCAudio) -- C:\WINDOWS\system32\drivers\MusCAudio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ArcCD) -- C:\WINDOWS\system32\drivers\ArcCD.sys (ArcSoft Inc.)
DRV - (ArcUdfs) -- C:\WINDOWS\system32\drivers\ArcUdfs.sys (ArcSoft Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\CTAC32K.SYS (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PFMODNT.SYS (Creative Technology Ltd.)
DRV - (ASPI32) -- C:\WINDOWS\system32\drivers\Aspi32.sys (Adaptec)
DRV - (HCF_MSFT) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys (Conexant)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3


FF - HKLM\software\mozilla\Firefox\Extensions\\tunebite-firefox-surf-and-catch-extension@audials.com: C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ [2009/05/24 12:05:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\IPSFFPlgn\ [2010/02/12 12:52:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/28 09:50:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/05 20:35:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/05 20:35:41 | 000,000,000 | ---D | M]

[2008/10/15 20:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Mozilla\Extensions
[2010/05/09 20:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Mozilla\Firefox\Profiles\qw7fmekr.default\extensions
[2010/01/21 17:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Mozilla\Firefox\Profiles\qw7fmekr.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2009/07/01 16:00:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Mozilla\Firefox\Profiles\qw7fmekr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/29 19:02:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Mozilla\Firefox\Profiles\qw7fmekr.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/05/05 20:35:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/02 18:47:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/02 18:47:27 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}-trash
[2009/11/24 14:14:50 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/11/28 13:10:18 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll

O1 HOSTS File: ([2010/04/24 06:32:04 | 000,290,117 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 9993 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll ()
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDow ... eqlab3.cab (System Requirements Lab Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab (DLM Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://tradepressevents.webex.com/clie ... eatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\video/x-flv {08C72DD4-19AD-49f1-83DA-8542B4D302C5} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 18:57:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{197e51ff-4668-11df-bc44-000feaff05f4}\Shell\AutoRun\command - "" = H:\Setup.exe -- File not found
O33 - MountPoints2\{197e51ff-4668-11df-bc44-000feaff05f4}\Shell\Install\command - "" = H:\Setup.exe -- File not found
O33 - MountPoints2\{95eced93-4bcc-11de-bbe1-000feaff05f4}\Shell - "" = AutoRun
O33 - MountPoints2\{95eced93-4bcc-11de-bbe1-000feaff05f4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{95eced93-4bcc-11de-bbe1-000feaff05f4}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{95eced94-4bcc-11de-bbe1-000feaff05f4}\Shell\AutoRun\command - "" = J:\Amy.pps -- File not found
O33 - MountPoints2\{d39e6bae-055e-11df-bc31-000feaff05f4}\Shell\AutoRun\command - "" = J:\MI.exe -- File not found
O33 - MountPoints2\{d39e6bb6-055e-11df-bc31-000feaff05f4}\Shell - "" = AutoRun
O33 - MountPoints2\{d39e6bb6-055e-11df-bc31-000feaff05f4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d39e6bb6-055e-11df-bc31-000feaff05f4}\Shell\AutoRun\command - "" = I:\MI.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/07/21 18:57:18 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/09 19:58:17 | 000,036,488 | ---- | C] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
[2010/05/06 14:02:34 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\(***edited to replace name***)\Desktop\OTL.exe
[2010/05/05 21:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/05 21:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\SUPERAntiSpyware.com
[2010/05/05 21:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/02 18:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/30 21:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/04/30 21:25:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\(***edited to replace name***)\Recent
[2010/04/30 21:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/29 21:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/29 21:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/29 21:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\My Documents\tuning sine wavs
[2010/04/29 18:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Updater5
[2010/04/29 18:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/04/29 18:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/04/28 09:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/28 09:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/04/28 09:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/24 06:46:50 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\(***edited to replace name***)\Desktop\mbam-setup.exe
[2010/04/23 20:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\Desktop\SmitfraudFix
[2010/04/17 23:24:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2010/04/17 23:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/04/17 23:24:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207030.022
[2010/04/17 20:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/04/17 20:08:12 | 000,134,912 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\drivers\ArcUdfs.sys
[2010/04/17 20:08:12 | 000,036,224 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\drivers\ArcCD.sys
[2010/04/17 20:08:12 | 000,007,680 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\drivers\ArcRec.sys
[2010/04/14 10:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\Desktop\2006 December
[2010/04/08 22:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/07 09:25:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/04/07 09:25:10 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/04/04 12:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Nero
[2010/04/04 07:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/04/04 07:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/04/04 07:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/04/03 18:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/03 10:24:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\FONTS
[2010/04/03 09:56:25 | 000,000,000 | ---D | C] -- C:\CloneDVDTemp
[2010/04/03 09:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010/03/30 20:58:24 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/03/24 21:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\skypePM
[2010/03/24 21:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Skype
[2010/03/24 21:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/03/22 10:43:42 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\(***edited to replace name***)\Desktop\TDSSKiller.exe
[2010/03/08 12:59:18 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/03/07 08:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Cucusoft
[2010/03/07 08:30:59 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2010/03/07 08:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\Local Settings\Application Data\Cucusoft
[2010/02/25 21:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\AM Pro
[2010/02/25 15:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\Local Settings\Application Data\GlobalSCAPE
[2010/02/25 15:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\GlobalSCAPE
[2010/02/25 15:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2010/02/25 15:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Kindermusik Website
[2010/02/25 15:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\GlobalSCAPE
[2010/02/23 09:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/02/19 14:27:36 | 000,720,384 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2010/02/19 14:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2010/02/19 14:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2010/02/19 14:27:16 | 000,847,872 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2010/02/19 14:27:16 | 000,843,776 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
[2010/02/19 14:27:16 | 000,839,680 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2008/07/21 21:32:24 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/09 19:58:17 | 000,036,488 | ---- | M] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
[2010/05/09 19:57:10 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\NTUSER.DAT
[2010/05/09 19:56:49 | 000,451,584 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\CKScanner.exe
[2010/05/09 19:56:14 | 000,154,469 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\tdsskiller.zip
[2010/05/09 19:48:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/09 14:26:40 | 000,000,492 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for (***edited to replace name***).job
[2010/05/08 23:48:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/08 21:52:19 | 000,061,238 | ---- | M] () -- C:\WINDOWS\System32\CTHELPER.RPT
[2010/05/08 21:51:13 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/08 21:51:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1202660629-682003330-1003.job
[2010/05/08 21:50:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/08 21:33:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/08 21:33:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/07 06:37:40 | 000,024,144 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000002-100A1102}.rfx
[2010/05/07 06:37:40 | 000,024,144 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000002-100A1102}.rfx
[2010/05/07 06:37:40 | 000,016,376 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000002-100A1102}.rfx
[2010/05/07 06:37:40 | 000,016,376 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000001-00001102-00000002-100A1102}.rfx
[2010/05/07 06:37:40 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/05/07 06:37:40 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/05/07 06:37:40 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000002-100A1102}.dat
[2010/05/07 06:37:40 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000002-100A1102}.dat
[2010/05/07 06:35:31 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\(***edited to replace name***)\ntuser.ini
[2010/05/06 21:44:42 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Graduation list.xls
[2010/05/06 20:37:18 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Carrie Lynn McCormick Successful Vaults.xls
[2010/05/06 20:32:52 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\Microsoft Office Excel 2003.lnk
[2010/05/06 15:45:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/06 14:02:59 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\yj4mz0op.exe
[2010/05/06 14:02:35 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\(***edited to replace name***)\Desktop\OTL.exe
[2010/05/05 21:44:44 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/05 21:32:45 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/05/05 21:16:57 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\Microsoft Office Access 2003.lnk
[2010/05/05 20:35:52 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/05 13:49:59 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\InchCalc.xla
[2010/05/05 13:49:17 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\InchCalc.xls
[2010/05/04 21:30:22 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1202660629-682003330-1003.job
[2010/05/04 21:27:43 | 000,512,642 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/04 21:27:43 | 000,435,592 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/04 21:27:43 | 000,068,504 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/04 21:27:14 | 000,004,507 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/03 18:28:48 | 000,232,968 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/02 18:22:54 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\HijackThis.lnk
[2010/04/30 21:24:45 | 000,192,724 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\cc_20100430_212433.reg
[2010/04/30 21:22:12 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\CCleaner.lnk
[2010/04/30 07:49:34 | 000,001,010 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/29 21:35:49 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/29 21:35:49 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/29 20:02:22 | 000,015,493 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bylaws.pdf
[2010/04/29 19:59:28 | 000,009,021 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\AGPVC_Bylaws_Waiver_Appl_rev031410.doc
[2010/04/29 18:49:58 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 8 Professional.lnk
[2010/04/29 18:17:46 | 000,700,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/29 17:46:29 | 000,024,818 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\AGPVC_Bylaws_Waiver_Appl_rev031410.pdf
[2010/04/28 10:40:08 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/28 09:50:24 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/04/28 09:46:04 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/04/28 09:42:13 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/04/25 20:27:35 | 000,082,944 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\G-Force Vault Club Membership Packet.doc
[2010/04/25 20:27:04 | 000,083,780 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Tax Exempt.PDF
[2010/04/25 08:38:10 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Anti Gravity Pole Vault Club Bylaws.doc
[2010/04/25 08:36:26 | 001,529,292 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\PPVC_ABOUT_Membership.pdf
[2010/04/25 08:34:38 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\BYLAWS - Falmouth Track Club.doc
[2010/04/25 08:33:23 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\CTC Bylaws.doc
[2010/04/25 08:33:09 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\BYLAWS - Wisconsin Track Club.doc
[2010/04/25 08:32:45 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bylaws of the New Orleans Track Club.doc
[2010/04/25 08:32:36 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Squannacook Club Charter.doc
[2010/04/24 22:18:12 | 000,002,880 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/04/24 22:17:57 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\CorelDRAW 12.lnk
[2010/04/24 16:27:15 | 000,054,706 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea.jpg
[2010/04/24 13:46:40 | 000,371,492 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\download folder 144.jpg
[2010/04/24 13:46:25 | 000,023,440 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\download folder 145.jpg
[2010/04/24 13:45:33 | 000,385,991 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\download folder 143.jpg
[2010/04/24 09:13:00 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\Microsoft Office Word 2003.lnk
[2010/04/24 09:11:21 | 000,040,648 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Piano.jpg
[2010/04/24 09:10:29 | 000,025,540 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Formal.jpg
[2010/04/24 09:08:55 | 000,025,999 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Casual1.jpg
[2010/04/24 09:05:58 | 000,056,202 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Tree.jpg
[2010/04/24 09:03:54 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\Paint Shop Pro 7.lnk
[2010/04/24 08:57:49 | 000,001,316 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/04/24 08:51:30 | 000,643,292 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\Cat.DB
[2010/04/24 06:47:34 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/24 06:39:38 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\(***edited to replace name***)\Desktop\mbam-setup.exe
[2010/04/24 06:32:19 | 000,005,108 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/04/23 22:04:37 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/23 22:04:37 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/04/23 20:52:56 | 001,826,200 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\SmitfraudFix.zip
[2010/04/21 14:42:20 | 000,195,012 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\cat56-718.pdf
[2010/04/21 14:34:43 | 000,138,447 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\IMG_0876.jpg
[2010/04/20 17:29:03 | 000,729,176 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\IMG_0875.jpg
[2010/04/20 17:22:14 | 000,841,596 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\IMG_0874.jpg
[2010/04/20 10:08:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\FaxMan
[2010/04/17 23:24:15 | 000,000,979 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2010/04/17 23:24:12 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010/04/17 20:29:45 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\DivX Movies.lnk
[2010/04/17 20:29:05 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/04/17 20:28:36 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/04/17 20:09:24 | 000,001,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Impression for Kodak.lnk
[2010/04/17 13:19:45 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\mswk15.doc
[2010/04/17 08:23:12 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Pole and Flex.xls
[2010/04/15 21:49:44 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/15 09:39:35 | 000,065,475 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\UHC Insurance Card Copy.jpg
[2010/04/14 21:05:21 | 000,205,824 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/14 10:06:56 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/14 10:05:00 | 000,000,157 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Application Data\default.rss
[2010/04/13 20:54:48 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\TurboTax 2009.lnk
[2010/04/13 18:27:38 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/13 17:54:19 | 000,004,422 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\2009 United Healthcare.csv
[2010/04/12 13:44:24 | 040,673,792 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\2010 Graduates.pps
[2010/04/12 13:44:06 | 040,729,600 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\2010 Graduates.ppt
[2010/04/12 13:02:06 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\Microsoft Office PowerPoint 2003.lnk
[2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/04/07 09:25:14 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/04/04 07:54:26 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/04/04 07:41:46 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk
[2010/04/04 07:17:15 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Application Data\inst.exe
[2010/04/04 07:17:14 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\(***edited to replace name***)\Application Data\pcouffin.sys
[2010/04/04 07:17:14 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Application Data\pcouffin.cat
[2010/04/04 07:17:14 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Application Data\pcouffin.inf
[2010/04/03 18:59:02 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/03 16:02:00 | 000,120,520 | ---- | M] () -- C:\WINDOWS\FontData.fdb
[2010/04/03 10:31:26 | 000,050,015 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Experiencing God.jpg
[2010/04/03 09:55:18 | 000,000,085 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/04/03 09:54:49 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CloneDVD2.lnk
[2010/04/03 08:52:13 | 003,375,239 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000001-00001102-00000002-100A1102}.CDF
[2010/04/02 21:24:51 | 783,409,478 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Image.nrg
[2010/04/02 21:21:52 | 000,003,080 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\CDBIDXL.DAT
[2010/04/02 21:21:52 | 000,002,056 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\TDBIDXL.DAT
[2010/04/02 20:13:51 | 000,021,857 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Audio1.nra
[2010/03/31 10:44:22 | 000,199,304 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\ExGod.jpg
[2010/03/30 20:58:24 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/03/26 20:15:54 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\isolate.ini
[2010/03/26 13:52:03 | 000,011,213 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Carl.gif
[2010/03/26 13:50:30 | 000,003,442 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\nophoto.gif
[2010/03/26 13:16:14 | 000,002,499 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\Corel PHOTO-PAINT 12.lnk
[2010/03/26 13:14:57 | 000,183,292 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Robin2.jpg
[2010/03/26 13:14:42 | 000,153,211 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\bin1.jpg
[2010/03/24 21:34:26 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/22 10:43:42 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\(***edited to replace name***)\Desktop\TDSSKiller.exe
[2010/03/08 12:59:18 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/03/08 11:58:00 | 001,293,270 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\FPP Invoice #77 - Jackson to Kissimmee.pdf
[2010/03/08 11:58:00 | 000,688,156 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\McCormick Credit Authorization Form.pdf
[2010/03/08 11:58:00 | 000,302,243 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\March 15 Kissimmee to Jackson.pdf
[2010/03/08 11:58:00 | 000,302,142 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\March 9 Jackson to Kissimmee.pdf
[2010/03/07 16:09:21 | 003,226,659 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\DisneyTFShowcaseSchedule2010.pdf
[2010/03/07 08:31:02 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\Cucusoft iPod Video Converter Suite.lnk
[2010/03/05 19:58:00 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Super1Schedule2010.doc
[2010/03/04 11:24:25 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Pole Vault Information.xls
[2010/03/04 10:10:58 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Pole List.xls
[2010/03/02 21:00:49 | 000,062,464 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Old-to-Young.xls
[2010/03/01 22:32:06 | 000,007,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtspx.cat
[2010/03/01 22:32:06 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtsp.cat
[2010/03/01 16:04:54 | 000,012,816 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\McCormick 11-100.xlsx
[2010/03/01 15:36:54 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\MailList.xls
[2010/03/01 15:22:11 | 000,012,791 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\McCormick 11-110.xlsx
[2010/02/26 21:23:54 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\ironx86.sys
[2010/02/26 21:23:54 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\iron.cat
[2010/02/26 21:23:54 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\iron.inf
[2010/02/26 21:23:21 | 000,325,680 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtsp.sys
[2010/02/26 21:23:21 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtspx.sys
[2010/02/26 21:23:21 | 000,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtspx.inf
[2010/02/26 21:23:21 | 000,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtsp.inf
[2010/02/25 18:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\cchpx86.sys
[2010/02/25 15:18:26 | 000,001,659 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CuteFTP 8 Home.lnk
[2010/02/25 12:54:56 | 000,007,396 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\cchpx86.cat
[2010/02/23 09:55:27 | 000,060,744 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\g2mdlhlpx.exe
[2010/02/19 14:27:36 | 000,720,384 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2010/02/19 14:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2010/02/19 14:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2010/02/19 14:27:16 | 000,847,872 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2010/02/19 14:27:16 | 000,843,776 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
[2010/02/19 14:27:16 | 000,839,680 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2010/02/14 17:35:01 | 000,019,961 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Mormal Female.jpg
[2010/02/14 17:33:06 | 000,020,084 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Trisomy 21.jpg
[2010/02/14 17:32:36 | 000,020,330 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Normal Female.jpg
[2010/02/14 17:32:11 | 000,020,330 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\trisomy21.jpg
[2010/02/14 17:28:32 | 000,028,767 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\fs32-2-2.gif
[2010/02/12 20:29:52 | 000,023,945 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Klinefelter.jpg
[2010/02/12 20:25:20 | 000,029,202 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\fs32-2.gif
[2010/02/12 20:22:18 | 000,025,020 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\800px-45,X.jpg
[2010/02/12 20:21:37 | 000,203,881 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\768px-Human_chromosomesXXY01.png
[2010/02/12 20:20:44 | 000,104,783 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\557px-Down_syndrome_translocation.png
[2010/02/12 20:20:34 | 000,104,034 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\557px-Down_Syndrome_Karyotype.png
[2010/02/12 20:20:19 | 000,096,451 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\557px-Karyotype.png
[2010/02/12 12:45:24 | 000,001,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2010/02/12 12:44:55 | 000,643,220 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\Cat.DB
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/09 19:56:45 | 000,451,584 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\CKScanner.exe
[2010/05/09 19:56:13 | 000,154,469 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\tdsskiller.zip
[2010/05/06 20:41:01 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Graduation list.xls
[2010/05/06 14:02:56 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\yj4mz0op.exe
[2010/05/05 21:44:44 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/05 21:32:45 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/05/05 20:35:52 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/05 13:49:58 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\InchCalc.xla
[2010/05/05 13:49:17 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\InchCalc.xls
[2010/05/04 21:26:32 | 000,004,507 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/02 18:22:54 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\HijackThis.lnk
[2010/04/30 21:24:36 | 000,192,724 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\cc_20100430_212433.reg
[2010/04/30 21:22:12 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\CCleaner.lnk
[2010/04/29 21:35:49 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/29 21:35:49 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/29 20:02:22 | 000,015,493 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bylaws.pdf
[2010/04/29 19:59:24 | 000,009,021 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\AGPVC_Bylaws_Waiver_Appl_rev031410.doc
[2010/04/29 18:03:33 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 8 Professional.lnk
[2010/04/29 17:46:19 | 000,024,818 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\AGPVC_Bylaws_Waiver_Appl_rev031410.pdf
[2010/04/28 09:50:30 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1202660629-682003330-1003.job
[2010/04/28 09:50:29 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1202660629-682003330-1003.job
[2010/04/28 09:50:24 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/04/28 09:46:02 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/04/25 20:27:03 | 000,083,780 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Tax Exempt.PDF
[2010/04/25 20:18:00 | 000,082,944 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\G-Force Vault Club Membership Packet.doc
[2010/04/25 08:38:10 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Anti Gravity Pole Vault Club Bylaws.doc
[2010/04/25 08:36:23 | 001,529,292 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\PPVC_ABOUT_Membership.pdf
[2010/04/25 08:34:38 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\BYLAWS - Falmouth Track Club.doc
[2010/04/25 08:33:23 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\CTC Bylaws.doc
[2010/04/25 08:33:08 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\BYLAWS - Wisconsin Track Club.doc
[2010/04/25 08:32:45 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bylaws of the New Orleans Track Club.doc
[2010/04/25 08:32:35 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Squannacook Club Charter.doc
[2010/04/24 16:24:59 | 000,054,706 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea.jpg
[2010/04/24 13:44:00 | 000,385,991 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\download folder 143.jpg
[2010/04/24 13:44:00 | 000,371,492 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\download folder 144.jpg
[2010/04/24 13:44:00 | 000,023,440 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\download folder 145.jpg
[2010/04/24 09:10:29 | 000,025,540 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Formal.jpg
[2010/04/24 09:08:55 | 000,025,999 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Casual1.jpg
[2010/04/24 09:07:12 | 000,040,648 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Piano.jpg
[2010/04/24 09:05:58 | 000,056,202 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Tree.jpg
[2010/04/23 21:51:18 | 000,005,108 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/04/23 20:58:24 | 001,826,200 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\SmitfraudFix.zip
[2010/04/21 14:42:20 | 000,195,012 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\cat56-718.pdf
[2010/04/21 14:30:55 | 000,138,447 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\IMG_0876.jpg
[2010/04/20 17:29:03 | 000,729,176 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\IMG_0875.jpg
[2010/04/20 17:22:14 | 000,841,596 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\IMG_0874.jpg
[2010/04/17 23:24:18 | 000,000,492 | -H-- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for (***edited to replace name***).job
[2010/04/17 23:24:15 | 000,000,979 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2010/04/17 23:24:12 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010/04/17 20:29:05 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/04/17 20:28:35 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/04/17 13:19:44 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\mswk15.doc
[2010/04/15 09:39:35 | 000,065,475 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\UHC Insurance Card Copy.jpg
[2010/04/14 10:05:00 | 000,000,157 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\Application Data\default.rss
[2010/04/14 10:01:44 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/13 17:54:19 | 000,004,422 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\2009 United Healthcare.csv
[2010/04/12 13:44:23 | 040,673,792 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\2010 Graduates.pps
[2010/04/12 13:37:57 | 040,729,600 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\2010 Graduates.ppt
[2010/04/09 10:33:28 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Pole and Flex.xls
[2010/04/07 09:25:14 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/04/04 07:54:26 | 000,002,327 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/04/03 18:59:02 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/03 10:31:16 | 000,050,015 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Experiencing God.jpg
[2010/04/03 09:55:18 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/04/03 09:54:49 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CloneDVD2.lnk
[2010/04/02 20:13:51 | 000,021,857 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Audio1.nra
[2010/03/31 10:44:22 | 000,199,304 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\ExGod.jpg
[2010/03/26 13:52:03 | 000,011,213 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Carl.gif
[2010/03/26 13:50:29 | 000,003,442 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\nophoto.gif
[2010/03/26 13:14:57 | 000,183,292 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Robin2.jpg
[2010/03/26 13:14:41 | 000,153,211 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\bin1.jpg
[2010/03/24 21:34:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/08 11:58:00 | 001,293,270 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\FPP Invoice #77 - Jackson to Kissimmee.pdf
[2010/03/08 11:58:00 | 000,688,156 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\McCormick Credit Authorization Form.pdf
[2010/03/08 11:58:00 | 000,302,243 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\March 15 Kissimmee to Jackson.pdf
[2010/03/08 11:58:00 | 000,302,142 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\March 9 Jackson to Kissimmee.pdf
[2010/03/07 16:09:14 | 003,226,659 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\DisneyTFShowcaseSchedule2010.pdf
[2010/03/07 08:30:59 | 000,094,854 | ---- | C] () -- C:\WINDOWS\System32\HKCU_GNU.reg
[2010/03/07 08:30:59 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_acm.acm
[2010/03/07 08:30:59 | 000,002,004 | ---- | C] () -- C:\WINDOWS\System32\HKLM_GNU.reg
[2010/03/07 08:30:59 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/03/05 19:58:24 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Super1Schedule2010.doc
[2010/03/04 11:13:25 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Carrie Lynn McCormick Successful Vaults.xls
[2010/03/04 10:10:58 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Pole List.xls
[2010/03/01 15:41:02 | 000,062,464 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Old-to-Young.xls
[2010/03/01 15:30:37 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\MailList.xls
[2010/03/01 15:20:48 | 000,012,791 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\McCormick 11-110.xlsx
[2010/03/01 15:20:38 | 000,012,816 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\McCormick 11-100.xlsx
[2010/02/25 15:18:26 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CuteFTP 8 Home.lnk
[2010/02/23 10:25:15 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Pole Vault Information.xls
[2010/02/23 09:55:26 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\g2mdlhlpx.exe
[2010/02/14 17:35:01 | 000,019,961 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Mormal Female.jpg
[2010/02/14 17:33:06 | 000,020,084 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Trisomy 21.jpg
[2010/02/14 17:32:36 | 000,020,330 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Normal Female.jpg
[2010/02/14 17:28:32 | 000,028,767 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\fs32-2-2.gif
[2010/02/12 20:29:52 | 000,023,945 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Klinefelter.jpg
[2010/02/12 20:25:20 | 000,029,202 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\fs32-2.gif
[2010/02/12 20:24:57 | 000,020,330 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\trisomy21.jpg
[2010/02/12 20:22:17 | 000,025,020 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\800px-45,X.jpg
[2010/02/12 20:21:37 | 000,203,881 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\768px-Human_chromosomesXXY01.png
[2010/02/12 20:20:44 | 000,104,783 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\557px-Down_syndrome_translocation.png
[2010/02/12 20:20:33 | 000,104,034 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\557px-Down_Syndrome_Karyotype.png
[2010/02/12 20:20:18 | 000,096,451 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\557px-Karyotype.png
[2009/12/31 10:55:08 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/07/14 08:24:28 | 000,000,056 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2009/04/08 12:56:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acmmzxr.dll
[2009/04/01 09:29:54 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/02/27 22:40:01 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/02/07 15:01:58 | 000,000,432 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/10 13:25:03 | 000,000,013 | ---- | C] () -- C:\WINDOWS\acmmzx.dll
[2008/11/10 13:31:49 | 000,004,296 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_Zune.ini
[2008/11/10 13:31:49 | 000,002,175 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_iPhone.ini
[2008/11/10 13:31:49 | 000,001,739 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_AppleTV.ini
[2008/11/10 13:31:49 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\BEST_Add_mfra.ini
[2008/11/10 13:31:48 | 000,015,266 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_3GP.ini
[2008/11/10 13:31:48 | 000,006,503 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_PSP.ini
[2008/11/10 13:31:48 | 000,003,057 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_iPod.ini
[2008/11/10 13:31:48 | 000,002,956 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_PMP.ini
[2008/11/10 13:31:48 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_PPC.ini
[2008/11/10 13:31:48 | 000,001,964 | ---- | C] () -- C:\WINDOWS\System32\BEST_QT_3GPP2_QVGA_AAC.ini
[2008/11/10 13:31:48 | 000,001,964 | ---- | C] () -- C:\WINDOWS\System32\BEST_QT_3GPP2_QCIF_AAC.ini
[2008/11/10 13:31:48 | 000,001,878 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_Xbox.ini
[2008/11/10 13:31:48 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\BEST_QT_3GPP_QVGA_AAC.ini
[2008/11/10 13:31:48 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\BEST_QT_3GPP_QCIF_AMR.ini
[2008/11/10 13:31:48 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\BEST_QT_3GPP_QCIF_AAC.ini
[2008/11/10 13:31:47 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\BEST_QT_3GPP_QVGA_AMR.ini
[2008/10/13 10:04:46 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/05 10:08:14 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/09/05 10:08:14 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/09/05 10:08:14 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/09/05 10:08:11 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2008/08/05 17:11:37 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008/07/29 20:43:17 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2008/07/29 20:37:16 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/07/29 20:37:01 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\coodest.dll
[2008/07/29 20:34:55 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2008/07/29 20:34:55 | 000,007,196 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AAC.ini
[2008/07/29 20:34:55 | 000,006,490 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PSP.ini
[2008/07/29 20:34:55 | 000,005,028 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP2_AAC.ini
[2008/07/29 20:34:55 | 000,004,296 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Zune.ini
[2008/07/29 20:34:55 | 000,003,045 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPod.ini
[2008/07/29 20:34:55 | 000,002,956 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PMP.ini
[2008/07/29 20:34:55 | 000,002,910 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AMR.ini
[2008/07/29 20:34:55 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PPC.ini
[2008/07/29 20:34:55 | 000,002,175 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPhone.ini
[2008/07/29 20:34:55 | 000,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QVGA_AAC.ini
[2008/07/29 20:34:55 | 000,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QCIF_AAC.ini
[2008/07/29 20:34:55 | 000,001,878 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Xbox.ini
[2008/07/29 20:34:55 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AMR.ini
[2008/07/29 20:34:55 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AAC.ini
[2008/07/29 20:34:55 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AMR.ini
[2008/07/29 20:34:55 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AAC.ini
[2008/07/29 20:34:55 | 000,001,739 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_AppleTV.ini
[2008/07/29 20:34:55 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\INI_Add_mfra.ini
[2008/07/29 20:34:49 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/07/29 20:29:29 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2008/07/29 20:29:21 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/29 20:29:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/28 15:15:44 | 000,001,771 | ---- | C] () -- C:\WINDOWS\atm.ini
[2008/07/24 16:59:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\PRNTPARM.DLL
[2008/07/24 16:58:29 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mdmparm.dll
[2008/07/24 16:58:29 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ClassXps.dll
[2008/07/24 13:24:56 | 000,002,880 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/07/22 18:47:15 | 000,000,058 | ---- | C] () -- C:\WINDOWS\CTACD.INI
[2008/07/22 16:06:27 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\nnr.dll
[2008/07/22 15:57:25 | 000,000,075 | ---- | C] () -- C:\WINDOWS\SETSCAN.INI
[2008/07/22 15:56:47 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2008/07/22 15:56:25 | 000,000,902 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/07/22 14:11:44 | 000,000,156 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/07/22 14:11:28 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/07/22 11:44:40 | 000,000,201 | ---- | C] () -- C:\WINDOWS\telephon.ini
[2008/07/22 11:44:37 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\sx7383.ini
[2008/07/22 11:44:36 | 000,202,240 | ---- | C] () -- C:\WINDOWS\System32\sp3.dll
[2008/07/22 11:44:36 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\sx20.ini
[2008/07/22 11:44:34 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\sx5363.ini
[2008/07/22 11:44:22 | 000,028,672 | ---- | C] () -- C:\WINDOWS\wutil.dll
[2008/07/21 21:33:55 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/07/21 21:33:15 | 000,035,972 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2008/07/21 21:33:15 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/07/21 21:32:42 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2008/07/21 21:32:42 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/07/21 21:31:21 | 000,000,307 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/07/21 20:49:08 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/07/21 20:11:22 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008/07/21 20:11:18 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/07/21 19:32:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/18 14:59:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/09/17 13:59:45 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\sfarkxt.dll
[2004/09/17 13:59:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\SFARKL.DLL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/10 10:10:05 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[1996/09/17 08:37:06 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\PIXTHK32.DLL

========== LOP Check ==========

[2008/10/13 16:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad Muncher
[2008/08/14 21:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Findley Designs
[2009/02/07 12:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2010/02/25 15:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2008/08/05 18:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/07/28 16:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MakeMusic
[2009/05/19 20:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/10/11 20:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2008/07/25 09:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Purple Ghost Software, Inc
[2009/05/24 13:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2008/07/22 17:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/05/08 22:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/24 08:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneClone
[2008/07/24 13:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/20 17:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/03/12 20:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/08 22:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 17:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/23 21:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/08/08 10:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\AMPSoft
[2008/08/15 20:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\BitSpirit
[2008/07/30 07:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/07/29 16:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\FLVPlayer4Free
[2009/08/08 11:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\FontCreator
[2009/08/08 10:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Free&Easy Font Viewer
[2010/01/21 17:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\GARMIN
[2010/02/25 15:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\GlobalSCAPE
[2008/07/28 20:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\LimeWire
[2008/11/10 13:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Moyea
[2008/08/05 17:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Obsidium
[2008/07/25 09:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Purple Ghost Software, Inc
[2008/07/22 17:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\ScanSoft
[2008/09/25 15:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\TypingMaster7
[2010/04/04 07:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Vso
[2009/06/25 12:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\WebEx

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/04/13 17:27:06 | 014,876,672 | ---- | M] (Native Instruments GmbH) -- C:\Registration Tool.exe
[2001/11/05 08:30:50 | 000,165,376 | ---- | M] () -- C:\UNWISE.EXE


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/30 16:45:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/30 16:45:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 18:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/30 16:45:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/30 16:45:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2008/07/21 12:21:21 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/07/21 12:21:21 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/07/21 12:21:21 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E965A533
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B174FAE
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
ClintonMagus
Active Member
 
Posts: 12
Joined: May 2nd, 2010, 8:21 pm

Re: Security Center and Other Malware

Unread postby deltalima » May 10th, 2010, 5:16 am

Hi ClintonMagus,


Please uninstall Spybot - Search & Destroy as it may interfere with our fix. It can be installed again once the computer is clean.

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs,
    highlight Spybot - Search & Destroy
    click Remove
  • Close the Add or Remove Programs and the Control Panel windows.

TFC

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.


RootRepeal


  • Please download RootRepeal Beta and save it to your Desktop.
  • close all other programs then run it by double-clicking on the file named RootRepeal.exe
  • Once the main window shows up, please click on the Report button on the bottom of the window.
  • Next, please click the Scan button.
  • Another window will pop up asking you to select what to include in the scan. Please uncheck everything except for the Stealth Code checkbox, and then click OK.
  • Once the program has finished scanning, the results will appear. Click on the Save Report button, and save the report to your Desktop.
  • Please post the log in you're next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Security Center and Other Malware

Unread postby ClintonMagus » May 10th, 2010, 3:49 pm

RootRepeal.exe does not pop up any windows... It just starts running.
ClintonMagus
Active Member
 
Posts: 12
Joined: May 2nd, 2010, 8:21 pm

Re: Security Center and Other Malware

Unread postby deltalima » May 10th, 2010, 4:11 pm

Hi ClintonMagus,

Run Combofix

Temporarily disable any antispyware, antivirus and or antimalware real-time protection as they may interfere with running of ComboFix.

Download ComboFix from here to your Desktop.

For more information about Combofix please see here.

Close all programs.

Double click combofix.exe and follow the prompts.

If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures, if not, then follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Once installed, you should see the following message:

The recovery console was successfuly installed.
Click ‘YES’ to continue scanning for malware
Click ‘NO’ for exit

Click the YES button.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your “drive access” light. If it is flashing, Combofix is still at work.

When finished ComboFix will produce a log file. Please post the contents of this log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Security Center and Other Malware

Unread postby ClintonMagus » May 10th, 2010, 8:18 pm

ComboFix 10-05-10.02 - (***Name replaced for security***) 05/10/2010 18:29:49.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.699 [GMT -5:00]
Running from: c:\documents and settings\(***Name replaced for security***)\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\(***Name replaced for security***)\Application Data\inst.exe
c:\documents and settings\(***Name replaced for security***)\g2mdlhlpx.exe
c:\windows\system32\AbaleZip.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\Sp3.dll
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))
.

2010-05-10 21:47 . 2010-05-10 21:47 -------- d-----w- c:\documents and settings\(***Name replaced for security***)\Application Data\Tific
2010-05-10 00:58 . 2010-05-10 00:58 36488 ----a-w- c:\windows\system32\drivers\klmdb.sys
2010-05-06 02:45 . 2010-05-06 02:45 63488 ----a-w- c:\documents and settings\(***Name replaced for security***)\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-06 02:45 . 2010-05-06 02:45 52224 ----a-w- c:\documents and settings\(***Name replaced for security***)\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-06 02:45 . 2010-05-06 02:45 117760 ----a-w- c:\documents and settings\(***Name replaced for security***)\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-06 02:44 . 2010-05-06 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-06 02:44 . 2010-05-09 02:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-06 02:44 . 2010-05-06 02:44 -------- d-----w- c:\documents and settings\(***Name replaced for security***)\Application Data\SUPERAntiSpyware.com
2010-05-02 23:22 . 2010-05-02 23:22 -------- d-----w- c:\program files\Trend Micro
2010-05-01 02:27 . 2010-05-05 02:25 -------- d-----w- c:\program files\Ask.com
2010-05-01 02:22 . 2010-05-01 02:22 -------- d-----w- c:\program files\CCleaner
2010-04-29 23:12 . 2010-04-30 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-29 23:12 . 2010-04-29 23:12 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-04-28 14:52 . 2010-04-28 14:53 -------- d-----w- c:\program files\Bonjour
2010-04-28 14:50 . 2010-04-28 14:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-28 14:50 . 2010-04-28 14:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-28 14:50 . 2010-04-28 14:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-28 14:50 . 2010-04-28 14:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-28 14:50 . 2010-04-28 14:50 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-28 14:50 . 2010-04-28 14:50 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-28 14:50 . 2010-04-28 14:50 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-28 14:50 . 2010-04-28 14:50 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-28 14:50 . 2010-04-28 14:50 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-04-28 14:45 . 2010-04-28 14:45 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-28 14:44 . 2010-04-28 14:44 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.11\SetupAdmin.exe
2010-04-28 14:44 . 2010-04-28 14:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-18 04:24 . 2010-04-18 04:24 -------- d-----w- c:\windows\system32\drivers\NSS
2010-04-18 04:24 . 2010-04-18 04:24 -------- d-----w- c:\program files\Norton Security Scan
2010-04-18 01:32 . 2010-04-18 01:32 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-18 01:29 . 2010-04-18 01:23 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-04-18 01:29 . 2010-04-18 01:21 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-18 01:29 . 2009-10-12 20:04 529200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-04-18 01:29 . 2009-10-12 20:03 529200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-04-18 01:29 . 2010-04-18 01:29 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-18 01:29 . 2010-04-18 01:29 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-04-18 01:29 . 2010-04-18 01:29 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-04-18 01:29 . 2010-04-18 01:29 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-18 01:25 . 2010-04-18 01:25 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-18 01:25 . 2010-04-18 01:25 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-04-18 01:23 . 2010-04-18 01:23 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-04-18 01:22 . 2010-04-18 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-04-18 01:08 . 2007-11-06 18:22 36224 ----a-w- c:\windows\system32\drivers\ArcCD.sys
2010-04-18 01:08 . 2007-04-25 13:55 134912 ----a-w- c:\windows\system32\drivers\ArcUdfs.sys
2010-04-18 01:08 . 2007-04-24 16:33 7680 ----a-w- c:\windows\system32\drivers\ArcRec.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 23:46 . 2008-07-30 01:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-10 23:45 . 2008-07-22 03:01 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000002-100A1102}.dat
2010-05-10 23:45 . 2008-07-22 03:01 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000001-00001102-00000002-100A1102}.dat
2010-05-10 19:26 . 2008-08-05 00:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-10 19:26 . 2008-08-05 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-06 18:58 . 2008-07-30 01:50 -------- d-----w- c:\program files\Spyware Doctor
2010-05-06 02:44 . 2008-07-25 02:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-05 21:03 . 2009-10-07 15:43 -------- d-----w- c:\program files\Ace Utilities
2010-05-05 02:29 . 2009-07-03 22:26 -------- d-----w- c:\program files\Video Download Toolbar
2010-05-03 23:28 . 2008-07-22 01:33 232968 ----a-w- c:\documents and settings\(***Name replaced for security***)\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-30 23:24 . 2010-03-25 02:32 -------- d-----w- c:\documents and settings\(***Name replaced for security***)\Application Data\Skype
2010-04-30 23:07 . 2010-03-25 02:34 -------- d-----w- c:\documents and settings\(***Name replaced for security***)\Application Data\skypePM
2010-04-30 02:28 . 2008-08-12 02:50 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-29 23:01 . 2008-07-22 17:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-28 15:16 . 2009-07-19 04:08 -------- d-----w- c:\program files\iTunes
2010-04-28 14:49 . 2008-10-16 18:54 -------- d-----w- c:\program files\Common Files\Real
2010-04-28 14:47 . 2008-10-16 18:54 -------- d-----w- c:\program files\Real
2010-04-25 03:18 . 2008-07-24 18:24 2880 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-24 13:51 . 2009-05-18 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneClone
2010-04-24 11:47 . 2009-06-14 22:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 04:24 . 2008-10-12 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-18 04:24 . 2008-07-29 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-18 04:24 . 2009-08-16 14:01 -------- d-----w- c:\program files\NortonInstaller
2010-04-18 01:29 . 2008-07-23 19:24 -------- d-----w- c:\program files\DivX
2010-04-18 01:29 . 2008-07-23 19:25 -------- d-----w- c:\documents and settings\(***Name replaced for security***)\Application Data\DivX
2010-04-18 01:25 . 2009-10-09 13:26 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-18 01:11 . 2010-01-22 18:54 -------- d-----w- c:\documents and settings\(***Name replaced for security***)\Application Data\ArcSoft
2010-04-18 01:11 . 2010-01-22 18:56 -------- d--h--w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-04-18 01:11 . 2008-07-22 01:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-18 01:09 . 2010-01-22 18:54 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-04-13 23:27 . 2008-07-22 02:26 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-12 18:54 . 2010-04-04 17:16 -------- d-----w- c:\documents and settings\(***Name replaced for security***)\Application Data\Nero
2010-04-09 03:31 . 2010-04-09 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-08 19:29 . 2009-05-11 22:14 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-07 14:25 . 2010-04-07 14:25 -------- d-----r- c:\program files\Skype
2010-04-07 14:25 . 2010-04-07 14:25 -------- d-----w- c:\program files\Common Files\Skype
2010-04-07 14:25 . 2010-03-25 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-04-04 13:09 . 2010-04-04 12:53 -------- d-----w- c:\program files\Common Files\Nero
2010-04-04 13:09 . 2010-04-04 12:53 -------- d-----w- c:\program files\Nero
2010-04-04 12:57 . 2010-04-04 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-04-04 12:41 . 2008-12-23 23:13 -------- d-----w- c:\program files\Common Files\LightScribe
2010-04-04 12:17 . 2008-07-30 01:43 -------- d-----w- c:\documents and settings\(***Name replaced for security***)\Application Data\Vso
2010-04-04 12:17 . 2008-07-30 01:43 47360 ----a-w- c:\documents and settings\(***Name replaced for security***)\Application Data\pcouffin.sys
2010-04-04 12:17 . 2008-07-30 01:43 47360 ----a-w- c:\documents and settings\(***Name replaced for security***)\Application Data\pcouffin.sys
2010-04-04 12:15 . 2008-09-19 16:30 -------- d-----w- c:\program files\ahead
2010-04-03 23:59 . 2010-04-03 23:58 -------- d-----w- c:\program files\QuickTime
2010-04-03 15:24 . 2010-04-03 15:24 -------- d-----w- c:\windows\Fonts\FONTS\-OpenType-OpenType
2010-04-03 15:24 . 2010-04-03 15:24 -------- d-----w- c:\windows\Fonts\FONTS
2010-04-03 15:24 . 2010-04-03 15:24 -------- d-----w- c:\windows\Fonts\FONTS\-Windows-TrueType
2010-04-03 14:54 . 2010-04-03 14:54 -------- d-----w- c:\program files\Elaborate Bytes
2010-03-31 01:58 . 2008-07-23 19:24 44944 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2008-07-23 19:24 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2008-07-23 19:24 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2008-07-23 19:24 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-30 05:46 . 2009-06-14 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45 . 2009-06-14 22:39 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 15:06 . 2009-05-11 22:14 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-25 19:16 . 2008-08-18 18:44 -------- d-----w- c:\program files\Auction Sentry
2010-03-25 02:34 . 2010-03-25 02:34 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2007-10-15 15:30 . 2007-10-15 15:30 148242 ----a-w- c:\program files\Common Files\ReportPreview.app
2009-11-24 19:14 . 2009-11-24 19:14 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-11-28 18:10 . 2009-11-28 18:10 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-09 2017280]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"CTHelper"="CTHELPER.EXE" [2003-08-28 24576]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-30 437584]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"UpdReg"=c:\windows\UpdReg.EXE
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"nsextintPortal"=c:\program files\common files\microsoft shared\web folders\1033\sharepointoffice.exe
"ExplorerInternet"=c:\program files\adobe\photoshop 7.0\helpers\preview in\internetexplorer.exe
"WorkFlowTray"="c:\program files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe"
"Opware14"="c:\program files\ScanSoft\OmniPagePro14.0\Opware14.exe"
"Fax Machine"=
"nsextintMicrosoft"=c:\program files\common files\microsoft shared\web folders\1033\sharepointoffice.exe
"<NO NAME>"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"nsextintServer"=c:\program files\common files\microsoft shared\web folders\1033\sharepointoffice.exe
"ExplorerInternet"=c:\program files\adobe\photoshop 7.0\helpers\preview in\internetexplorer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/11/2009 5:14 PM 218592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/27/2010 5:30 PM 68168]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [12/31/2009 10:55 AM 112592]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/14/2009 5:39 PM 303952]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [4/17/2010 8:08 PM 36224]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 3:00 AM 102448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/14/2009 5:39 PM 20824]
R3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [5/18/2009 12:51 PM 23096]
R3 MusCVideo;MusCVideo;c:\windows\system32\drivers\MusCVideo.sys [5/18/2009 12:51 PM 3768]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1106000.020\SYMDS.SYS --> c:\windows\system32\drivers\NAV\1106000.020\SYMDS.SYS [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1106000.020\SYMEFA.SYS --> c:\windows\system32\drivers\NAV\1106000.020\SYMEFA.SYS [?]
S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys --> c:\windows\system32\DRIVERS\tclondrv.sys [?]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [3/24/2010 3:38 PM 536112]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1106000.020\cchpx86.sys [3/31/2010 5:43 PM 501888]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1106000.020\ironx86.sys [3/31/2010 5:43 PM 116784]
S2 gupdate1ca532b7a6ea090;Google Update Service (gupdate1ca532b7a6ea090);c:\program files\Google\Update\GoogleUpdate.exe [10/22/2009 10:22 AM 133104]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.6.0.32\ccsvchst.exe [3/31/2010 5:43 PM 126392]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100326.001\IDSXpx86.sys [3/26/2010 12:19 AM 329592]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/11/2009 5:14 PM 366840]
S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [5/18/2009 12:51 PM 237568]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [4/17/2010 8:08 PM 134912]

--- Other Services/Drivers In Memory ---

*Deregistered* - ArcRec

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 18:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 20:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2010-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 15:22]

2010-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 15:22]

2010-05-09 c:\windows\Tasks\Norton Security Scan for (***Name replaced for security***).job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-18 17:48]

2010-05-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1202660629-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-05-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1202660629-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download Using &BitSpirit
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ÓñÈÌؾ«ÁéÏÂÔØ(&B)
Trusted Zone: aol.com\free
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\(***Name replaced for security***)\Application Data\Mozilla\Firefox\Profiles\qw7fmekr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\(***Name replaced for security***)\Application Data\Mozilla\Firefox\Profiles\qw7fmekr.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\(***Name replaced for security***)\Application Data\Mozilla\Firefox\Profiles\qw7fmekr.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-CreataCard Plus 3 - c:\program files\CreataCard\Plus\DeIsL1.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-10 18:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys >>UNKNOWN [0x86A4ACE2]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7667f28
\Driver\ACPI -> ACPI.sys @ 0xf759acb8
\Driver\atapi -> atapi.sys @ 0xf752c852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf741fbb0
PacketIndicateHandler -> NDIS.sys @ 0xf742ca21
SendHandler -> NDIS.sys @ 0xf740a87b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(788)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3644)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\iPod Access for Windows\iPAHelper.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2010-05-10 19:02:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-11 00:02

Pre-Run: 385,750,581,248 bytes free
Post-Run: 385,980,080,128 bytes free

- - End Of File - - 840BE9F870532FFAE45C8889509FF68D
ClintonMagus
Active Member
 
Posts: 12
Joined: May 2nd, 2010, 8:21 pm

Re: Security Center and Other Malware

Unread postby deltalima » May 11th, 2010, 3:41 am

Hi ClintonMagus,

Please run Combofix again and ensure that Norton AntiVirus is disabled and the Recovery Console is installed as per the following sections of the last post.

Temporarily disable any antispyware, antivirus and or antimalware real-time protection as they may interfere with running of ComboFix.

And

If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures, if not, then follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.

When finished ComboFix will produce a log file. Please post the contents of this log in your next reply.

Please also run a quick scan with Malwarebytes and post the log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Security Center and Other Malware

Unread postby ClintonMagus » May 11th, 2010, 9:36 am

I disabled everything, but Combofix says that Norton live protection is still running, even though there is no evidence of it in Task Manager or in the services log. I rebooted in safe mode with the same results.

How can I disable it?
ClintonMagus
Active Member
 
Posts: 12
Joined: May 2nd, 2010, 8:21 pm

Re: Security Center and Other Malware

Unread postby deltalima » May 11th, 2010, 9:53 am

OK, just run Combofix in normal mode and allow the Recovery Console to be installed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Security Center and Other Malware

Unread postby ClintonMagus » May 11th, 2010, 10:39 am

For what it's worth, after running the last Combofix, I no longer get an error message upon exiting Internet Explorer...



ComboFix 10-05-10.03 - (***Name deleted for security***) 05/11/2010 9:16.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.704 [GMT -5:00]
Running from: c:\documents and settings\(***Name deleted for security***)\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\imapi.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-04-11 to 2010-05-11 )))))))))))))))))))))))))))))))
.

2010-05-11 02:30 . 2010-05-11 02:31 -------- d-----w- c:\documents and settings\(***Name deleted for security***)\Local Settings\Application Data\Temp
2010-05-10 21:47 . 2010-05-10 21:47 -------- d-----w- c:\documents and settings\(***Name deleted for security***)\Application Data\Tific
2010-05-10 00:58 . 2010-05-10 00:58 36488 ----a-w- c:\windows\system32\drivers\klmdb.sys
2010-05-06 02:45 . 2010-05-06 02:45 63488 ----a-w- c:\documents and settings\(***Name deleted for security***)\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-06 02:45 . 2010-05-06 02:45 52224 ----a-w- c:\documents and settings\(***Name deleted for security***)\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-06 02:45 . 2010-05-06 02:45 117760 ----a-w- c:\documents and settings\(***Name deleted for security***)\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-06 02:44 . 2010-05-06 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-06 02:44 . 2010-05-09 02:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-06 02:44 . 2010-05-06 02:44 -------- d-----w- c:\documents and settings\(***Name deleted for security***)\Application Data\SUPERAntiSpyware.com
2010-05-02 23:22 . 2010-05-02 23:22 -------- d-----w- c:\program files\Trend Micro
2010-05-01 02:27 . 2010-05-05 02:25 -------- d-----w- c:\program files\Ask.com
2010-05-01 02:22 . 2010-05-01 02:22 -------- d-----w- c:\program files\CCleaner
2010-04-29 23:12 . 2010-04-30 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-29 23:12 . 2010-04-29 23:12 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-04-28 14:52 . 2010-04-28 14:53 -------- d-----w- c:\program files\Bonjour
2010-04-28 14:50 . 2010-04-28 14:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-28 14:50 . 2010-04-28 14:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-28 14:50 . 2010-04-28 14:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-28 14:50 . 2010-04-28 14:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-28 14:50 . 2010-04-28 14:50 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-28 14:50 . 2010-04-28 14:50 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-28 14:50 . 2010-04-28 14:50 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-28 14:50 . 2010-04-28 14:50 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-28 14:50 . 2010-04-28 14:50 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-04-28 14:45 . 2010-04-28 14:45 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-28 14:44 . 2010-04-28 14:44 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.11\SetupAdmin.exe
2010-04-28 14:44 . 2010-04-28 14:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-18 04:24 . 2010-04-18 04:24 -------- d-----w- c:\windows\system32\drivers\NSS
2010-04-18 04:24 . 2010-04-18 04:24 -------- d-----w- c:\program files\Norton Security Scan
2010-04-18 01:32 . 2010-04-18 01:32 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-18 01:29 . 2010-04-18 01:23 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-04-18 01:29 . 2010-04-18 01:21 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-18 01:29 . 2009-10-12 20:04 529200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-04-18 01:29 . 2009-10-12 20:03 529200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-04-18 01:29 . 2010-04-18 01:29 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-18 01:29 . 2010-04-18 01:29 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-04-18 01:29 . 2010-04-18 01:29 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-04-18 01:29 . 2010-04-18 01:29 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-04-18 01:28 . 2010-04-18 01:28 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-18 01:25 . 2010-04-18 01:25 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-18 01:25 . 2010-04-18 01:25 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-04-18 01:23 . 2010-04-18 01:23 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-04-18 01:22 . 2010-04-18 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-04-18 01:08 . 2007-11-06 18:22 36224 ----a-w- c:\windows\system32\drivers\ArcCD.sys
2010-04-18 01:08 . 2007-04-25 13:55 134912 ----a-w- c:\windows\system32\drivers\ArcUdfs.sys
2010-04-18 01:08 . 2007-04-24 16:33 7680 ----a-w- c:\windows\system32\drivers\ArcRec.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-11 14:15 . 2008-07-30 01:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-11 14:14 . 2008-07-22 03:01 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000002-100A1102}.dat
2010-05-11 14:14 . 2008-07-22 03:01 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000001-00001102-00000002-100A1102}.dat
2010-05-11 02:31 . 2009-10-09 13:26 -------- d-----w- c:\program files\Google
2010-05-10 19:26 . 2008-08-05 00:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-10 19:26 . 2008-08-05 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-06 18:58 . 2008-07-30 01:50 -------- d-----w- c:\program files\Spyware Doctor
2010-05-06 02:44 . 2008-07-25 02:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-05 21:03 . 2009-10-07 15:43 -------- d-----w- c:\program files\Ace Utilities
2010-05-05 02:29 . 2009-07-03 22:26 -------- d-----w- c:\program files\Video Download Toolbar
2010-05-03 23:28 . 2008-07-22 01:33 232968 ----a-w- c:\documents and settings\(***Name deleted for security***)\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-30 23:24 . 2010-03-25 02:32 -------- d-----w- c:\documents and settings\(***Name deleted for security***)\Application Data\Skype
2010-04-30 23:07 . 2010-03-25 02:34 -------- d-----w- c:\documents and settings\(***Name deleted for security***)\Application Data\skypePM
2010-04-30 02:28 . 2008-08-12 02:50 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-29 23:01 . 2008-07-22 17:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-28 15:16 . 2009-07-19 04:08 -------- d-----w- c:\program files\iTunes
2010-04-28 14:49 . 2008-10-16 18:54 -------- d-----w- c:\program files\Common Files\Real
2010-04-28 14:47 . 2008-10-16 18:54 -------- d-----w- c:\program files\Real
2010-04-25 03:18 . 2008-07-24 18:24 2880 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-24 13:51 . 2009-05-18 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneClone
2010-04-24 11:47 . 2009-06-14 22:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 04:24 . 2008-10-12 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-18 04:24 . 2008-07-29 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-18 04:24 . 2009-08-16 14:01 -------- d-----w- c:\program files\NortonInstaller
2010-04-18 01:29 . 2008-07-23 19:24 -------- d-----w- c:\program files\DivX
2010-04-18 01:29 . 2008-07-23 19:25 -------- d-----w- c:\documents and settings\(***Name deleted for security***)\Application Data\DivX
2010-04-18 01:25 . 2009-10-09 13:26 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-18 01:11 . 2010-01-22 18:54 -------- d-----w- c:\documents and settings\(***Name deleted for security***)\Application Data\ArcSoft
2010-04-18 01:11 . 2010-01-22 18:56 -------- d--h--w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-04-18 01:11 . 2008-07-22 01:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-18 01:09 . 2010-01-22 18:54 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-04-13 23:27 . 2008-07-22 02:26 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-12 18:54 . 2010-04-04 17:16 -------- d-----w- c:\documents and settings\(***Name deleted for security***)\Application Data\Nero
2010-04-09 03:31 . 2010-04-09 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-08 19:29 . 2009-05-11 22:14 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-07 14:25 . 2010-04-07 14:25 -------- d-----r- c:\program files\Skype
2010-04-07 14:25 . 2010-04-07 14:25 -------- d-----w- c:\program files\Common Files\Skype
2010-04-07 14:25 . 2010-03-25 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-04-04 13:09 . 2010-04-04 12:53 -------- d-----w- c:\program files\Common Files\Nero
2010-04-04 13:09 . 2010-04-04 12:53 -------- d-----w- c:\program files\Nero
2010-04-04 12:57 . 2010-04-04 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-04-04 12:41 . 2008-12-23 23:13 -------- d-----w- c:\program files\Common Files\LightScribe
2010-04-04 12:17 . 2008-07-30 01:43 -------- d-----w- c:\documents and settings\(***Name deleted for security***)\Application Data\Vso
2010-04-04 12:17 . 2008-07-30 01:43 47360 ----a-w- c:\documents and settings\(***Name deleted for security***)\Application Data\pcouffin.sys
2010-04-04 12:17 . 2008-07-30 01:43 47360 ----a-w- c:\documents and settings\(***Name deleted for security***)\Application Data\pcouffin.sys
2010-04-04 12:15 . 2008-09-19 16:30 -------- d-----w- c:\program files\ahead
2010-04-03 23:59 . 2010-04-03 23:58 -------- d-----w- c:\program files\QuickTime
2010-04-03 15:24 . 2010-04-03 15:24 -------- d-----w- c:\windows\Fonts\FONTS\-OpenType-OpenType
2010-04-03 15:24 . 2010-04-03 15:24 -------- d-----w- c:\windows\Fonts\FONTS
2010-04-03 15:24 . 2010-04-03 15:24 -------- d-----w- c:\windows\Fonts\FONTS\-Windows-TrueType
2010-04-03 14:54 . 2010-04-03 14:54 -------- d-----w- c:\program files\Elaborate Bytes
2010-03-31 01:58 . 2008-07-23 19:24 44944 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2008-07-23 19:24 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2008-07-23 19:24 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2008-07-23 19:24 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-30 05:46 . 2009-06-14 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45 . 2009-06-14 22:39 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 15:06 . 2009-05-11 22:14 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-25 19:16 . 2008-08-18 18:44 -------- d-----w- c:\program files\Auction Sentry
2010-03-25 02:34 . 2010-03-25 02:34 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-27 02:23 . 2010-03-31 22:43 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-02-24 17:08 . 2009-12-28 15:01 737568 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2007-10-15 15:30 . 2007-10-15 15:30 148242 ----a-w- c:\program files\Common Files\ReportPreview.app
2009-11-24 19:14 . 2009-11-24 19:14 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-11-28 18:10 . 2009-11-28 18:10 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-05-10_23.53.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-11 14:15 . 2010-05-11 14:15 16384 c:\windows\Temp\Perflib_Perfdata_254.dat
+ 2010-05-11 02:30 . 2010-05-11 02:30 22528 c:\windows\Installer\969bfe.msi
+ 2010-05-11 02:32 . 2010-05-11 02:32 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-05-11 02:32 . 2010-05-11 02:32 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-05-11 02:32 . 2010-05-11 02:32 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-05-11 02:32 . 2010-05-11 02:32 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-05-11 02:32 . 2010-05-11 02:32 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-05-11 02:32 . 2010-05-11 02:32 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-05-11 02:32 . 2010-05-11 02:32 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\ARPPRODUCTICON.exe
- 2009-04-30 00:37 . 2010-05-10 23:46 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-04-30 00:37 . 2010-05-11 11:18 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2010-05-11 02:32 . 2010-05-11 02:32 1235968 c:\windows\Installer\969c06.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-09 2017280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"CTHelper"="CTHELPER.EXE" [2003-08-28 24576]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-30 437584]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"UpdReg"=c:\windows\UpdReg.EXE
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"nsextintPortal"=c:\program files\common files\microsoft shared\web folders\1033\sharepointoffice.exe
"ExplorerInternet"=c:\program files\adobe\photoshop 7.0\helpers\preview in\internetexplorer.exe
"WorkFlowTray"="c:\program files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe"
"Opware14"="c:\program files\ScanSoft\OmniPagePro14.0\Opware14.exe"
"Fax Machine"=
"nsextintMicrosoft"=c:\program files\common files\microsoft shared\web folders\1033\sharepointoffice.exe
"<NO NAME>"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"nsextintServer"=c:\program files\common files\microsoft shared\web folders\1033\sharepointoffice.exe
"ExplorerInternet"=c:\program files\adobe\photoshop 7.0\helpers\preview in\internetexplorer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/11/2009 5:14 PM 218592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/27/2010 5:30 PM 68168]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [12/31/2009 10:55 AM 112592]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/14/2009 5:39 PM 303952]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [4/17/2010 8:08 PM 36224]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 3:00 AM 102448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/14/2009 5:39 PM 20824]
R3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [5/18/2009 12:51 PM 23096]
R3 MusCVideo;MusCVideo;c:\windows\system32\drivers\MusCVideo.sys [5/18/2009 12:51 PM 3768]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1106000.020\SYMDS.SYS --> c:\windows\system32\drivers\NAV\1106000.020\SYMDS.SYS [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1106000.020\SYMEFA.SYS --> c:\windows\system32\drivers\NAV\1106000.020\SYMEFA.SYS [?]
S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys --> c:\windows\system32\DRIVERS\tclondrv.sys [?]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [3/24/2010 3:38 PM 536112]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1106000.020\cchpx86.sys [3/31/2010 5:43 PM 501888]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1106000.020\ironx86.sys [3/31/2010 5:43 PM 116784]
S2 gupdate1ca532b7a6ea090;Google Update Service (gupdate1ca532b7a6ea090);c:\program files\Google\Update\GoogleUpdate.exe [10/22/2009 10:22 AM 133104]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.6.0.32\ccsvchst.exe [3/31/2010 5:43 PM 126392]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100326.001\IDSXpx86.sys [3/26/2010 12:19 AM 329592]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/11/2009 5:14 PM 366840]
S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [5/18/2009 12:51 PM 237568]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [4/17/2010 8:08 PM 134912]

--- Other Services/Drivers In Memory ---

*Deregistered* - ArcRec

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 18:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 20:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2010-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 15:22]

2010-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 15:22]

2010-05-09 c:\windows\Tasks\Norton Security Scan for (***Name deleted for security***).job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-18 17:48]

2010-05-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1202660629-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-05-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1202660629-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download Using &BitSpirit
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ÓñÈÌؾ«ÁéÏÂÔØ(&B)
Trusted Zone: aol.com\free
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\(***Name deleted for security***)\Application Data\Mozilla\Firefox\Profiles\qw7fmekr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\(***Name deleted for security***)\Application Data\Mozilla\Firefox\Profiles\qw7fmekr.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\(***Name deleted for security***)\Application Data\Mozilla\Firefox\Profiles\qw7fmekr.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-11 09:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-05-11 09:28:30
ComboFix-quarantined-files.txt 2010-05-11 14:28
ComboFix2.txt 2010-05-11 00:16

Pre-Run: 385,759,559,680 bytes free
Post-Run: 385,792,626,688 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 092EF6FC3ACB8BDD1E7DA39021A5ABBE
ClintonMagus
Active Member
 
Posts: 12
Joined: May 2nd, 2010, 8:21 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware